From: Harlan Stenn Date: Sat, 26 Jan 2008 08:16:13 +0000 (-0500) Subject: Documentation updates from Dave Mills X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ca8151de22a0c6d789fac6ee84029da561c23d3d;p=thirdparty%2Fntp.git Documentation updates from Dave Mills bk: 479aec4dAJavIC3fswMspZU9ejyeuA --- diff --git a/ChangeLog b/ChangeLog index 7336deb8b9..30ec7a808f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,4 @@ +* Documentation cleanup from Dave Mills. * [Bug 918] Only use a native md5.h if MD5Init() is available. * [Bug 979] Provide ntptimeval if it is not otherwise present. * [Bug 634] Re-instantiate syslog() and logfiles after the daemon fork. diff --git a/html/accopt.html b/html/accopt.html index be8a5bb4bc..62caf3ef6a 100644 --- a/html/accopt.html +++ b/html/accopt.html @@ -13,10 +13,10 @@

Access Control Options

from Pogo, Walt Kelly

The skunk watches for intruders and sprays.

Last update: 18:35 UTC Thursday, July 28, 2005

Last update: 15:56 UTC Wednesday, January 02, 2008

Access Control Support

- The ntpd daemon implements a general purpose address/mask based restriction list. The list contains address/match entries sorted first by increasing address values and and then by increasing mask values. A match occurs when the bitwise AND of the mask and the packet source address is equal to the bitwise AND of the mask and address in the list. The list is searched in order with the last match found defining the restriction flags associated with the entry. Additional information and examples can be found in the Notes on Configuring NTP and Setting up a NTP Subnet page. + The ntpd daemon implements a general purpose address/mask based restriction list. The list contains address/match entries sorted first by increasing address values and and then by increasing mask values. A match occurs when the bitwise AND of the mask and the packet source address is equal to the bitwise AND of the mask and address in the list. The list is searched in order with the last match found defining the restriction flags associated with the entry.

The restriction facility was implemented in conformance with the access policies for the original NSFnet backbone time servers. Later the facility was expanded to deflect cryptographic and clogging attacks. While this facility may be useful for keeping unwanted or broken or malicious clients from congesting innocent servers, it should not be considered an alternative to the NTP authentication facilities. Source address based restrictions are easily circumvented by a determined cracker.

Clients can be denied service because they are explicitly included in the restrict list created by the restrict command or implicitly as the result of cryptographic or rate limit violations. Cryptographic violations include certificate or identity verification failure; rate limit violations generally result from defective NTP implementations that send packets at abusive rates. Some violations cause denied service only for the offending packet, others cause denied service for a timed period and others cause the denied service for an indefinate period. When a client or network is denied access for an indefinate period, the only way at present to remove the restrictions is by restarting the server.

The Kiss-of-Death Packet

diff --git a/html/assoc.html b/html/assoc.html index ebf76d7fae..54791a60c4 100644 --- a/html/assoc.html +++ b/html/assoc.html @@ -13,10 +13,10 @@

Association Management

from Alice's Adventures in Wonderland, Lewis Carroll

Make sure who your friends are.

Last update: 20:56 UTC Thursday, November 22, 2007

Last update: 21:56 UTC Friday, December 28, 2007

Association Modes

This page describes the various modes of operation provided in NTPv4. Details about the configuration commands and options are described on the Configuration Options page. Details about the cryptographic authentication schemes are described on the Authentication Options page. Details about the automatic server discovery schemes are described on the Automatic Server Discovery Schemes page. Additional information is available in the papers, reports, memoranda and briefings on the NTP Project page.

There are three types of associations in NTP: persistent, preemptable and ephemeral. Persistent associations are mobilized by a configuration command and never demobilized. Preemptable associations, which are new to NTPv4, are mobilized by a configuration command which includes the prempt option and are demobilized by timeout or error or when displaced by a "better" server. Ephemeral associations are mobilized upon arrival of designated messages and demobilized only by timeout or error.

This page describes the various modes of operation provided in NTPv4. Details about the configuration commands and options are given on the Configuration Options page. Details about the cryptographic authentication schemes are given on the Authentication Options page. Details about the automatic server discovery schemes are described on the Automatic Server Discovery Schemes page. Additional information is available in the papers, reports, memoranda and briefings on the NTP Project page.

There are three types of associations in NTP: persistent, preemptable and ephemeral. Persistent associations are mobilized by a configuration command and never demobilized. Preemptable associations, which are new to NTPv4, are mobilized by a configuration command which includes the prempt option and are demobilized by a "better" server or by timeout, but only if the number of survivors exceeds the threshold set by the tos maxclock configuration command. Ephemeral associations are mobilized upon arrival of designated messages and demobilized by timeout.

Ordinarily, successful mobilization of ephemeral associations requires the server to be cryptographically authenticated to the client. This can be done using either symmetric key or Autokey public key cryptography, as described in the Authentication Options page.

There are three principal modes of operation in NTP: client/server, symmetric active/passive and broadcast/multicast. There are three automatic server discovery schemes in NTP: broadcast/multicast, manycast and pool described on the Automatic Server Discovery Schemes page. In addition, the orphan mode and burst options described on this page can be used in appropriate cases.

Following is a summary of the operations in each mode. Note that reference to option applies to the commands described on the Configuration Options page. See that page for applicability and defaults.

Client/Server Mode

Client/server mode is the most common configuration in the Internet today. It operates in the classic remote-procedure-call (RPC) paradigm with stateless servers and stateful clients. In this mode a host sends a client (mode 3) request to the specified server and expects a server (mode 4) reply at some future time. In some contexts this would be described as a "pull" operation, in that the host pulls the time and related values from the server.

A host is configured in client mode using the server (sic) command and specifying the server DNS name or IPv4 or IPv6 address; the server requires no prior configuration. The iburst option described later on this page is recommended for use by clients, as this speeds up initial synchronization from several minutes to several seconds. The burst option described later on this page can be useful to reduce jitter on very noisy dial-up or ISDN network links.

A host is configured in client mode using the server (sic) command and specifying the server DNS name or IPv4 or IPv6 address; the server requires no prior configuration. The iburst option described later on this page is recommended for clients, as this speeds up initial synchronization from several minutes to several seconds. The burst option described later on this page can be useful to reduce jitter on very noisy dial-up or ISDN network links.

Ordinarily, the program automatically manages the poll interval between the default minimum and maximum values. The minpoll and maxpoll options can be used to bracket the range. Unless noted otherwise, these options should not be used with reference clock drivers.

Symmetric Active/Passive Mode

Symmetric active/passive mode is intended for configurations were a clique of low-stratum peers operate as mutual backups for each other. Each peer operates with one or more primary reference sources, such as a radio clock, or a set of secondary (stratu, 2) servers known to be reliable and authentic. Should one of the peers lose all reference sources or simply cease operation, the other peers will automatically reconfigure so that time and related values can flow from the surviving peers to all hosts in the subnet. In some contexts this would be described as a "push-pull" operation, in that the peer either pulls or pushes the time and related values depending on the particular configuration.

A peer with a configured symmetric active association sends a symmetric active (mode 1) message to a designated peer. If a matching configured symmetric active association is found, the designated peer returns a symmetric active message. If no matching association is found, the designated peer mobilizes a ephemeral symmetric passive association and returns a symmetric passive (mode 2) message. Since an intruder can impersonate a symmetric active peer and cause a spurious symmetric passive association to be mobilized, symmetric passive mode should always be cryptographically validated.

In symmetric active mode a peer symmetric active (mode 1) message to a designated peer. If a matching configured symmetric active association is found, the designated peer returns a symmetric active message. If no matching association is found, the designated peer mobilizes a ephemeral symmetric passive association and returns a symmetric passive (mode 2) message. Since an intruder can impersonate a symmetric active peer and cause a spurious symmetric passive association to be mobilized, symmetric passive mode should always be cryptographically validated.

A peer is configured in symmetric active mode using the peer command and specifying the other peer DNS name or IPv4 or IPv6 address. The burst and iburst options should not be used in symmetric modes, as this can upset the intended symmetry of the protocol and result in spurious duplicate or dropped messages.

As symmetric modes are most often used as root servers for moderate to large subnets where rapid response is required, it is generally best to set the minimum and maximum poll intervals of each root server to the same value using the minpoll and maxpoll options.

Broadcast/Multicast Modes

NTP broadcast and multicast modes are intended for configurations involving one or a few servers and a possibly very large client population. Broadcast mode can be used with Ethernet, FDDI and WiFi spans interconnected by hubs or switches. Ordinarily, broadcast packets do not extend beyond a level-3 router. Where service is intended beyond a level-3 router, multicast mode can be used. Additional information is on the Automatic NTP Configuration Options page.

Manycast Mode

Manycast mode is a automatic discovery and configuration paradigm new to NTPv4. It is intended as a means for a multicast client to troll the nearby network neighborhood to find cooperating manycast servers, validate them using cryptographic means and evaluate their time values with respect to other servers that might be lurking in the vicinity. The intended result is that each manycast client mobilizes client associations with some number of the "best" of the nearby manycast servers, yet automatically reconfigures to sustain this number of servers should one or another fail. Additional information is on the Automatic NTP Configuration Options page.

Manycast mode is a automatic discovery and configuration paradigm new to NTPv4. It is intended as a means for a multicast client to troll the nearby network neighborhood to find cooperating manycast servers, validate them using cryptographic means and evaluate their time values with respect to other servers that might be lurking in the vicinity. The intended result is that each manycast client mobilizes ephemeral client associations with some number of the "best" of the nearby manycast servers, yet automatically reconfigures to sustain this number of servers should one or another fail. Additional information is on the Automatic NTP Configuration Options page.

Orphan Mode

Sometimes an NTP subnet becomes isolated from all UTC sources such as local reference clocks or Internet time servers. In such cases it may be necessary that the subnet servers and clients remain synchronized to a common timescale, not necessarily the UTC timescale. Previously, this function was provided by the local clock driver to simulate a UTC source. A server with this driver could be used to synchronize other hosts in the subnet directly or indirectly.

There are many disadvantages using the local clock driver, primarily that the subnet is vulnerable to single-point failures and multiple server redundancy is not possible. Orphan mode is intended to replace the local clock driver. It provides a single simulated UTC source with multiple servers and provides seamless switching as servers fail and recover.

@@ -65,10 +65,10 @@

For broadcast networks each core server is configured in both broadcast server and broadcast client modes as shown above. Orphan children operate as broadcast clients of all core servers. As in peer networks, the core servers back up each other and only they and the orphan children need to be enabled for orphan mode.

In normal operation subnet hosts operate below stratum 5, so the subnet is automatically configured as described in the NTP specification. If all UTC sources are lost, all core servers become orphans and the orphan children will select the same root server to become the orphan parent.

Burst Options

There are two burst options where a single poll event triggers a burst of eight packets at 2-s intervals instead of the normal one packet. They should be used only with the server and pool commands and not with reference clock drivers. The burst option sends a burst when the server is reachable, while the iburst option sends a burst when the server is unreachable. Each mode is independently of the other and both can be used at the same time. In either mode the client sends one packet, waits for the reply, then sends the remaining packets in the burst. This may be useful to allow a modem to complete a call.

There are two burst options where a single poll event triggers a burst of eight packets at 2-s intervals instead of the normal one packet. They should be used only with the server and pool commands, but not with reference clock drivers nor symmetric peers. The burst option sends a burst when the server is reachable, while the iburst option sends a burst when the server is unreachable. Each mode is independently of the other and both can be used at the same time. In either mode the client sends one packet, waits for the reply, then sends the remaining packets in the burst. This may be useful to allow a modem to complete a call.

In both modes received server packets update the clock filter, which selects the best (most accurate) time values. When the last packet in the burst is sent, the next received packet updates the system variables and adjusts the system clock as if only a single packet exchange had occurred.

The iburst option is useful where the system clock must be set quickly or when the network attachment requires an initial calling or training sequence. The burst is initiated only when the server first becomes reachable. This improves accuracy with intermittent connections typical of PPP and ISDN services. Outliers due to initial dial-up delays, etc., are avoided and the client sets the clock within a few seconds after the first received packet.

The burst option can be configured in cases of excessive network jitter or when the network attachment requires an initial calling or training sequence. The burst is initiated at each poll interval when the server is reachable. The number of packets in the burst is determined by the poll interval so that the average interval between packets is no less than 16.. At a poll interval of 16 s, only one packet is sent in the burst; at 32 s, two packets are sent and so forth until at 128 s and above eight packets are sent. =

diff --git a/html/audio.html b/html/audio.html index 7df19890fc..9e0db0a4a1 100644 --- a/html/audio.html +++ b/html/audio.html @@ -12,10 +12,11 @@

Reference Clock Audio Drivers

ICOM R-72 shortwave receiver and Sure audio mixer -

Last update: 19:40 UTC Friday, April 13, 2007

Last update: 00:48 UTC Saturday, November 24, 2007

Authentication Options

from Alice's Adventures in Wonderland, Lewis Carroll

Our resident cryptographer; now you see him, now you don't.

Last update: 19:21 UTC Tuesday, September 25, 2007

Last update: 15:56 UTC Wednesday, January 02, 2008

Authentication Support

Authentication support allows the NTP client to verify that servers are in fact known and trusted and not intruders intending accidentally or intentionally to masquerade as a legitimate server. The NTPv3 specification RFC-1305 defines a scheme which provides cryptographic authentication of received NTP packets. Originally, this was done using the Data Encryption Standard (DES) algorithm operating in Cipher Block Chaining (CBC) mode, commonly called DES-CBC. Subsequently, this was replaced by the RSA Message Digest 5 (MD5) algorithm using a private key, commonly called keyed-MD5. Either algorithm computes a message digest, or one-way hash, which can be used to verify the server has the correct private key and key identifier.

NTPv4 retains the NTPv3 scheme, properly described as symmetric key cryptography and, in addition, provides a new Autokey scheme based on public key cryptography. Public key cryptography is generally considered more secure than symmetric key cryptography, since the security is based on private and public values which are generated by each participant and where the private value is never revealed. With the exception of the group keys described later, all key distribution and management functions involve only public values, which considerably simplifies key distribution and storage. Public key management is based on X.509 certificates, which can be provided by commercial services or produced by utility programs in the OpenSSL software library or the ntp-keygen program in the NTP distribution.

While the algorithms for symmetric key cryptography are included in the NTPv4 distribution, public key cryptography requires the OpenSSL software library to be installed before building the NTP distribution. This library is available from http://www.openssl.org and can be installed using the procedures outlined in the Building and Installing the Distribution page. Once installed, the configure and build process automatically detects the library and links the library routines required.

Authentication is configured separately for each association using the key or autokey subcommand on the peer, server, broadcast and manycastclient configuration commands as described in the Configuration Options page. The authentication options described below specify the locations of the key files, which symmetric keys are trusted and other details needed by the optional Autokey protocol. The ntp-keygen program is used to generate the various key files, certificate files and identity files described below.

Authentication is always enabled, although ineffective if not configured as described below. If an NTP packet includes a message authentication code (MAC), consisting of a key ID and the message digest, it is accepted only if the key ID matches a trusted key and the message digest is verified with this key. Furthermore, the Autokey scheme requires a preliminary protocol exchange to obtain the server certificate, verify its credentials and initialize the protocol.

The auth flag controls whether new associations or remote configuration commands require cryptographic authentication. This flag can be set or reset by the enable and disable commands and also by remote configuration commands sent by a ntpdc program running on another machine. If this flag is enabled, which is the default, new broadcast/manycast client and symmetric passive associations and remote configuration commands must be cryptographically authenticated using either symmetric key or public key cryptography. If this flag is disabled, these operations are effective even if not cryptographic authenticated. It should be understood that operating with the auth flag disabled invites a significant vulnerability where a rogue hacker can masquerade as a legitimate server and seriously disrupt system timekeeping. It is important to note that this flag has no purpose other than to allow or disallow a new association in response to new broadcast and symmetric active messages and remote configuration commands and, in particular, the flag has no effect on the authentication process itself.

The security model and protocol schemes for both symmetric key and public key cryptography are summarized below; further details are in the briefings, papers and reports at the NTP project page linked from www.ntp.org.

Symmetric Key Cryptography

The original RFC-1305 specification allows any one of possibly 65,534 keys (excluding zero), each distinguished by a 32-bit key identifier, to authenticate an association. The servers and clients involved must agree on the key and key identifier to authenticate NTP packets. Keys and related information are specified in a key file, usually called ntp.keys, which must be distributed and stored using secure means beyond the scope of the NTP protocol itself. Besides the keys used for ordinary NTP associations, additional keys can be used as passwords for the ntpq and ntpdc utility programs. Ordinarily, the ntp.keys file is generated by the ntp-keygen program, but it can be constructed by hand.

When ntpd is first started, it reads the key file specified in the keys configuration command and installs the keys in the key cache. However, individual keys must be activated with the trustedkey command before use. This allows, for instance, the installation of possibly several batches of keys and then activating or deactivating each batch remotely using ntpdc. This also provides a revocation capability that can be used if a key becomes compromised. The requestkey command selects the key used as the password for the ntpdc utility, while the controlkey command selects the key used as the password for the ntpq utility.

Authentication support allows the NTP client to verify that servers are in fact known and trusted and not intruders intending accidentally or intentionally to masquerade as a legitimate server. The NTPv3 specification RFC-1305 defines a scheme using the Data Encryption Standard (DES) algorithm, commonly called DES-CBC. Subsequently, this scheme was replaced by the RSA Message Digest 5 (MD5) algorithm, commonly called keyed-MD5. Either algorithm computes a message digest or one-way hash which can be used to verify the client has the same key as the server.

NTPv4 includes the NTPv3 scheme, properly described as symmetric key cryptography and, in addition a new scheme based on public key cryptography and called Autokey. Public key cryptography is generally considered more secure than symmetric key cryptography, since the security is based on private and public values which are generated by each participant and where the private value is never revealed. Autokey uses X.509 public certificates, which can be produced by commercial services, utility programs in the OpenSSL software library or a utility program in the NTP software distribution.

While the algorithms for symmetric key cryptography are included in the NTPv4 software distribution, Autokey cryptography requires the OpenSSL software library to be installed before building the NTP distribution. This library is available from http://www.openssl.org and can be installed using the procedures outlined in the Building and Installing the Distribution page. Once installed, the configure and build process automatically detects the library and links the library routines required.

Authentication is configured separately for each association separately using the key or autokey option on the peer, server, broadcast or manycastclient configuration commands, as described in the Server Options page, and the options described on this page. The ntp-keygen page describes the files required for the various authentication schemes. Further details are in the briefings, papers and reports at the NTP project page linked from www.ntp.org.

Symmetric Key Cryptography

+ The original RFC-1305 specification allows any one of possibly 65,534 keys (excluding zero), each distinguished by a 32-bit key ID, to authenticate an association. The servers and clients involved must agree on the key and key ID to authenticate NTP packets. If an NTP packet includes a message authentication code (MAC), consisting of a key ID and message digest, it is accepted only if the key ID matches a trusted key and the message digest is verified with this key. +

Keys and related information are specified in a keys file, usually called ntp.keys, which must be distributed and stored using secure means beyond the scope of the NTP protocol itself. Besides the keys used for ordinary NTP associations, additional keys can be used as passwords for the ntpq and ntpdc utility programs. Ordinarily, the ntp.keys file is generated by the ntp-keygen program, but it can be constructed using an ordinary text editor.

When ntpd is first started, it reads the key file specified by the keys configuration command and installs the keys in the key cache. However, individual keys must be activated with the trustedkey command before use. This allows, for instance, the installation of possibly several batches of keys and then activating a key remotely using ntpdc. The requestkey command selects the key ID used as the password for the ntpdc utility, while the controlkey command selects the key ID used as the password for the ntpq utility.

Public Key Cryptography

NTPv4 supports the Autokey security protocol, which is based on public key cryptography. The Autokey Version 2 protocol described on the Autokey Protocol page verifies packet integrity using MD5 message digests and verifies the source using digital signatures and any of several digest/signature schemes. Optional identity schemes described on the Identity Schemes page are based on cryptographic challenge/response exchanges. Using these schemes provides strong security against replay with or without modification, spoofing, masquerade and most forms of clogging attacks. These schemes are described along with an executive summary, current status, briefing slides and reading list on the Autonomous Authentication page.

NTPv4 supports the Autokey security protocol, which is based on public key cryptography. The Autokey Version 2 protocol described on the Autokey Protocol page verifies packet integrity using MD5 message digests and verifies the source using digital signatures and any of several digest/signature schemes. Optional identity schemes described on the Autokey Identity Schemes page are based on cryptographic challenge/response exchanges. Using these schemes provides strong security against replay with or without modification, spoofing, masquerade and most forms of clogging attacks. These schemes are described along with an executive summary, current status, briefing slides and reading list on the Autonomous Authentication page.

Autokey authenticates individual packets using cookies bound to the IP source and destination addresses. The cookies must have the same addresses at both the server and client. For this reason operation with network address translation schemes is not possible. This reflects the intended robust security model where government and corporate NTP servers are operated outside firewall perimeters.

The specific cryptographic environment used by Autokey servers and clients is determined by a set of files and soft links generated by the ntp-keygen program. These define the required host key, required host certificate and optional sign key and identity keys. The certificate defines the Autokey host name and the selected cryptographic algorithms.

NTP Secure Groups

NTP secure groups are used to define cryptographic compartments and security hierarchies. All hosts belonging to a named secure group share a secret group key which can be encrypted with individual passwords. Each group includes one or more trusted hosts (THs) operating at the root, or lowest stratum in the group. The other hosts are configured to provide an unbroken path, called a certificate trail, from each host, possibly via intermediate hosts, to one or more trusted hosts.

When a host starts up, it recursively retrieves the certificates along the trail in order to verify group membership and avoid masquerade and middleman attacks. The trail concludes with the trusted certificate of a TH. The subject name on the trusted certificate defines the group name and name of the identity file used to confirm group membership.

Secure groups can be configured as hierarchies where the THs of one group can be clients of one or more other groups operating at a lower stratum. In one scenario, groups RED and GREEN can be cryptographically distinct, but both be clients of group BLUE operating at a lower stratum. In another scenario, group CYAN can be a client of multiple groups YELLOW and MAGENTA, both operating at a lower stratum. The THs for each group have encrypted identity keys for that group as well as nonencrypted identity parameters for each of the lower stratum groups. The parameters can be obtained from the trusted agent (TA), usually one of the THs of the lower stratum group. There are many other scenarios, but all must be configured to include only acyclic certificate trails.

In the IFF and GQ identity schemes the TA generates an encrypted keys file including private keys and public parameters needed to verify identity to a dependent client. The parameters file is a copy of this file with the private keys obscured. A client without the private keys can confirm identity with respect to a server but cannot prove identity to a dependent client.

Naming Conventions

It is important to note that Autokey does not use DNS to resolve names or addresses, since DNS can't be completely trusted until the name servers have synchronized clocks. The Autokey names for hosts and groups are used only to verify group membership and create group hierarchies.

All THs share the same host name, which is also the group name. The host and group name is specified by the host and ident subcommands, respectively, of the crypto configuration command. All other hosts in the group have the same group name, but different host names. If the host name is not specified, the default host name is the string returned by the Unix gethostname() system call. If the group name is not specified, it defaults to the host name, in which case the group is nameless and, while certificate trails are used, identity schemes are not.

File and link names are in the form ntpkey_key_name.fstamp, where key is the key or parameter type, name is the host or group name and fstamp is the filestamp (NTP seconds) when the file was created). By convention, key fields in generated file names include both upper and lower case alphanumeric characters, while key fields in generated link names include only lower case characters. The filestamp is not used in generated link names.

The key type is a string defining the cryptographic function. Key types include public/private keys host and sign, certificate cert and several challenge/response key types. By convention, files used for challenges have a par subtype, as in the IFF challenge IFFpar, while files for responses have a key subtype, as in the GQ response GQkey.

NTP secure groups are used to define cryptographic compartments and security hierarchies. All hosts belonging to a secure group have the same group name but different host names. The string specified in the host option of the crypto command is the name of the host and in the name of the host key, sign key and certificate files. The string specified in the ident option of the crypto comand is the group name of all group hosts and in the name of the identity files. The file naming conventions are described on the ntp-keygen page.

Each group includes one or more trusted hosts (THs) operating at the root, or lowest stratum in the group. The group name is used in the subject and issuer fields of the TH trusted certificate. The host name is used in these fields for hosts other than THs.

All group hosts are configured to provide an unbroken path, called a certificate trail, from each host, possibly via intermediate hosts and ending at a TH. When a host starts up, it recursively retrieves the certificates along the trail in order to verify group membership and avoid masquerade and middleman attacks.

Secure groups can be configured as hierarchies where a TH of one group can be a client of one or more other groups operating at a lower stratum. In one scenario, groups RED and GREEN can be cryptographically distinct, but both be clients of group BLUE operating at a lower stratum. In another scenario, group CYAN can be a client of multiple groups YELLOW and MAGENTA, both operating at a lower stratum. There are many other scenarios, but all must be configured to include only acyclic certificate trails.

Identity Schemes and Cryptotypes

All configurations include a public/private host key pair and matching certificate. Absent an identity scheme, this is a Trusted Certificate (TC) scheme. There are three identity schemes, IFF, GQ and MV described on the Identity Schemes page. With these schemes all servers in the group have encrypted server identity keys, while clients have nonencrypted client identity parameters. The client parameters can be obtained from a trusted agent (TA), usually one of the THs of the lower stratum group. Further information on identity schemes is on the Autokey Identity Schemes page.

A specific combination of authentication and identity schemes is called a cryptotype, which applies to clients and servers separately. A group can be configured using more than one cryptotype combination, although not all combinations are interoperable. Note however that some cryptotype combinations may successfully interoperate with each other, but may not represent good security practice. The server and client cryptotypes are defined by the the following codes.

NONE +: A client or server is type NONE if authentication is not available or not configured. Packets exchanged between client and server have no MAC. +
AUTH +: A client or server is type AUTH if the key option is specified with the server configuration command and the client and server keys are compatible. Packets exchanged between clients and servers have a MAC.
PC +: A client or server is type PC if the autokey option is specified with the server configuration command and compatible host key and private certificate files are present. Packets exchanged between clients and servers have a MAC.
TC +: A client or server is type TC if the autokey option is specified with the server configuration command and compatible host key and public certificate files are present. Packets exchanged between clients and servers have a MAC.
IDENT +: A client or server is type IDENT if the autokey option is specified with the server configuration command and compatible host key, public certificate and identity scheme files are present. Packets exchanged between clients and servers have a MAC.

The compatible cryptotypes for clients and servers are listed in the following table.

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Client	Server
Client	NONE	AUTH	PC	TC	IDENT
NONE	yes	yes*	yes*	yes*	yes*
AUTH	no	yes	no	no	no
PC	no	no	yes	no	no
TC	no	no	no	yes	yes
IDENT	no	no	no	no	yes

* These combinations are not valid if the restriction list includes the notrust option.

Configuration

Autokey has an intimidating number of options, most of which are not necessary in typical scenarios. The simplest scenario consists of a secure group with one or more THs at the same low stratum. On behalf of the group a designated TH operating as a trusted agent (TA) generates private host keys, a trusted, self-signed public certificate and private identity keys. These media are copied intact to all THs, most conveniently using a tar archive. This insures all certificate trails end with the same credentials.

All other hosts generate private host keys and a nontrusted, self-signed public certificate. In the intended model, a host sends a mail message to the TA, provides password and out-of-band credentials, and requests the group identity media. For those hosts acting as severs with dependent clients, identity keys encrypted with the password are provided; for those hosts without dependent clients, only an unencrypted subset, called the identity parameters, are provided. Hosts with only the parameters can confirm identity with servers but cannot prove identity to dependent clients. Received files are installed in the keys directory named as the first line in the file, but all in lower case and without the filestamp field.

All hosts in the group specify the group name by the ident subcommand of the crypto configuration command. Trusted hosts in addition specify the same host name in the host subcommand. Optionally, nontrusted hosts can specify other host names, but all must be distinct.

Operation

A specific combination of authentication scheme (none, symmetric key, public key) and identity scheme is called a cryptotype, although not all combinations are compatible. There may be management configurations where the clients, servers and peers may not all support the same cryptotypes. A secure NTPv4 subnet can be configured in many ways while keeping in mind the principles explained above and in this section. Note however that some cryptotype combinations may successfully interoperate with each other, but may not represent good security practice.

The cryptotype of an association is determined at the time of mobilization, either at configuration time or some time later when an NTP packet of appropriate cryptotype arrives. When mobilized by a server or peer configuration command and no key or autokey subcommands are present, the association is not authenticated. If the key subcommand is present, the association is authenticated using the symmetric key ID specified. If the autokey subcommand is present, the association is authenticated using Autokey.

With Autokey, the cryptotype of the association is determined by the set of files generated by the ntp-keygen utility program. All configurations include a public/private host key pair and matching certificate. Absent identity parameters, this is a Trusted Certificate (TC) scheme. There are three identity schemes, IFF, GQ and MV described on the Identity Schemes page. Each is characterized by a set of private parameters that are distributed to each group host by secure means.

A group can operate where the cryptotype can be different for each client. One client can elect to use no authentication at all, another with the TC scheme and others with IFF, GQ and/or MV. However, a host cannot prove identity to a dependent client unless it has the corresponding identity parameters.

Autokey has an intimidating number of configuration options, most of which are not necessary in typical scenarios. The simplest scenario consists of a secure group with one TH at the lowest stratum. For the simplest identity scheme TC, the TH generates host key and trusted certificate files using the ntp-keygen -T command, while the remaining group hosts use the same command with no options. All hosts use the crypto configuration command with no options. Configuration with passwords is described in the ntp-keygen page

When an identity scheme is included, for example IFF, the TH generates host key, trusted certificate and private identity keys files using the ntp-keygen -T -I -i group command, where group is the group name. The remaining group hosts use the same command with no options. All hosts use the crypto ident group configuration command.

Hosts with no dependent clients can retrieve public identity parameters from an archive or web page. The ntp-keygen can export these data using the -e option. Hosts with dependent clients other than the TH must retrieve copies of the TH private identity keys using secure means. The ntp-keygen can export these data using the -q option. In either case the data are installed as a file and then renamed using the name given as the first line in the file, but without the filestamp.

Examples

Consider a scenario involving three secure groups with names red, green and blue. Groups red and blue may be typical of national laboratories providing certified time. These groups run symmetric modes so each can monitor or backup the other should the ions grow dim. Group green may be typical of a large university providing time to the campus population. Green is dependent on both red and blue and, for the sake of this example, shares an Ethernet with red and blue. Blue uses the IFF scheme, while both red and green us the GQ scheme, but with different keys.

Blue and red include the following commands in the configuration file

crypto pw passwd host group ident group -peer IPaddr autokey -broadcast IPbroadcastaddr autokey

where passwd is the password for files encrypted by ntp-keygen, group is the group name and IPaddr is the DNS name or IP address of the peer. Blue generates cryptographic media using ntp-keygen and the commands

ntp-keygen -q passwd -s blue -T -I - ntp-keygen -q passwd -s blue -e >ntpkey_iffpar_blue - ntp-keygen -q passwd -s blue -q host >ID_iffkey_blue

The first line generates the host keys, trusted certificate and IFF keys files. The second generates the IFF parameters file, which can be saved in the same keys directory without name collision. This file is not encrypted and can be moved to a public place. The third line generates a copy of the IFF keys file encrypted with the password host supplied by the requesting host. Note the ID is chosen to avoid name collision should the file be saved in the same keys directory. Ordinarily the file contents are piped to a mail application which returns it to the requesting host. Red and green use a similar procedure, but substitute their group name and use -G in place of -I.

To set up the network, the identity parameters file for blue is copied to both red and green, while the identity parameters file for red is copied to blue and green.

Now consider host cyan whose server is green and host magenta whose server is cyan. These are not trusted hosts, so cyan generates cryptographic media using the first two commands above, but omitting the -G and -T options. However, since magenta is a client of cyan, cyan needs the identity keys file for green, which is generated by the third line in green's ntp-keygen script. While in principle the identity encrypted keys file includes the parameters, the unencrypted parameters file is maintained separately, cyan needs both files

Consider a scenario involving three secure groups RED, GREEN and BLUE. RED and BLUE are typical of national laboratories providing certified time to the Internet at large. TH mort of RED and TH macabre of BLUE run NTP symmetric mode with each other for monitoring or backup. GREEN is typical of a large university providing certified time to the campus community. TH howland of GREEN is a client of both RED and BLUE. BLUE uses the IFF scheme, while both RED and GREEN use the GQ scheme, but with different keys.

BLUE TH macabre uses configuration commands

crypto pw qqsv ident blue + peer mort autokey

where qqsv is the password for macabre files. It generates BLUE files using the commands

ntp-keygen -p qqsv -T -G -i blue + ntp-keygen -p qqsv -e >ntpkey_gqpar_blue

The first line generates the host, trusted certificate and private GQ server files. The second generates the public GQ client file, which can have any nonconflicting mnemonic name.

RED TH mort uses configuration commands

crypto pw xxx ident red + peer macabre autokey

where xxx is the password for mort files. It generates RED files using the commands

ntp-keygen -p xxx -T -I -i red + ntp-keygen -p xxx -e >ntpkey_iffpar_red

GREEN TH howland uses configuration commands

crypto pw yyy ident green +server mort autokey +server macabre autokey

where yyy is the password for mort files. It generates GREEN files using the commands

ntp-keygen -p yyy -T -G -i green + ntp-keygen -p yyy -e >ntpkey_gqpar_green +ntp-keygen -p yyy -v zzz >zzz_ntpkey_gqkey_green

The first two lines serve the same purpose as the preceeding examples. The third line generats a copy of the private GREEN server file for use on another server in the same group, but encrypted with the zzz pasword.

Each TH in a group acting as a client of another group retrieves the public client file for that group from a public archive or web page using nonsecure means. In addition, each server in a group retrieves the private server file from the TH of that group, but it is encrypted and so can be sent using nonsecured means. The files are installed in the keys directory with name taken from the first line in the file, but without the filestamp

Authentication Commands

autokey [logsec]

Specifies the interval between regenerations of the session key list used with the Autokey protocol. Note that the size of the key list for each association depends on this interval and the current poll interval. The default value is 12 (4096 s or about 1.1 hours). For poll intervals above the specified interval, a session key list with a single entry will be regenerated for every message sent.

controlkey key -

Specifies the key identifier to use with the ntpq utility, which uses the standard protocol defined in RFC-1305. The key argument is the key identifier for a trusted key, where the value can be in the range 1 to 65,534, inclusive. -

crypto [randfile file] [host name] [ident name] [pw password] -

This command requires the OpenSSL library. It activates public key cryptography and loads the required public/private encryption and sign kyes and public certificat. If one or more files are left unspecified, the default names are used as described below. Unless the complete path and name of the file are specified, the location of a file is relative to the keys directory specified in the keysdir command or default /usr/local/etc. Following are the subcommands.

Specifies the key ID to use with the ntpq utility, which uses the standard protocol defined in RFC-1305. The key argument is the key ID for a trusted key, where the value can be in the range 1 to 65,534, inclusive.

crypto [randfile file] [host name] [ident name] [pw password] +

This command requires the OpenSSL library. It activates public key cryptography and loads the required host key and public certificat. If one or more files are left unspecified, the default names are used as described below. Unless the complete path and name of the file are specified, the location of a file is relative to the keys directory specified in the keysdir configuration command or default /usr/local/etc. Following are the options. +

host name -: Specifies the host name used in the host key link ntpkey_host_name, sign key link ntpkey_sign_name and certificate link ntpkey_cert_name. The ntp-keygen program automatically installs these links to the most recently generated files.
ident name -: Specifies the group name used in the identity key link ntpkey_key_name, where key identifies the key type described on the ntp-keygen page. The ntp-keygen program automatically installs these links to the most recently generated files.
pw password -: Specifies the password to decrypt files previously encrypted by the ntp-keygen program.
randfile file +: Specifies the string used when constructing the names for the host, sign and certificate files generated by the ntp-keygen program with the -s name option. +
ident name +: Specifies the string used in constructing the identity files generated by the ntp-keygen program with the -i name option.
pw password +: Specifies the password to decrypt files previously encrypted by the ntp-keygen program with the -p option. +
randfile file: Specifies the location of the random seed file used by the OpenSSL library. The defaults are described on the ntp-keygen page.

keys keyfile -

Specifies the complete path to the MD5 key file containing the keys and key identifiers used by ntpd, ntpq and ntpdc when operating with symmetric key cryptography. This is the same operation as the -k command line option. +

Specifies the complete path to the MD5 key file containing the keys and key IDs used by ntpd, ntpq and ntpdc when operating with symmetric key cryptography. This is the same operation as the -k command line option.

keysdir path

This command specifies the default directory path for cryptographic keys, parameters and certificates. The default is /usr/local/etc/.

requestkey key -

Specifies the key identifier to use with the ntpdc utility program, which uses a proprietary protocol specific to this implementation of ntpd. The key argument is a key identifier for the trusted key, where the value can be in the range 1 to 65,534, inclusive. -

revoke [logsec] +

Specifies the key ID to use with the ntpdc utility program, which uses a proprietary protocol specific to this implementation of ntpd. The key argument is a key ID for the trusted key, where the value can be in the range 1 to 65,534, inclusive.

revoke [logsec]

Specifies the interval between re-randomization of certain cryptographic values used by the Autokey scheme, as a power of 2 in seconds. These values need to be updated frequently in order to deflect brute-force attacks on the algorithms; however, updating some values is a relatively expensive operation. The default interval is 16 (65,536 s or about 18 hours). For poll intervals above the specified interval, the values will be updated for every message sent.

trustedkey key [...] -

Specifies the key identifiers which are trusted for the purposes of authenticating peers with symmetric key cryptography, as well as keys used by the ntpq and ntpdc programs. The authentication procedures require that both the local and remote servers share the same key and key identifier for this purpose, although different keys can be used with different servers. The key arguments are 32-bit unsigned integers with values from 1 to 65,534. -

Specifies the key ID which are trusted for the purposes of authenticating peers with symmetric key cryptography, as well as keys used by the ntpq and ntpdc programs. The authentication procedures require that both the local and remote servers share the same key and key ID for this purpose, although different keys can be used with different servers.

Error Codes

Errors can occur due to mismatched configurations, unexpected restarts, expired certificates and unfriendly people. In most cases the protocol state machine recovers automatically by retransmission, timeout and restart, where necessary. Some errors are due to mismatched keys, digest schemes or identity schemes and must be corrected by installing the correct media and/or correcting the configuration file. One of the most common errors is expired certificates, which must be regenerated and signed at least once per year using the ntp-keygen program.

The following error codes are reported via the NTP control and monitoring protocol trap mechanism.

@@ -126,15 +192,15 @@

The leapseconds table is missing, corrupted or bogus.

113 (bad or missing certificate)

The certificate is missing, corrupted or bogus. -

114 (bad or missing group key)

The identity key is missing, corrupt or bogus. - +

114 (bad or missing group key) +

The identity key is missing, corrupt or bogus.

115 (protocol error)

The protocol state machine has wedged due to unexpected restart

116 (server certificate expired)

The old server certificate has expired.

Files

See the ntp-keygen page. Note that provisions to load leap second values from the NIST files have been removed. These provisions are now available whether or not the OpenSSL library is available. However, the functions that can download these values from servers remains available.

diff --git a/html/bugs.html b/html/bugs.html index b2129d2250..bbd3b4b34b 100644 --- a/html/bugs.html +++ b/html/bugs.html @@ -5,24 +5,22 @@ - NTP Version 4 Bug Reporting Procedures + NTP Bug Reporting Procedures -

NTP Version 4 Bug Reporting Procedure

NTP Bug Reporting Procedures

from Alice's Adventures in Wonderland, Lewis Carroll

The rabbit toots to make sure you read this

Last update: 13:20 UTC Wednesday, October 31, 2007

Last update: 20:36 UTC Monday, December 31, 2007

NTP Version 4 Security Bug Reporting Procedure

Please do not contact developers directly.

IF YOU THINK YOU HAVE FOUND A SECURITY RELATED NTP BUG please send your report to security@ntp.org.

Reporting non-Security Bugs

THE BEST WAY TO REPORT NON-SECURITY RELATED NTP BUGS is to use the NTP Public Service Project Bug Tracking System (Bugzilla) located at http://bugs.ntp.org/. Bugs reported this way are immediately forwarded to the developers.

IF YOU WISH TO REPORT NON-SECURITY RELATED BUGS VIA E-MAIL you may do so. But please remember that your report will be held until one of our volunteers enters it in to our Bug Tracking System. The email address for these reports is bugs@ntp.org. You will need to register at http://bugs.ntp.org/ so that you may participate directly in any e-mail discussion regarding your report.

Please do not contact developers directly.

Security Bug Reporting Procedures

IF YOU THINK YOU HAVE FOUND A SECURITY RELATED NTP BUG please send your report to security@ntp.org. Please do not contact developers directly.

Non-Security Bug Reporting Proceduress

The best way to report a non-security bug is to use the NTP Public Service Project Bug Tracking System (Bugzilla) located at http://bugs.ntp.org/. Bugs reported this way are immediately forwarded to the developers. Please do not contact the developers directly.

If you wish to report a non-security bug via electronic mail, you may do so, but please remember that your report will be held until one of our volunteers enters it in Bugzilla. The email address for these reports is bugs@ntp.org. You will need to register at http://bugs.ntp.org/ so that you may participate directly in any e-mail discussion regarding your report.

diff --git a/html/build.html b/html/build.html new file mode 100644 index 0000000000..4ecf8de28e --- /dev/null +++ b/html/build.html @@ -0,0 +1,60 @@ + + + + + + + + Building and Installing the Distribution + + + + +

Building and Installing the Distribution

from Pogo, Walt Kelly +

For putting out compiler fires.

Last update: 21:11 UTC Saturday, January 19, 2008

+
+

Building and Installing the Distribution

It is not possible in a software distribution such as this to support every individual computer and operating system with a common executable, even with the same system but different versions. Therefore, it is necessary to configure, build and install for each system and version. In almost all cases, these procedures are completely automatic, The user types ./configure, make and install in that order and the autoconfigure system does the rest. There are some exceptions, as noted below and on the Hints and Kinks pages.

If available, the OpenSSL library from http://www.openssl.org is used to support public key cryptography. The library must be built and installed prior to building NTPv4. The procedures for doing that are included in the OpenSSL documentation. The library is found during the normal NTPv4 configure phase and the interface routines compiled automatically. Only the libcrypto.a library file and openssl header files are needed. If the library is not available or disabled, this step is not required.

The Configuration Options page describes a number of options that determine whether debug support is included, whether and which reference clock drivers are included and the locations of the executables and library files, if not the default. By default debugging options and all reference clock drivers are included.

Building and Installing for Unix

This distribution uses common compilers and tools that come with most Unix distributions. Not all of these tools exist in the standard distribution of modern Unix versions (compilers are likely to be an add-on product). If this is the case, consider using the GNU tools and gcc compiler included as freeware in some products. For a successful build, all of these tools should be accessible via the current path.

If your site supports multiple architectures and uses NFS to share files, you can use a single source tree to build executables for multiple architectures. While running on a particular architecture, change to the base directory and create a subdirectory using a command like mkdir A.machine which will create an architecture-specific directory, then change to this directory and mumble ../configure. The remaining steps are the same whether building in the base directory or in the subdirectory.

Building and Installing for Windows

NTP supports Windows Vista, XP, NT4 and 2000 systems. See hints/winnt.htm for directions to compile the sources and install the executables. A precompiled executable is available.

Configuration

You are now ready to configure the daemon. You will need to create a NTP configuration file by default in n/etc/ntp.conf. Newbies should see the Quick Start page for orientation. Seasoned veterans can start with the ntpd - Network Time Protocol (NTP) daemon page and move on to the specific configuration option pages from there.

If You Have Problems

If you have problems with your hardware and software environment (e.g. operating system-specific issues), browse the Hints and Kinks pages. For other problems a tutorial on debugging technique is in the NTP Debugging Technique page. A list of important system log messages is on the ntpd System Log Messages page.

The first line of general assistance is the NTP web site www.ntp.org and the helpful documents resident there. Requests for assistance of a general nature and of interest to other timekeepers should be sent to the NTP newsgroup comp.protocols.time.ntp.

Users are invited to report bugs and offer suggestions via the NTPáBug Reporting Procedures page.

Additional `make` commands

make clean +: Cleans out object files, programs and temporary files. +
make distclean +: Does the work of clean, but cleans out all directories in preparation for a new distribution release. +
make dist +: Does the work of make distclean, but constructs compressed tar files for distribution. You must have GNU automake to perform this function. +

+ + + + \ No newline at end of file diff --git a/html/build/build.html b/html/build/build.html deleted file mode 100644 index 0bb49afda3..0000000000 --- a/html/build/build.html +++ /dev/null @@ -1,83 +0,0 @@ - - - - - - - Building and Installing the Distribution - - - - -

Building and Installing the Distribution

from Pogo, Walt Kelly -

For putting out compiler fires.

Last update: 03:06 AM UTC Monday, October 13, 2003

-
-

Building and Installing the Distribution

As a practical matter, every computer architecture and operating system version seems to be different than any other. The device drivers may be different, the input/output system may be idiosyncratic and the libraries may have different semantics. It is not possible in a software distribution such as this one to support every individual system with a common set of binaries, even with the same system but different versions. Therefore, it is necessary to individually configure the software build for each system and version, both at compile time and at run time. In almost all cases, these procedures are completely automatic and all the newbie user need do is type "configure", "make" and "install" in that order and the autoconfigure system does the rest. There are some exceptions, as noted below and on the Hints and Kinks page.

If available, the OpenSSL library from http://www.openssl.org is used to support public key cryptography. The library must be built and installed prior to building NTPv4. The procedures for doing that are included in the OpenSSL documentation. The library is found during the normal NTPv4 configure phase and the interface routines compiled automatically. Only the libcrypto.a library and associated header files are used. If the library is not available or disabled, this step is not required.

Building and Installing under Unix

Make sure that you have all necessary tools for building executables. These tools include cc/gcc, make, awk, sed, tr, sh, grep, egrep and a few others. Not all of these tools exist in the standard distribution of modern Unix versions (compilers are likely to be an add-on product). If this is the case, consider using the GNU tools and gcc compiler. For a successful build, all of these tools should be accessible via the current path.

The first thing to do is uncompress the distribution and extract the source tree. In the distribution base directory use the ./configure command to perform an automatic configuration procedure. This command inspects the hardware and software environment and tests for the presence of system header files and the contents of these files to determine if certain features are present. When one or more of these features are present, the code is compiled to use them; if not, no special code is compiled. However, even if the code is compiled to use these features, the code does a special test at run time to see if one or more are actually present and avoids using them if not present. In such cases a warning message is sent to the system log, but the daemon should still work properly.

The default build normally includes the debugging code, which can be useful in diagnosing problems found in initial test, and all reference clock drivers known to work with each machine and operating system. Unless memory space is at a premium, this is a sensible strategy and greatly simplifies debugging and support. If you need to delete either the debugging code or one or all reference clock drivers to save space, see the Configuration Options page.

If your site supports multiple architectures and uses NFS to share files, you can use a single source tree to compile executables for all architectures. While running on a target architecture machine and in the distribution base directory create a subdirectory using a command like mkdir A.`config.guess`, which will create an architecture-specific directory with name peculiar to the architecture and operating system. Then change to this directory and emit a ../configure command. The remaining steps are the same whether building in the base directory or in the subdirectory.

Compilation

Use the make command to compile all source modules, construct the libraries and link the distribution. Expect few or no warnings using cc and a moderate level of warnings using gcc. Note: On some Unix platforms gcc may show quite a few complaints about system header files and type inconsistencies, especially with pointer variables. This is usually the case when the system header files are not up to ANSI standards or gcc expectations, when gcc is not installed properly, or when operating system updates and patches are applied and gcc is not reinstalled. While the autoconfigure process is quite thorough, the Unix programming cultures of the various workstation makers still remain idiosyncratic.

Installation

As root, use the make install command to install the binaries in the destination directory. Most commonly, these programs are installed in /usr/local/bin, but this can be overridden during configuration. You must of course have write permission on the install in the destination directory. This includes the following programs:

If the precision time kernel modifications are present, the following program is installed:

ntptime - read kernel time variables -

If the public key authentication functions are present, the following program is installed:

ntp-keygen - generate public and private keys -

In some systems that include the capability to edit kernel variables, the following program is installed:

tickadj - set time-related kernel variables -

Cryptographic support, both symmetric and public key, requires one or more key files, commonly installed in /usr/local/etc. Public key cryptography requires a random seed file, usually called .rnd, installed in a dark place such as the root directory or /etc. Directions for generating keys is on the Authentication Options page.

Configuration

You are now ready to configure the daemon and start it. You will need to create a NTP configuration file ntp.conf and a cryptographic key file ntp.keys. The latter file is necessary only for remote configuration support, if needed. Newbies should see the Quick Start page for orientation. Seasoned veterans can start with the ntpd - Network Time Protocol (NTP) daemon page and move on to the specific configuration option pages from there. A tutorial on NTP subnet design and configuration options is in the Notes on Configuring NTP and Setting up a NTP Subnet page.

If You Have Problems

If you have problems peculiar to the particular hardware and software environment (e.g. operating system-specific issues), browse the Hints and Kinks page. For other problems a tutorial on debugging technique is in the NTP Debugging Technique page. As always, the first line of general assistance is the NTP web site www.ntp.org and the FAQ resident there. Requests for assistance of a general nature and of interest to other timekeepers should be sent to the NTP newsgroup comp.protocols.time.ntp. Bug reports of a specific nature should be sent to bugs@ntp.org. Bug reports of a specific nature on features implemented by the programmer corps mentioned in the Copyright page should be sent directly to the implementor listed in that page, with copy to bugs@ntp.org.

Please include the version of the source distribution (e.g., ntp-4.0.70a) in your bug report, as well as billboards from the relevant utility programs and debug trace, if available. Please include the output of config.guess in your bug report. It will look something like:

pdp11-dec-fuzzos3.4

Additional `make` commands

make clean -: Cleans out object files, programs and temporary files. -
make distclean -: Does the work of clean, but cleans out all directories in preparation for a new distribution release. -
make dist -: Does the work of make distclean, but constructs compressed tar files for distribution. You must have GNU automake to perform this function. -

Building and Installing under Windows NT

See hints/winnt.htm for directions to compile the sources and install the executables.

- - - - \ No newline at end of file diff --git a/html/build/hints.html b/html/build/hints.html deleted file mode 100644 index b9e230ba23..0000000000 --- a/html/build/hints.html +++ /dev/null @@ -1,23 +0,0 @@ - - - - - - Hints and Kinks - - - - -

Hints and Kinks

from Alice's Adventures in Wonderland, Lewis Carroll -

Mother in law has all the answers.

Last update: 12:56 AM UTC Saturday, March 20, 2004

-
-

This is an index for a set of troubleshooting notes contained in individual text files in the ./hints directory. They were supplied by various volunteers in the form of mail messages, patches or just plain word of mouth. Each note applies to a specific computer and operating system and gives information found useful in setting up the NTP distribution or site configuration. The notes are very informal and subject to errors; no attempt has been made to verify the accuracy of the information contained in them.

Additions or corrections to this list or the information contained in the notes is solicited. The most useful submissions include the name of the computer manufacturer (and model numbers where appropriate), operating system (specific version(s) where appropriate), problem description, problem solution and submitter's name and electric address. If the submitter is willing to continue debate on the problem, please so advise. See the directory listing.

- - - - \ No newline at end of file diff --git a/html/build/hints/netbsd b/html/build/hints/netbsd deleted file mode 100644 index f5f628db45..0000000000 --- a/html/build/hints/netbsd +++ /dev/null @@ -1,37 +0,0 @@ -Starting with NetBSD-1.6, it is possible to delegate the system clock -control to a non root user. This enable running ntpd in a chroot -jail under a non privilegied UID/GID, using ntpd -i and -u flags. - -The delegation is done through the clockctl(4) pseudodevice driver. -This driver makes privilegied system calls such as ntp_adjtime(2) -available through ioctl(2) on the /dev/clockctl device. If a user -is able to write to /dev/clockctl, then (s)he can control the system -clock. - -In order to use this feature, make sure that: - -1) Your kernel is compiled with the following option: -pseudo-device clockctl -This is true for GENERIC kernels on most ports. Please check -http://wwW.netbsd.org/Documentation/kernel/ -if you need information about building a kernel. - -2) You have a ntpd user on your system. Here is the /etc/master.passwd -entry for ntpd user on NetBSD-1.6: -ntpd:*:15:15::0:0:& pseudo-user:/var/chroot/ntpd:/sbin/nologin -And here is the /etc/group entry for group 15: -ntpd:*:15: - -3) /dev/clockctl exists and is writtable by user ntpd. Default -NetBSD-1.6 setting is: -crw-rw---- 1 root ntpd 61, 0 Apr 1 2002 /dev/clockctl -Major device number and date is likely to be different on your system. -If you need to create the device, issue the following command: -cd /dev && ./MAKEDEV clockctl - -Here is an example of how to run ntpd chrooted in /var/chroot/ntpd, -running with ntpd UID and ntpd GID: -ntpd -i /var/chroot/ntpd -u ntpd:ntpd -Note that -i and -u options are enabled at configure time if your -system supports system clock control by an unprivilegied user. If this -is not the case, then the -i and -u options will not be available. diff --git a/html/build/hints/vxworks.html b/html/build/hints/vxworks.html deleted file mode 100644 index 95ad222248..0000000000 --- a/html/build/hints/vxworks.html +++ /dev/null @@ -1,82 +0,0 @@ - - - - - - vxWorks Port of NTP - - - - -

VxWorks port of NTP

Creating a port for vxWorks posed some problems. This port may help as a starting point for similar ports to real-time OS's and other embeddable kernels, particularly where main() is not allowed, and where the configure scripts need to be altered.

Configuration issues

I decided to do as little invasive surgery as possible on the NTP code, so I brought the vxWorks header tree in line with the standard unix tree. The following changes were needed, as a side effect these changes will allow for easy porting of other autoconfigure enabled code.

Where I have 386 you will need to put in your target type. The vxWorks tree entry point is /usr/wind. If these are the same for your system, you should be able to cut and paste the changes.

WARNING: Check you are not overwriting files, before entering the following: there should be no conflict, but check first...

export CC="cc386 -nostdlib -m486 -DCPU=I80486 -I/usr/wind/target/h"
- export RANLIB=ranlib386
- export AR=ar386
- export VX_KERNEL=/usr/wind/target/config/ims_std_bsp/vxWorks
- cd /usr/wind/target/sys
- ln -s ../signal.h
- ln -s ../time.h
- ln -s socket.h sockio.h
- ln -s ../selectLib.h select.h
- ln -s ../timers.h
- touch file.h param.h resource.h utsname.h var.h ../netdb.h ../a.out.h ../termios.h
- echo " ******ADD #include \"sys/times.h\" to sys/time.h "

The configure script must be changed in the following way to get the linking tests to work, once in the correct directory issue the following commands:
- sed -e 's%main.*()%vxmain()%' configure > configure.vxnew
- mv configure.vxnew configure
- chmod 755 configure

The new version 4 of NTP requires some maths functions so it links in the maths library (-lm) in the ntpd Makefile.am change the line "ntpd_LDADD = $(LDADD) -lm" by removing the "-lm".
- You are now ready to compile

- The configure.in file needed to be altered to allow for a host-target configuration to take place.

The define SYS_VXWORKS was added to the compilation flags. -
Little endianess is set if the target is of type iX86. -
The size of char, integer, long values are all set. If Wind River ever changes these values they will need to be updated. -
clock_settime() is defined to be used for setting the clock. -
The Linking flags have -r added to allow for relinking into the vxWorks kernel -

Unfortunately I have had to make use of the ntp_machine.h file to add in the checks that would have been checked at linking stage by autoconf, a better method should be devised.

There is now a NO_MAIN_ALLOWED define that simulates command line args, this allows the use of the normal startup sysntax. -
POSIX timers have been added. -
Structures normally found in netdb.h have been added with, the corresponding code is in machines.c . Where possible the defines for these have been kept non-vxWorks specific. -

Unfortunately there are still quite a few SYS_VXWORKS type defines in the source, but I have eliminated as many as possible. You have the choice of using the usrtime.a library avaliable from the vxworks archives or forgoing adjtime() and using the clock_[get|set]time().The ntp_machine.h file clearly marks how to do this.

Compilation issues

You will need autoconf and automake ... available free from the gnu archives worldwide.

The variable arch is the target architecture (e.g. i486)

mkdir A.vxworks (or whatever....)
- cd A.vxworks
- ../configure --target=arch-wrs-vxworks [any other options]
- make

Options I normally use are the --disable-all-clocks --enable-LOCAL-CLOCK flags. The program should proceed to compile without problem. The daemon ntpd, ntpdate, ntptrace, ntpdc, ntpq programs and of course the libraries are all fully ported. The other utilities are not, but they should be easy to port.

Running the software

Load in the various files, call them in the normal vxWorks function type manner. Here are some examples. Refer to the man pages for further information.

ld < ntpdate/ntpdate
- ld < ntpd/ntpd
- ld < ntptrace/ntptrace
- ld < ntpq/ntpq
- ld < ntpdc/ntpdc
- ntpdate ("-b", "192.168.0.245")
- sp(ntpd, "-c", "/export/home/casey/ntp/ntp.conf")
- ntpdc("-c", "monlist", "192.168.0.244")
- ntpq("-c", "peers", "192.168.0.244")
- ntptrace("192.168.0.244")
-

Bugs and such

Should you happen across any bugs, please let me know, or better yet fix them and submit a patch. Remember to make you patch general for Vxworks, not just for your particular architecture. CCII Systems (Pty) Ltd, my ex employers, sponsored the time to this port. Please let me know how it goes, I would be most interested in offsets and configurations.

Casey Crellin
- casey@csc.co.za

- - - \ No newline at end of file diff --git a/html/build/hints/winnt.html b/html/build/hints/winnt.html deleted file mode 100644 index 78de15d4e0..0000000000 --- a/html/build/hints/winnt.html +++ /dev/null @@ -1,281 +0,0 @@ - - - - - - - NTP on Windows NT - - - - -

NTP 4.x for Windows NT

- -

Introduction

- The NTP 4 distribution runs as service on Windows NT 4.0, Windows 2000, Windows XP, - Windows .NET Server 2003. It will NOT run on Windows 95, 98, ME, etc. - The binaries work on multi-processor systems. This port has not been tested - on the Alpha platform. This release now uses OpenSSL for authentication. - IPv6 is not implemented yet for Win32 platforms. -

Authentication Keys

- With this release ntp-keygen is supported. See the - ntp keygen documentation for details on how to use ntp-keygen. -

- ntpd can now use the generated keys in the same way as on Unix platforms. Please - refer to the Authentication Options for details - on how to use these. -

NOTE: ntpd and ntp-keygen both use OpenSSL which requires a random - character file called .rnd by default. Both of these programs will automatically - generate this file if they are not found. The programs will look for an - environmental variable called RANDFILE and use that for the name of the - random character file if the variable exists. If it does not exist it will look for an environmental - variable called HOME and use that directory to search for a filed called .rnd - in that directory. Finally, if neither RANDFILE nor HOME exists it will look - in C:\ for a .rnd file. In each case it will search for and create the file - if the environmental variable exists or in the C:\ directory if it doesn't. - Note that ntpd normally runs as a service so that the only way that it will - have either RANDFILE or HOME defined is if it is a System environmental - variable or if the service is run under a specific account name and that - account has one of those variables defined. Otherwise it will use the file - "c:\.rnd". This was done so that OpenSSL will work normally on Win32 systems. - This obviates the need to ship the OpenSSL.exe file and explain how to - generate the .rnd file. A future version may change this behavior. - -

Refer to Compiling Requirements and Instructions for how to compile the program.

Reference Clocks

- Reference clock support under Windows NT is tricky because the IO functions are - so much different. Some of the clock types have been built into the ntpd executable - and should work but have not been tested by the ntp project. If you have a clock - that runs on Win32 and the driver is there but not implemented on Win32 you will have - make the required configuration changes in config.h and then build ntpd from source - and test it. The following reference clocks are known to work and are supported - by Windows NT: -

Type 1 Undisciplined Local Clock (LOCAL)
- Type 29 Trimble Navigation Palisade GPS (GPS_PALISADE)

Functions Supported

- All NTP functions are supported with some constraints. See the TODO list below. - Note that the ntptrace executable is not supported and you should use the PERL script - version instead. -

Accuracy

- Greg Brackley has implemented a fantastic interpolation scheme that improves the precision of the NTP clock - using a realtime thread (is that poetic or what!) which captures a tick count from the 8253 counter after each - OS tick. The count is used to interpolate the time between operating system ticks. -

On a typical 200+ MHz system NTP achieves a precision of about 5 microseconds and synchronizes the clock - to +/-500 microseconds using the Trimble Palisade as UTC reference. - This allows distributed applications to use the 10 milliseconds ticks available to them with high confidence.

Binaries

- Recent InstallShield based executable versions of NTP for Windows NT (intel) are available from: -

ToDo

- These tasks are in no particular order of priority. -

Create a proper install/uninstall program -
Add sntp to the list of supported programs -
Add support for Visual C++ 7.0 or later (.NET) -
Add IPv6 support -
See if precision can be improved by using CPU cycle counter for tick interpolation. -
Make precision time available to applications using NTP_GETTIME API -

Compiling Requirements

Windows NT 4.0 Windows 2000, Windows XP, or Windows.NET Server 2003 -
Microsoft Visual C++ 6.0. NOTE: VC++ 7.0 (aka .NET) is not yet supported - but will probably work fine. -
Some way of uncompressing and untarring the gzipped tar file. -
OpenSSL must be built on the box before building NTP. Additional steps would - be required to not use OpenSSL. -

Compiling Instructions

Unpack and build OpenSSL according to the OpenSSL instructions for building on - Windows. An environment variable named OPENSSL must be set up to specify the base path - of the OpenSSL directory to be used to build the NTP package - (e.g. OPENSSL=C:\openssl-0.9.8b). -
Unpack the ntp-*.tar.gz archive using utilities such as WinZip. -
Open the .\ports\winnt\ntp.dsw Visual C workspace -
Batch build all projects -
The built binaries can be found in the port\winnt\bin\Release subdirectory -
In addition you will need to install the OpenSSL libeay32.dll -
If you are shipping binaries in a kit it is strongly recommended that you - ship this file (winnt.html) along with the binaries. -

Configuration File

- The default NTP configuration file path is %SystemRoot%\system32\drivers\etc\. (%SystemRoot% - is an environmental variable that can be determined by typing "set" at the "Command Prompt" - or from the "System" icon in the "Control Panel").
- Refer to your system environment and create your ntp.conf file in the directory - corresponding to your system installation.
- The older <WINDIR>\ntp.conf is still supported but you will get a log entry reporting that - the first file wasn't found. -

Installation Instructions

- The instsrv program in the instsrv subdirectory of the distribution can be used to install 'ntpd' as - a service and start automatically at boot time. Instsrv is automatically compiled with the rest of the distribution - if you followed the steps above. -

Start a command prompt and enter "instsrv.exe <pathname_for_ntpd.exe>" -
Clicking on the "Services" icon in the "Control Panel" will display the list of - currently installed services in a dialog box. The NetworkTimeProtocol service should show up in this list. - Select it in the list and hit the "Start" button in the dialog box. The NTP service should start. -
You can also stop and start the service by typing net start|stop NetworkTimeProtocol at the DOS prompt. -
View the event log by clicking on the "Event Viewer" icon in the "Administrative Tools" - group, there should be several successful startup messages from NTP. NTP will keep running and restart - automatically when the machine is rebooted. -

- You can change the start mode (automatic/manual) and other startup parameters corresponding to the NTP service - in the "Services" dialog box if you wish. -

Removing NTP

- You can also use instsrv to delete the NTP service by entering: "instsrv.exe remove" -

Command Line Parameters and Registry Entries

- Unlike the Unix environment, there is no clean way to run 'ntpdate' and reset the clock before starting 'ntpd' at boot time.
- NTP will step the clock up to 1000 seconds by default. While there is no reason that the system clock should be that much off - during bootup if 'ntpd' was running before, you may wish to override this default and/or pass other command line directives. -

Use the registry editor to edit the value for the ntpd executable under LocalMachine\System\CurrentControlSet\Services\NTP.

Add the -g option to the ImagePath key, behind "%INSTALLDIR>\ntpd.exe". This will force NTP to accept - large time errors (including 1.1.1980 00:00)

Bug Reports

- Send questions to news://comp.protocols.time.ntp - and bug reports should be entered in Bugzilla on the - NTP Web site. -

Change Log

Last revision 2 July 2003 Version 4.2.0

- by Danny Mayer (mayer@ntp.org>) -

Significant Changes:

- This latest release of NTP constitutes a major upgrade to its ability to build and - run on Windows platforms and should now build and run cleanly. More importantly it - is now able to support all authentication in the same way as Unix boxes. This does - require the usage of OpenSSL which is now a prerequisite for build on Windows. - ntp-keygen is now supported and builds on Win32 platforms. - -

Last revision 16 February 1999 Version 4.0.99e.

- by Sven Dietrich (sven_dietrich@trimble.com) -

Significant Changes:

Perl 5 is no longer needed to compile NTP. The configuration script which creates version.c - with the current date and time was modified by Frederick Czajka [w2k@austin.rr.com] so that Perl - is no longer required. -

Last revision 15 November 1999 Version 4.0.98f.

- by Sven Dietrich (sven_dietrich@trimble.com) -

Significant Changes:

Fixed I/O problem delaying packet responses which resulted in no-replys to NTPQ and others. -
The default configuration file path is <WINDIR>\system32\drivers\etc\ntp.conf. - The old <WINDIR>\ntp.confis still supported but you will get a log entry reporting - that the first file wasn't found. The NTP 3.x legacy ntp.ini file is no longer supported. -

- Known Problems / TODO: -

MD5 and name resolution do not yet get along. If you define MD5, you cannot use DNS names, only IP numbers. -

Last revision 27 July 1999 Version 4.0.95.

- This version compiles under WINNT with Visual C 6.0. -

Greg Brackley and Sven Dietrich

Significant changes:
- -Visual Studio v6.0 support
- -Winsock 2.0 support
- -Use of I/O completion ports for sockets and comm port I/O
- -Removed the use of multimedia timers (from ntpd, others need removing)
- -Use of waitable timers (with user mode APC) and performance counters to fake getting a better time
- -Trimble Palisade NTP Reference Clock support
- -General cleanup, prototyping of functions
- -Moved receiver buffer code to a separate module (removed unused members from the recvbuff struct)
- -Moved io signal code to a separate module

Last revision: 20-Oct-1996

- This version corrects problems with building the XNTP
- version 3.5-86 distribution under Windows NT. -

The following files were modified:
- blddbg.bat
- bldrel.bat
- include\ntp_machine.h
- xntpd\ntp_unixclock.c
- xntpd\ntp_refclock.c
- scripts\wininstall\build.bat
- scripts\wininstall\setup.rul
- scripts\wininstall\readme.nt
- scripts\wininstall\distrib\ntpog.wri
- html\hints\winnt (this file)

In order to build the entire Windows NT distribution you
- need to modify the file scripts\wininstall\build.bat
- with the installation directory of the InstallShield
- software. Then, simply type "bldrel" for non-debug
- or "blddbg" for debug executables.

Greg Schueman
- <schueman@acm.org>

Last revision: 07-May-1996

- This set of changes fixes all known bugs, and it includes
- several major enhancements. -

Many changes have been made both to the build environment as
- well as the code. There is no longer an ntp.mak file, instead
- there is a buildntall.bat file that will build the entire
- release in one shot. The batch file requires Perl. Perl
- is easily available from the NT Resource Kit or on the Net.

The multiple interface support was adapted from Larry Kahn's
- work on the BIND NT port. I have not been able to test it
- adequately as I only have NT servers with one network
- interfaces on which to test.

Enhancements:
- * Event Logging now works correctly.
- * Version numbers now work (requires Perl during build)
- * Support for multiple network interface cards (untested)
- * NTP.CONF now default, but supports ntp.ini if not found
- * Installation procedure automated.
- * All paths now allow environment variables such as %windir%

Bug fixes:
- * INSTSRV replaced, works correctly
- * Cleaned up many warnings
- * Corrected use of an uninitialized variable in XNTPD
- * Fixed ntpdate -b option
- * Fixed ntpdate to accept names as well as IP addresses
- (Winsock WSAStartup was called after a gethostbyname())
- * Fixed problem with "longjmp" in xntpdc/ntpdc.c that
- caused a software exception on doing a Control-C in xntpdc.
- A Cntrl-C now terminates the program.

See below for more detail:

      Note: SIGINT is not supported for any Win32 application including
-       Windows NT and Windows 95. When a CTRL+C interrupt occurs, Win32
-       operating systems generate a new thread to specifically handle that
-       interrupt. This can cause a single-thread application such as UNIX,
-       to become multithreaded, resulting in unexpected behavior.
-

Possible enhancements and things left to do:
- * Reference clock drivers for NT (at least Local Clock support)
- * Control Panel Applet
- * InstallShield based installation, like NT BIND has
- * Integration with NT Performance Monitor
- * SNMP integration
- * Fully test multiple interface support
-

Known problems:
- * bug in ntptrace - if no Stratum 1 servers are available,
- such as on an - IntraNet, the application crashes.

Last revision: 12-Apr-1995

- This NTPv3 distribution includes a sample configuration file and the project
- makefiles for WindowsNT 3.5 platform using Microsoft Visual C++ 2.0 compiler.
- Also included is a small routine to install the NTP daemon as a "service"
- on a WindowsNT box. Besides xntpd, the utilities that have been ported are
- ntpdate and xntpdc. The port to WindowsNT 3.5 has been tested using a Bancomm
- TimeServe2000 GPS receiver clock that acts as a strata 1 NTP server with no
- authentication (it has not been tested with any refclock drivers compiled in).
- Following are the known flaws in this port:
- 1) currently, I do not know of a way in NT to get information about multiple
-    network interface cards. The current port uses just one socket bound to
-    INADDR_ANY address. Therefore when dealing with a multihomed NT time server,
-    clients should point to the default address on the server (otherwise the
-    reply is not guaranteed to come from the same interface to which the
-    request was sent). Working with Microsoft to get this resolved.
- 2) There is some problem with "longjmp" in xntpdc/ntpdc.c that causes a
-    software exception on doing a Control-C in xntpdc. Be patient!
- 3) The error messages logged by xntpd currently contain only the numerical
-    error code. Corresponding error message string has to be looked up in
-    "Books Online" on Visual C++ 2.0 under the topic "Numerical List of Error
-    Codes". -

Last HTML Update: November 17, 1999
- Sven_Dietrich@Trimble.COM

- - - diff --git a/html/build/patches.html b/html/build/patches.html deleted file mode 100644 index 00b2923351..0000000000 --- a/html/build/patches.html +++ /dev/null @@ -1,36 +0,0 @@ - - - - - - Patching Procedures - - - - -

Patching Procedures

rom Alice's Adventures in Wonderland, Lewis Carroll -

The Mad Hatter needs patches.

Last update: 12:56 AM UTC Saturday, March 20, 2004

-
-

A distribution so widely used as this one eventually develops numerous barnacles as the result of porting to new systems, idiosyncratic new features and just plain bugs. In order to help keep order and make maintenance bearable, we ask that proposed changes to the distribution be submitted in the following form.

Please submit patches to bugs@mail.ntp.org in the form of either unified-diffs (diff -u) or context-diffs (diff -c). -
Please include the output from config.guess in the description of your patch. If config.guess does not produce any output for your machine, please fix that, too! -
Please base the patch on the root directory of the distribution. The preferred procedure here is to copy your patch to the root directory and mumble -
patch -p <your_patch>
-
Please avoid patching the RCS subdirectories; better yet, clean them out before submitting patches. -
If you have whole new files, as well as patches, wrap the files and patches in a shell script. If you need to compress it, use either GNU gzip or the stock Unix compress utility. -
Don't forget the documentation that may be affected by the patch. Send us patches for the ./htm files as well. -
We would be glad to include your name, electric address and descriptive phrase in the Copyright page, if you wish. -

Prior to ntp3-5.83 (releases up to and including ntp3.5f) a complete patch history back to the dark ages was kept in the ./patches directory, which might have been helpful to see if the same problem occurred in another port, etc. Patches were saved in that directory with file name in the form patch.nnn, where nnn was approaching 200. All patches in that directory have been made; so, if yours was there, it was in the distribution.

Since we have been getting multple patches for some bugs, plus many changes are implemented locally, no two maintainers here use the same tools, and since we're not using any bug-tracking software or even source code control, there is currently no tracking of specific changes.

The best way to see what's changed between two distributions is to run a diff against them.

Thanks for your contribution and happy chime.

- - - - diff --git a/html/build/porting.html b/html/build/porting.html deleted file mode 100644 index 976cc6670c..0000000000 --- a/html/build/porting.html +++ /dev/null @@ -1,40 +0,0 @@ - - - - - - Porting Hints - - - - -

Porting Hints

from The Wizard of Oz, L. Frank Baum -

Porting Dorothy in Oz -

Last update: 12:56 AM UTC Saturday, March 20, 2004

-
-

NOTE: The following procedures have been replaced by GNU automake and autoconfigure. This page is to be updated in the next release.

Porting to a new machine or operating system ordinarily requires updating the ./machines directory and the ./compilers directories in order to define the build environment and autoconfigure means. You will probably have to modify the ntp_machines.h file and "l_stdlib.h" files as well. The two most famous trouble spots are the I/O code in ./ntpd/ntp_io.c and the clock adjustment code in ./ntpd/ntp_unixclock.c.

These are the rules so that older bsd systems and the POSIX standard system can coexist together.

If you use select then include "ntp_select.h". select is not standard, since it is very system dependent as to where it is defined. The logic to include the right system dependent include file is in "ntp_select.h". -
Always use POSIX definition of strings. Include "ntp_string.h" instead of <string.h>. -
Always include "ntp_malloc.h" if you use malloc. -
Always include "ntp_io.h" instead of <sys/file.h> or <fnctl.h> to get O_* flags. -
Always include "ntp_if.h" instead of <net/if.h>. -
Always include "ntp_stdlib.h" instead of <stdlib.h>. -
Define any special defines needed for a system in ./include/ntp_machine.h based on system identifier. This file is included by the "ntp_types.h" file and should always be placed first after the <> defines. -
Define any special library prototypes left over from the system library and include files in the "l_stdlib.h" file. This file is included by the "ntp_stdlib.h" file and should ordinarily be placed last in the includes list. -
Don't define a include file by the same name as a system include file. -

"l_stdlib.h" can contain any extra definitions that are needed so that gcc will shut up. They should be controlled by a system identifier and there should be a separate section for each system. Really this will make it easier to maintain.

See include/ntp_machines.h for the various compile time options.

When you are satisfied the port works and that other ports are not adversely affected, please send patches for the system files you have changed, as well as any documentation that should be updated, including the advice herein.

Good luck.

- - - - \ No newline at end of file diff --git a/html/build/quick.html b/html/build/quick.html deleted file mode 100644 index 1693b5d7a2..0000000000 --- a/html/build/quick.html +++ /dev/null @@ -1,30 +0,0 @@ - - - - - - - Quick Start - - - - -

Quick Start

FAX test image for SATNET (1979). -

The baby panda was scanned at University College London and used as a FAX test image for a demonstration of the DARPA Atlantic SATNET Program and the first transatlantic Internet connection in 1978. The computing system used for that demonstration was called the Fuzzball . As it happened, this was also the first Internet multimedia presentation and the first to use NTP in regular operation. The image was widely copied and used for testing purpose throughout much of the 1980s.

Last update: 01:01 AM UTC Saturday, March 20, 2004

-
-

For the rank amateur the sheer volume of the documentation collection must be intimidating. However, it doesn't take much to fly the ntpd daemon with a simple configuration where a workstation needs to synchronize to some server elsewhere in the Internet. The first thing that needs to be done is to build the distribution for the particular workstation and install in the usual place. The Building and Installing the Distribution page describes how to do this.

While it is possible that certain configurations do not need a configuration file, most do require one. The file, called by default /etc/ntp.conf, need only contain one line specifying a remote server, for instance

server foo.bar.com

Choosing an appropriate remote server is somewhat of a black art, but a suboptimal choice is seldom a problem. There are about two dozen public time servers operated by National Institutes of Science and Technology (NIST), US Naval Observatory (USNO), Canadian Metrology Centre (CMC) and many others available on the Internet. Lists of public primary and secondary NTP servers maintained on the Public NTP TIme Servers page, which is updated frequently.The lists are sorted by country and, in the case of the US, by state. Usually, the best choice is the nearest in geographical terms, but the terms of engagement specified in each list entry should be carefully respected.

During operation ntpd measures and corrects for incidental clock frequency error and writes the current value to a file called by default /etc/ntp.drift. If ntpd is stopped and restarted, it initializes the frequency from this file. In this way the potentially lengthy interval to relearn the frequency error is avoided.

That's all there is to it, unless some problem in network connectivity or local operating system configuration occurs. The most common problem is some firewall between the workstation and server. System administrators should understand NTP uses UDP port 123 as both the source and destination port and that NTP does not involve any operating system interaction other than to set the system clock. While almost all modern Unix systems have included NTP and UDP port 123 defined in the services file, this should be checked if ntpd fails to come up at all.

The best way to confirm NTP is working is using the ntpq utility, although the ntpdc utility may be useful in extreme cases. See the documentation pages for further information. In the most extreme cases the -d option on the ntpd command line results in a blow-by-blow trace of the daemon operations. While the trace output can be cryptic, to say the least, it gives a general idea of what the program is doing and, in particular, details the arriving and departing packets and detected errors, if present.

Sometimes the ntpd. behavior may seem to violate the Principle of Least Astonishment, but there are good reasons for this. See the Network Time Protocol (NTP) daemon page for revealing insights. See this page and its dependencies for additional configuration and control options. The Notes on Configuring NTP and Setting up a NTP Subnet page contains an extended discussion of these options.

- - - - \ No newline at end of file diff --git a/html/build/scripts/footer.txt b/html/build/scripts/footer.txt deleted file mode 100644 index 89216ce97e..0000000000 --- a/html/build/scripts/footer.txt +++ /dev/null @@ -1,7 +0,0 @@ -document.write("\ -\ -\ -\ -

\ -Home Page

\ -Contacts

") \ No newline at end of file diff --git a/html/build/scripts/links10.txt b/html/build/scripts/links10.txt deleted file mode 100644 index 7bf9d06e7e..0000000000 --- a/html/build/scripts/links10.txt +++ /dev/null @@ -1,5 +0,0 @@ -document.write("

Reference Clock Drivers
\ -
Mitigation Rules and the prefer Keyword
\ -
How to Write a Reference Clock Driver
\ -

") \ No newline at end of file diff --git a/html/build/scripts/links11.txt b/html/build/scripts/links11.txt deleted file mode 100644 index 1fce362a65..0000000000 --- a/html/build/scripts/links11.txt +++ /dev/null @@ -1,5 +0,0 @@ -document.write("

Reference Clock Drivers
\ -
Pulse-per-second (PPS) Signal Interfacing
\ -
Line Disciplines and Streams Modules
\ -

") \ No newline at end of file diff --git a/html/build/scripts/links12.txt b/html/build/scripts/links12.txt deleted file mode 100644 index 512cbcf4a8..0000000000 --- a/html/build/scripts/links12.txt +++ /dev/null @@ -1,5 +0,0 @@ -document.write("

") \ No newline at end of file diff --git a/html/build/scripts/links7.txt b/html/build/scripts/links7.txt deleted file mode 100644 index 4a6f186a2f..0000000000 --- a/html/build/scripts/links7.txt +++ /dev/null @@ -1,5 +0,0 @@ -document.write("

") \ No newline at end of file diff --git a/html/build/scripts/links9.txt b/html/build/scripts/links9.txt deleted file mode 100644 index 38ffe90a72..0000000000 --- a/html/build/scripts/links9.txt +++ /dev/null @@ -1,7 +0,0 @@ -document.write("

Authentication Options
\ -
Automatic NTP Configuration Options
\ -
Server Options
\ -
ntp-keygen - generate public and private keys\ -
Autonomous Authentication\ -

") \ No newline at end of file diff --git a/html/build/scripts/style.css b/html/build/scripts/style.css deleted file mode 100644 index 096b18a6a1..0000000000 --- a/html/build/scripts/style.css +++ /dev/null @@ -1,64 +0,0 @@ -body {background: #FDF1E1; - color: #006600; - font-family: "verdana", sans-serif; - text-align: justify; - margin-left: 5px;} - -p, h4, hr, li {margin-top: .6em; margin-bottom: .6em} -li.inline {text-align: left; margin-top: 0; margin-bottom: 0} - -ul, dl, ol, {margin-top: .6em; margin-bottom: .6em; margin-left 5em} - -dt {margin-top: .6em} -dd {margin-bottom: .6em} - -div.header {text-align: center; - font-style: italic;} - -div.footer {text-align: center; - font-size: 60%;} - -img.cell {align: left;} - -td.sidebar {width: 40px; align: center; valign: top;} -img.sidebar {align: center; margin-top: 5px;} -h4.sidebar {align: center;} - -p.top {background: #FDF1E1; - color: #006600; - position: absolute; - margin-left: -90px; - text-align: center;} - -a:link.sidebar {background: transparent; - color: #990033; - font-weight: bold;} - -a:visited.sidebar {background: transparent; - color: #990033; - font-weight: bold;} - -a:hover.sidebar {background: #FDF1E1; - color: #006600;} - -img {margin: 5px;} - -div {text-align: center;} - -h1 {text-align: center; - font-size: 250%;} - -caption {background: #EEEEEE; - color: #339999;} - -tx {text-align: center;} - -th {background: #FFFFCC; - color: #006600; - text-align: center; - text-decoration: underline; - padding-top: 5px;} - -th.caption {background: #EEEEEE; - color: #006600; - text-align: center;} \ No newline at end of file diff --git a/html/clockopt.html b/html/clockopt.html index c4690a3689..e18d35cded 100644 --- a/html/clockopt.html +++ b/html/clockopt.html @@ -13,10 +13,11 @@

Reference Clock Options

See the radios, all in a row.

Last update: 18:37 UTC Thursday, July 28, 2005

Last update: 16:01 UTC Wednesday, January 02, 2008

Reference Clock Support

The NTP Version 4 daemon supports some three dozen different radio, satellite and modem reference clocks plus a special pseudo-clock used for backup or when no other clock source is available. Detailed descriptions of individual device drivers and options can be found in the Reference Clock Drivers page. Additional information can be found in the pages linked there, including the Debugging Hints for Reference Clock Drivers and How To Write a Reference Clock Driver pages. In addition, support for a PPS signal is available as described in Pulse-per-second (PPS) Signal Interfacing page. Many drivers support special line discipline/streams modules which can significantly improve the accuracy using the driver. These are described in the Line Disciplines and Streams Drivers page.

A reference clock will generally (though not always) be a radio timecode receiver which is synchronized to a source of standard time such as the services offered by the NRC in Canada and NIST and USNO in the US. The interface between the computer and the timecode receiver is device dependent, but is usually a serial port. A device driver specific to each reference clock must be selected and compiled in the distribution; however, most common radio, satellite and modem clocks are included by default. Note that an attempt to configure a reference clock when the driver has not been compiled or the hardware port has not been appropriately configured results in a scalding remark to the system log file, but is otherwise non hazardous.

For the purposes of configuration, ntpd treats reference clocks in a manner analogous to normal NTP peers as much as possible. Reference clocks are identified by a syntactically correct but invalid IP address, in order to distinguish them from normal NTP peers. Reference clock addresses are of the form 127.127.t.u, where t is an integer denoting the clock type and u indicates the unit number in the range 0-3. While it may seem overkill, it is in fact sometimes useful to configure multiple reference clocks of the same type, in which case the unit numbers must be unique.

The server command is used to configure a reference clock, where the address argument in that command is the clock address. The key, version and ttl options are not used for reference clock support. The mode option is added for reference clock support, as described below. The prefer option can be useful to persuade the server to cherish a reference clock with somewhat more enthusiasm than other reference clocks or peers. Further information on this option can be found in the Mitigation Rules and the prefer Keyword page. The minpoll and maxpoll options have meaning only for selected clock drivers. See the individual clock driver document pages for additional information.

diff --git a/html/build/config.html b/html/config.html similarity index 69% rename from html/build/config.html rename to html/config.html index 961779de66..9e50d80500 100644 --- a/html/build/config.html +++ b/html/config.html @@ -2,38 +2,39 @@ - - - Configuration Options - - + + + + Configuration Options + + - -

Configuration Options

from Pogo, Walt Kelly -

Gnu autoconfigure tools are in the backpack.

Last update: 12:56 AM UTC Saturday, March 20, 2004

-
-

Basic Configuration Options - the configure utility -
Options -
Directory and File Names -
Host Type -
Optional Packages -
Optional Features -
Radio Clocks -
PARSE Clocks -

Basic Configuration Options - the `configure` utility

The following options are for compiling and installing a working version of the NTP distribution. In most cases, the build process is completely automatic. In some cases where memory space is at a premium, or the binaries are to be installed in a different place, it is possible to tailor the configuration to remove such features as reference clock driver support, debugging support, and so forth.

Configuration options are specified as arguments to the configure script. Following is a summary of the current options, as of the 4.0.99m version:

Usage: configure [options] [host]
-

Options

[defaults in brackets after descriptions] Configuration:

+	
+		Configuration Options
+		from Pogo, Walt Kelly
+		Gnu autoconfigure tools are in the backpack.
+		Last update: 03:07 AM UTC Monday, October 13, 2003
+		

+		Table of Contents
+		
+			Basic Configuration Options - the configure utility
+			
Options
+			
Directory and File Names
+			
Host Type
+			
Optional Packages
+			
Optional Features
+			
Radio Clocks
+			
PARSE Clocks
+		
+		
+		Basic Configuration Options - the configure utility
+		The following options are for compiling and installing a working version of the NTP distribution. In most cases, the build process is completely automatic. In some cases where memory space is at a premium, or the binaries are to be installed in a different place, it is possible to tailor the configuration to remove such features as reference clock driver support, debugging support, and so forth.
+		Configuration options are specified as arguments to the configure script. Following is a summary of the current options, as of the 4.0.99m version:
+		Usage: configure [options] [host]

+		
+		Options
+		[defaults in brackets after descriptions] Configuration:
+		  --cache-file=FILE      cache test results in FILE
  --help                 print this message
  --no-create            do not create output files
@@ -41,8 +42,8 @@
  --version              print the version of autoconf that created
 configure
 
-        Directory and File Names
-        +		Directory and File Names
+		  --prefix=PREFIX        install architecture-independent files in PREFIX [/usr/local]
  --exec-prefix=EPREFIX  install architecture-dependent files in EPREFIX [same as prefix]
  --bindir=DIR           user executables in DIR [EPREFIX/bin]
@@ -64,14 +65,14 @@ configure
  --program-suffix=SUFFIX           append SUFFIX to installed program names
  --program-transform-name=PROGRAM  run sed PROGRAM on installed program names
 
-        Host Type
-        +		Host Type
+		  --build=BUILD          configure for building on BUILD [BUILD=HOST]
  --host=HOST            configure for HOST [guessed]
  --target=TARGET        configure for TARGET [TARGET=HOST]
 
-        Optional Packages
-        +		Optional Packages
+		  --with-PACKAGE[=ARG]   use PACKAGE [ARG=yes]
  --without-PACKAGE      do not use PACKAGE (same as --with-PACKAGE=no)
 
@@ -81,8 +82,8 @@ configure
  crypto=rsaref          Use the RSAREF library
  electricfence          Compile with ElectricFence malloc debugger
 
-        Optional Features
-        +		Optional Features
+		  --disable-FEATURE      do not include FEATURE (same as
  --enable-FEATURE=no)
  --enable-FEATURE[=ARG] include FEATURE [ARG=yes]
@@ -104,9 +105,9 @@ configure
  tickadj=VALUE          Force a value for 'tickadj'
  udp-wildcard           Use UDP wildcard delivery
 
-        Radio Clocks
-        (these are ordinarily enabled, if supported by the machine and operating system):
-        +		Radio Clocks
+		(these are ordinarily enabled, if supported by the machine and operating system):
+		  all-clocks             Include drivers for all suitable non-PARSE clocks [enable]
  ACTS                   NIST dialup clock
  ARBITER                Arbiter 1088A/B GPS receiver
@@ -146,8 +147,8 @@ configure
  USNO                   US Naval Observatory dialup clock
  WWV                    WWV audio receiver
 
-        PARSE Clocks
-        +		PARSE Clocks
+		  parse-clocks           Include drivers for all suitable PARSE clocks [enable]
  COMPUTIME              Diem Computime Radio Clock
  DCF7000                ELV/DCF7000 Clock
@@ -161,8 +162,8 @@ configure
  VARITEXT               VARITEXT clock
  WHARTON                Wharton 400A Series clock
 
-        
-        
-    
+		
+		
+	
 
 
\ No newline at end of file
diff --git a/html/confopt.html b/html/confopt.html
index a21654556b..847f9008c1 100644
--- a/html/confopt.html
+++ b/html/confopt.html
@@ -13,10 +13,10 @@
 		Server Options
 		from Pogo, Walt Kelly
 		The chicken is getting configuration advice.
-		Last update: 20:19 UTC Monday, October 15, 2007
+		Last update: 00:57 UTC Saturday, November 24, 2007
 		

 		Related Links
-		
+		
 		Table of Contents
 		
 			Configuration Commands
diff --git a/html/copyright.html b/html/copyright.html
index 2bfb3be484..e5e99ecaba 100644
--- a/html/copyright.html
+++ b/html/copyright.html
@@ -11,15 +11,14 @@
 	
 		Copyright Notice
 		 "Clone me," says Dolly sheepishly
-		Last update: 20:31 UTC Saturday, January 06, 2007
+		Last update: 21:32 UTC Monday, December 31, 2007
 		

 		
-		The following copyright notice applies to all files collectively called the Network Time Protocol Version 4 Distribution. Unless specifically declared otherwise in an individual file, this notice applies as if the text was explicitly included in the file.

-		
+		The following copyright notice applies to all files collectively called the Network Time Protocol Version 4 Distribution. Unless specifically declared otherwise in an individual file, this notice applies as if the text was explicitly included in the file.
 		 ***********************************************************************
 *                                                                     *
-* Copyright (c) David L. Mills 1992-2007                              *
+* Copyright (c) David L. Mills 1992-2008                              *
 *                                                                     *
 * Permission to use, copy, modify, and distribute this software and   *
 * its documentation for any purpose with or without fee is hereby     *
diff --git a/html/debug.html b/html/debug.html
index c732c42ce9..94119c841d 100644
--- a/html/debug.html
+++ b/html/debug.html
@@ -13,10 +13,10 @@
 		NTP Debugging Techniques
 		from Pogo, Walt Kelly
 		We make house calls and bring our own bugs.
-		Last update: 18:38 UTC Thursday, July 28, 2005
+		Last update: 00:58 UTC Saturday, November 24, 2007
 		

 		More Help
-		
+		
 		
 		Once the NTP software distribution has been compiled and installed and the configuration file constructed, the next step is to verify correct operation and fix any bugs that may result. Usually, the command line that starts the daemon is included in the system startup file, so it is executed only at system boot time; however, the daemon can be stopped and restarted from root at any time. Usually, no command-line arguments are required, unless special actions described in the ntpd - Network Time Protocol (NTP) daemon page are required. Once started, the daemon will begin sending and receiving messages, as specified in the configuration file.
 		Initial Startup
diff --git a/html/description_files/description.jpg b/html/description_files/description.jpg
new file mode 100644
index 0000000000..2153180a89
Binary files /dev/null and b/html/description_files/description.jpg differ
diff --git a/html/drivers/driver10.html b/html/drivers/driver10.html
index 97b0495d59..20391d3b78 100644
--- a/html/drivers/driver10.html
+++ b/html/drivers/driver10.html
@@ -2,52 +2,52 @@
 
 
 
-    
-        
-        
-        Austron 2200A/2201A GPS Receivers
-        
-    
+	
+		
+		
+		Austron 2200A/2201A GPS Receivers
+		
+	
 
-    
-        Austron 2200A/2201A GPS Receivers
-        
-        Synopsis
-        Address: 127.127.10.u

-            Reference ID: GPS

-            Driver ID: GPS_AS2201

-            Serial Port: /dev/gpsu; 9600 baud, 8-bits, no parity

-            Features: tty_clk
-        Description
-        This driver supports the Austron 2200A/2201A GPS/LORAN Synchronized Clock and Timing Receiver connected via a serial port. It supports several special features of the clock, including the Input Buffer Module, Output Buffer Module, IRIG-B Interface Module and LORAN Assist Module. It requires the RS232 Buffered Serial Interface module for communication with the driver. For operation with multiple computers, it requires the ppsclock streams module described in the Line Disciplines and Streams Modules page. The streams module requires a gadget box and 1-PPS level converter, such as described in the Pulse-per-second (PPS) Signal Interfacing page.
-        For use with a single computer, the receiver can be connected directly to the receiver. For use with multiple computers, one of them is connected directly to the receiver and generates the polling messages. The other computers just listen to the receiver output directly or through a buffer amplifier. For computers that just listen, fudge flag2 must be set and the ppsclock streams module configured on each of them.
-        This receiver is capable of a comprehensive and large volume of statistics and operational data. The specific data collection commands and attributes are embedded in the driver source code; however, the collection process can be enabled or disabled using the flag4 flag. If set, collection is enabled; if not, which is the default, it is disabled. A comprehensive suite of data reduction and summary scripts is in the ./scripts/stats directory
-        of the ntp3 distribution.
-        Monitor Data
-        When enabled by the flag4 fudge flag, every received timecode is written as-is to the clockstats file.
-        Fudge Factors
-        
-            time1 time
-            
Specifies the time offset calibration factor, in seconds and fraction, with default 0.0.
-            
time2 time
-            
Not used by this driver.
-            
stratum number
-            
Specifies the driver stratum, in decimal from 0 to 15, with default 0.
-            
refid string
-            
Specifies the driver reference identifier, an ASCII string from one to four characters, with default GPS.
-            
flag1 0 | 1
-            
Not used by this driver.
-            
flag2 0 | 1
-            
Set for computers that listen-only.
-            
flag3 0 | 1
-            
Not used by this driver.
-            
flag4 0 | 1
-            
Enable verbose clockstats recording if set.
-        
-        Additional Information
-        Reference Clock Drivers
-        
-        
-    
+	
+		Austron 2200A/2201A GPS Receivers
+		
+		Synopsis
+		Address: 127.127.10.u

+			Reference ID: GPS

+			Driver ID: GPS_AS2201

+			Serial Port: /dev/gpsu; 9600 baud, 8-bits, no parity

+			Features: tty_clk
+		Description
+		This driver supports the Austron 2200A/2201A GPS/LORAN Synchronized Clock and Timing Receiver connected via a serial port. It supports several special features of the clock, including the Input Buffer Module, Output Buffer Module, IRIG-B Interface Module and LORAN Assist Module. It requires the RS232 Buffered Serial Interface module for communication with the driver.
+		For use with a single computer, the receiver can be connected directly to the receiver. For use with multiple computers, one of them is connected directly to the receiver and generates the polling messages. The other computers just listen to the receiver output directly or through a buffer amplifier. For computers that just listen, fudge flag2 must be set and the ppsclock streams module configured on each of them.
+		This receiver is capable of a comprehensive and large volume of statistics and operational data. The specific data collection commands and attributes are embedded in the driver source code; however, the collection process can be enabled or disabled using the flag4 flag. If set, collection is enabled; if not, which is the default, it is disabled. A comprehensive suite of data reduction and summary scripts is in the ./scripts/stats directory
+		of the ntp3 distribution.
+		Monitor Data
+		When enabled by the flag4 fudge flag, every received timecode is written as-is to the clockstats file.
+		Fudge Factors
+		
+			time1 time
+			
Specifies the time offset calibration factor, in seconds and fraction, with default 0.0.
+			
time2 time
+			
Not used by this driver.
+			
stratum number
+			
Specifies the driver stratum, in decimal from 0 to 15, with default 0.
+			
refid string
+			
Specifies the driver reference identifier, an ASCII string from one to four characters, with default GPS.
+			
flag1 0 | 1
+			
Not used by this driver.
+			
flag2 0 | 1
+			
Set for computers that listen-only.
+			
flag3 0 | 1
+			
Not used by this driver.
+			
flag4 0 | 1
+			
Enable verbose clockstats recording if set.
+		
+		Additional Information
+		Reference Clock Drivers
+		
+		
+	
 
 
\ No newline at end of file
diff --git a/html/drivers/driver11.html b/html/drivers/driver11.html
index b36f7f3539..e7c370a592 100644
--- a/html/drivers/driver11.html
+++ b/html/drivers/driver11.html
@@ -2,30 +2,28 @@
 
 
 
-    
-        
-        
-        Arbiter 1088A/B GPS Receiver
-        
-    
+	
+		
+		
+		Arbiter 1088A/B GPS Receiver
+		
+	
 
-    
-        Arbiter 1088A/B GPS Receiver
-        
-        Synopsis
-        Address: 127.127.11.u

-            Reference ID: GPS

-            Driver ID: GPS_ARBITER

-            Serial Port: /dev/gpsu; 9600 baud, 8-bits, no parity

-            Features: tty_clk
-        
-            Description
-        
-        This driver supports the Arbiter 1088A/B Satellite Controlled Clock. The claimed accuracy of this clock is 100 ns relative to the PPS output when receiving four or more satellites.
-        The receiver should be configured before starting the NTP daemon, in order to establish reliable position and operating conditions. It does not initiate surveying or hold mode. For use with NTP, the daylight savings time feature should be disables (D0 command) and the broadcast mode set to operate in UTC (BU command).
-        The timecode format supported by this driver is selected by the poll sequence B5, which initiates a line in the following format to be repeated once per second until turned off by the B0 command.
-        Format B5 (24 ASCII printing characters):
-        <cr><lf>i yy ddd hh:mm:ss.000bbb
+	
+		Arbiter 1088A/B GPS Receiver
+		
+		Synopsis
+		Address: 127.127.11.u

+			Reference ID: GPS

+			Driver ID: GPS_ARBITER

+			Serial Port: /dev/gpsu; 9600 baud, 8-bits, no parity

+			Features: tty_clk
+		Description
+		This driver supports the Arbiter 1088A/B Satellite Controlled Clock. The claimed accuracy of this clock is 100 ns relative to the PPS output when receiving four or more satellites.
+		The receiver should be configured before starting the NTP daemon, in order to establish reliable position and operating conditions. It does not initiate surveying or hold mode. For use with NTP, the daylight savings time feature should be disables (D0 command) and the broadcast mode set to operate in UTC (BU command).
+		The timecode format supported by this driver is selected by the poll sequence B5, which initiates a line in the following format to be repeated once per second until turned off by the B0 command.
+		Format B5 (24 ASCII printing characters):
+		<cr><lf>i yy ddd hh:mm:ss.000bbb
 
 on-time = <cr>
 i = synchronization flag (' ' = locked, '?' = unlocked)
@@ -34,10 +32,10 @@ ddd = day of year
 hh:mm:ss = hours, minutes, seconds
 .000 = fraction of second (not used)
 bbb = tailing spaces for fill
-        The alarm condition is indicated by a '?' at i, which indicates the receiver is not synchronized. In normal operation, a line consisting of the timecode followed by the time quality character (TQ) followed by the receiver status string (SR) is written to the clockstats file.
-        The time quality character is encoded in IEEE P1344 standard:
-        Format TQ (IEEE P1344 estimated worst-case time quality)
-        0       clock locked, maximum accuracy
+		The alarm condition is indicated by a '?' at i, which indicates the receiver is not synchronized. In normal operation, a line consisting of the timecode followed by the time quality character (TQ) followed by the receiver status string (SR) is written to the clockstats file.
+		The time quality character is encoded in IEEE P1344 standard:
+		Format TQ (IEEE P1344 estimated worst-case time quality)
+		0       clock locked, maximum accuracy
 F       clock failure, time not reliable
 4       clock unlocked, accuracy < 1 us
 5       clock unlocked, accuracy < 10 us
@@ -47,41 +45,41 @@ F       clock failure, time not reliable
 9       clock unlocked, accuracy < 100 ms
 A       clock unlocked, accuracy < 1 s
 B       clock unlocked, accuracy < 10 s
-        The status string is encoded as follows:
-        Format SR (25 ASCII printing characters)
-        V=vv S=ss T=t P=pdop E=ee
+		The status string is encoded as follows:
+		Format SR (25 ASCII printing characters)
+		V=vv S=ss T=t P=pdop E=ee
 
 vv = satellites visible
 ss = relative signal strength
 t = satellites tracked
 pdop = position dilution of precision (meters)
 ee = hardware errors
-        A three-stage median filter is used to reduce jitter and provide a dispersion measure. The driver makes no attempt to correct for the intrinsic jitter of the radio itself.
-        Monitor Data
-        When enabled by the flag4 fudge flag, an additional line containing the latitude, longitude, elevation and optional deviation data is written to the clockstats file. The deviation data operates with an external pulse-per-second (PPS) input, such as a cesium oscillator or another radio clock. The PPS input should be connected to the B event channel and the radio initialized for deviation data on that channel. The deviation data consists of the mean offset and standard deviation of the external PPS signal relative the GPS signal, both in microseconds over the last 16 seconds.
-        Fudge Factors
-        
-            time1 time
-            
Specifies the time offset calibration factor, in seconds and fraction, with default 0.0.
-            
time2 time
-            
Not used by this driver.
-            
stratum number
-            
Specifies the driver stratum, in decimal from 0 to 15, with default 0.
-            
refid string
-            
Specifies the driver reference identifier, an ASCII string from one to four characters, with default GPS.
-            
flag1 0 | 1
-            
Not used by this driver.
-            
flag2 0 | 1
-            
Not used by this driver.
-            
flag3 0 | 1
-            
Not used by this driver.
-            
flag4 0 | 1
-            
Enable verbose clockstats recording if set.
-        
-        Additional Information
-        Reference Clock Drivers
-        
-        
-    
+		A three-stage median filter is used to reduce jitter and provide a dispersion measure. The driver makes no attempt to correct for the intrinsic jitter of the radio itself.
+		Monitor Data
+		When enabled by the flag4 fudge flag, an additional line containing the latitude, longitude, elevation and optional deviation data is written to the clockstats file. The deviation data operates with an external pulse-per-second (PPS) input, such as a cesium oscillator or another radio clock. The PPS input should be connected to the B event channel and the radio initialized for deviation data on that channel. The deviation data consists of the mean offset and standard deviation of the external PPS signal relative the GPS signal, both in microseconds over the last 16 seconds.
+		Fudge Factors
+		
+			time1 time
+			
Specifies the time offset calibration factor, in seconds and fraction, with default 0.0.
+			
time2 time
+			
Not used by this driver.
+			
stratum number
+			
Specifies the driver stratum, in decimal from 0 to 15, with default 0.
+			
refid string
+			
Specifies the driver reference identifier, an ASCII string from one to four characters, with default GPS.
+			
flag1 0 | 1
+			
Not used by this driver.
+			
flag2 0 | 1
+			
Not used by this driver.
+			
flag3 0 | 1
+			
Not used by this driver.
+			
flag4 0 | 1
+			
Enable verbose clockstats recording if set.
+		
+		Additional Information
+		Reference Clock Drivers
+		
+		
+	
 
 
\ No newline at end of file
diff --git a/html/drivers/driver18.html b/html/drivers/driver18.html
index 6acf5f22ab..a4dc769244 100644
--- a/html/drivers/driver18.html
+++ b/html/drivers/driver18.html
@@ -5,12 +5,12 @@
 	
 		
 		
-		NIST Modem Time Service
+		NIST/USNO/PTB Modem Time Services
 		
 	
 
 	
-		Automated Computer Time Service (ACTS)
+		NIST/USNO/PTB Modem Time Services
 		
 		Synopsis
 		Address: 127.127.18.u

diff --git a/html/drivers/driver19.html b/html/drivers/driver19.html
index 961ca09b96..e498969f10 100644
--- a/html/drivers/driver19.html
+++ b/html/drivers/driver19.html
@@ -2,58 +2,58 @@
 
 
 
-    
-        
-        
-        Heath WWV/WWVH Receiver
-        
-    
+	
+		
+		
+		Heath WWV/WWVH Receiver
+		
+	
 
-    
-        
Heath WWV/WWVH Receiver
-        
-        Synopsis
-        Address: 127.127.19.u

-            Reference ID: WWV

-            Driver ID: WWV_HEATH

-            Serial Port: /dev/heathu; 1200 baud, 8-bits, no parity

-            Features: tty_clk

-            Requires: /usr/include/sys/termios.h header file with modem control
-        Description
-        This driver supports the Heath GC-1000 Most Accurate Clock, with RS232C Output Accessory. This is a WWV/WWVH receiver somewhat less robust than other supported receivers. Its claimed accuracy is 100 ms when actually synchronized to the broadcast signal, but this doesn't happen even most of the time, due to propagation conditions, ambient noise sources, etc. When not synchronized, the accuracy is at the whim of the internal clock oscillator, which can wander into the sunset without warning. Since the indicated precision is 100 ms, expect a host synchronized only to this thing to wander to and fro, occasionally being rudely stepped when the offset exceeds the default CLOCK_MAX of 128 ms.
-        The internal DIPswitches should be set to operate at 1200 baud in MANUAL mode and the current year. The external DIPswitches should be set to GMT and 24-hour format. It is very important that the year be set correctly in the DIPswitches; otherwise, the day of year will be incorrect after 28 April of a normal or leap year.
-        In MANUAL mode the clock responds to a rising edge of the request to send (RTS) modem control line by sending the timecode. Therefore, it is necessary that the operating system implement the TIOCMBIC and TIOCMBIS ioctl system calls and TIOCM_RTS control bit. Present restrictions require the use of a POSIX-compatible programming interface, although other interfaces may work as well.
-        The clock message consists of 23 ASCII printing characters in the following format:
-        hh:mm:ss.f     dd/mm/yr<cr>
+	
+		Heath WWV/WWVH Receiver
+		
+		Synopsis
+		Address: 127.127.19.u

+			Reference ID: WWV

+			Driver ID: WWV_HEATH

+			Serial Port: /dev/heathu; 1200 baud, 8-bits, no parity

+			Features: tty_clk

+			Requires: /usr/include/sys/termios.h header file with modem control
+		Description
+		This driver supports the Heath GC-1000 Most Accurate Clock, with RS232C Output Accessory. This is a WWV/WWVH receiver somewhat less robust than other supported receivers. It's claimed accuracy is 100 ms when actually synchronized to the broadcast signal, but this doesn't happen even most of the time, due to propagation conditions, ambient noise sources, etc. When not synchronized, the accuracy is at the whim of the internal clock oscillator, which can wander into the sunset without warning. Since the indicated precision is 100 ms, expect a host synchronized only to this thing to wander to and fro, occasionally being rudely stepped when the offset exceeds the default CLOCK_MAX of 128 ms.
+		The internal DIPswitches should be set to operate at 1200 baud in MANUAL mode and the current year. The external DIPswitches should be set to GMT and 24-hour format. It is very important that the year be set correctly in the DIPswitches; otherwise, the day of year will be incorrect after 28 April of a normal or leap year.
+		In MANUAL mode the clock responds to a rising edge of the request to send (RTS) modem control line by sending the timecode. Therefore, it is necessary that the operating system implement the TIOCMBIC and TIOCMBIS ioctl system calls and TIOCM_RTS control bit. Present restrictions require the use of a POSIX-compatible programming interface, although other interfaces may work as well.
+		The clock message consists of 23 ASCII printing characters in the following format:
+		hh:mm:ss.f     dd/mm/yr<cr>
 
 hh:mm:ss.f = hours, minutes, seconds
 f = deciseconds ('?' when out of spec)
 dd/mm/yr = day, month, year
-        The alarm condition is indicated by '?', rather than a digit, at A. Note that 0?:??:??.? is displayed before synchronization is first established and hh:mm:ss.? once synchronization is established and then lost again for about a day.
-        A fudge time1 value of .07 s appears to center the clock offset residuals.
-        Fudge Factors
-        
-            time1 time
-            
Specifies the time offset calibration factor, in seconds and fraction, with default 0.0.
-            
time2 time
-            
Not used by this driver.
-            
stratum number
-            
Specifies the driver stratum, in decimal from 0 to 15, with default 0.
-            
refid string
-            
Specifies the driver reference identifier, an ASCII string from one to four characters, with default WWV.
-            
flag1 0 | 1
-            
Not used by this driver.
-            
flag2 0 | 1
-            
Not used by this driver.
-            
flag3 0 | 1
-            
Not used by this driver.
-            
flag4 0 | 1
-            
Not used by this driver
-        
-        Additional Information
-        Reference Clock Drivers 
-        
-        
-    
+		The alarm condition is indicated by '?', rather than a digit, at A. Note that 0?:??:??.? is displayed before synchronization is first established and hh:mm:ss.? once synchronization is established and then lost again for about a day.
+		A fudge time1 value of .07 s appears to center the clock offset residuals.
+		Fudge Factors
+		
+			time1 time
+			
Specifies the time offset calibration factor, in seconds and fraction, with default 0.0.
+			
time2 time
+			
Not used by this driver.
+			
stratum number
+			
Specifies the driver stratum, in decimal from 0 to 15, with default 0.
+			
refid string
+			
Specifies the driver reference identifier, an ASCII string from one to four characters, with default WWV.
+			
flag1 0 | 1
+			
Not used by this driver.
+			
flag2 0 | 1
+			
Not used by this driver.
+			
flag3 0 | 1
+			
Not used by this driver.
+			
flag4 0 | 1
+			
Not used by this driver
+		
+		Additional Information
+		Reference Clock Drivers 
+		
+		
+	
 
 
\ No newline at end of file
diff --git a/html/drivers/driver27.html b/html/drivers/driver27.html
index 8c2633c503..a425a9f681 100644
--- a/html/drivers/driver27.html
+++ b/html/drivers/driver27.html
@@ -46,7 +46,6 @@
 		
 			g CR
 			
Request for signal quality. Answer only valid during (late part of) resync to MSF signal. The response consists of two characters as follows:
-				
 					
 						bit 7
 						
parity
@@ -79,7 +78,6 @@
 						
bit 2--0
 						
reception signal quality in the range 0--5 (very poor to very good); if in the range 0--2 no successful reception is to be expected. The reported value drops to zero when not resyncing, ie when first returned byte is not `3'.
 					
-				
 			
h CR
 			
Request to resync to signal. Can take up from about 30s to 360s. Drains batteries so should not be used excessively. After this the clock time and date should be correct and the phase within 20ms of time as transmitted from the source signal (remember to allow for propagation time). By default the clock resyncs once per day in the late evening/early morning (presumably to catch transitions to/from daylight saving time quickly). This driver code, by default, resyncs at least once per hour to minimise clock wander.
 			
o CR
diff --git a/html/drivers/driver34.html b/html/drivers/driver34.html
index a98fad89cd..a742d42a24 100644
--- a/html/drivers/driver34.html
+++ b/html/drivers/driver34.html
@@ -1,117 +1,79 @@
-
+
 
 
 
 	
+		
 		Ultralink Clock
-		
-		    Ultralink Clock
+		
+	
+
+	
+		Ultralink Clock
 		
 		Synopsis
-			Address: 127.127.34.u

-			Reference ID: WWVB

-			Driver ID: ULINK

-			Serial Port: /dev/wwvbu; 9600 bps, 8-bits, no parity

-		

-			Features: (none)
+		Address: 127.127.34.u

+				Reference ID: WWVB

+				Driver ID: ULINK

+				Serial Port: /dev/wwvbu; 9600 bps, 8-bits, no parity

+				Features: (none)
 		Description
-		This driver supports the Ultralink Model 325 (replacement for Model 320) RS-232 powered WWVB receiver. PDF specs available on http://www.ulio.com/. This driver also supports the Model 320, 330,331,332 decoders in both polled or continous time code mode.

-				Leap second and quality are supported.
-		Most of this code is originally from refclock_wwvb.c with thanks. Any mistakes are mine. Any improvements are welcome.
-		
-		  The Model 325 timecode format is:
- 
-   <cr><lf>RQ_1C00LYYYY+DDDUTCS_HH:MM:SSL+5
- 
-  where:
- 
-  R = Signal readability indicator, ranging from R1 to R5  
-  Q	R1 is unreadable, R5 is best reception
-  _ = Space
-  1 = prev. received data bit, values: 0, 1 ,M or ? unknown
-  C = Signal reception from (C)olorado or (H)awaii
-  0 = Hours since last WWVB time and flag code update, values
-  0	00 to 99 (hopefully always 00)
-  L = HEX A5 if receiver is locked to WWVB, Space if not
-  YYYY = Year from 2000 to 2099
-  + = '+' if current year is a leap year, else ' '
-  DDD = current day in the year from 1 to 365/366
-  UTC = timezone (always UTC)
-  S = Daylight savings indicator, (S)TD, (D)ST, (O) transition
-      into DST, (I) transition out of DST
-  _ = Space
-  HH = UTC hour 0 to 23
-  : = Time delimiter, ':' if synced, Space if not
-  MM = Minutes of current hour from 0 to 59
-  : = Time delimiter, ':' if synced, Space if not
-  SS = Seconds of current minute from 0 to 59
-  mm = 10's milliseconds of the current second from 00 to 99
-  L  = Leap second pending at end of month, (I)nsert, (D)elete
-       or Space
-  +5 = UT1 correction, +/- .1 sec increments
- 
+		This driver supports the Ultralink Model 325 (replacement for Model 320) RS-232 powered WWVB receiver. PDF specs available on http://www.ulio.com/. This driver also supports the Model 320, 330,331,332 decoders in both polled or continous time code mode.Leap second and quality are supported. Most of this code is originally from refclock_wwvb.c with thanks. Any mistakes are mine. Any improvements are welcome.
+		Model 325 timecode format
+		<cr><lf>RQ_1C00LYYYY+DDDUTCS_HH:MM:SSL+5
+		R = Signal readability indicator, ranging from R1 to R5 Q R1 is unreadable, R5 is best reception

+				_ = Space

+			1 = prev. received data bit, values: 0, 1 ,M or ? unknown
+		C = Signal reception from (C)olorado or (H)awaii 0 = Hours since last WWVB time and flag code update, values 0 00 to 99 (hopefully always 00)

+				L = HEX A5 if receiver is locked to WWVB, Space if not

+				YYYY = Year from 2000 to 2099

+				+ = '+' if current year is a leap year, else ' '

+				DDD = current day in the year from 1 to 365/366

+				UTC = timezone (always UTC)

+				S = Daylight savings indicator, (S)TD, (D)ST, (O) transition into DST, (I) transition out of DST

+				_ = Space

+				HH = UTC hour 0 to 23

+				: = Time delimiter, ':' if synced, Space if not

+		   MM = Minutes of current hour from 0 to 59

+				: = Time delimiter, ':' if synced, Space if not

+				SS = Seconds of current minute from 0 to 59

+				mm = 10's milliseconds of the current second from 00 to 99

+				L = Leap second pending at end of month, (I)nsert, (D)elete or Space

+				+5 = UT1 correction, +/- .1 sec increments
 		Note that Model 325 reports a very similar output like Model 33X series. The driver for this clock is similar to Model 33X behavior. On a unmodified new ULM325 clock, the polling flag (flag1 =1) needs to be set.
-		
-		  The Model 320 timecode format is:
- 
-   <cr><lf>SQRYYYYDDD+HH:MM:SS.mmLT<cr>
- 
-  where:
- 
-  S = 'S' -- sync'd in last hour, '0'-'9' - hours x 10 since last update, else '?'
-  Q = Number of correlating time-frames, from 0 to 5
-  R = 'R' -- reception in progress, 'N' -- Noisy reception, ' ' -- standby mode
-  YYYY = year from 1990 to 2089
-  DDD = current day from 1 to 366
-  + = '+' if current year is a leap year, else ' '
-  HH = UTC hour 0 to 23
-  MM = Minutes of current hour from 0 to 59
-  SS = Seconds of current minute from 0 to 59
-  mm = 10's milliseconds of the current second from 00 to 99
-  L  = Leap second pending at end of month -- 'I' = inset, 'D'=delete
-  T  = DST <-> STD transition indicators
- 
-		Note that this driver does not do anything with the T flag.
-		The M320 also has a 'U' command which returns UT1 correction information. It is not used in this driver.
-		
-		  The Model 33x timecode format is:
-
-    S9+D 00 YYYY+DDDUTCS HH:MM:SSl+5
-
-  Where:
-
-  S =    sync indicator S insync N not in sync
-         the sync flag is WWVB decoder sync
-         nothing to do with time being correct
-  9+ =   signal level 0 thru 9+ If over 9 indicated as 9+
-  D  =   data bit ( fun to watch but useless ;-)
-  space
-  00 =   hours since last GOOD WWVB frame sync
-  space
-  YYYY = current year
-  +  =   leap year indicator
-  DDD =  day of year
-  UTC =  timezone (always UTC)
-  S  =   daylight savings indicator
-  space
-  HH  =  hours
-  :  =   This is the REAL in sync indicator (: = insync)
-  MM  =  minutes
-  :  =   : = in sync ? = NOT in sync
-  SS  =  seconds
-  L  =   leap second flag
-  +5 =   UT1 correction (sign + digit ))
- 
-		This driver ignores UT1 correction,DST indicator,Leap year and signal level.
-		
+		Model 320 timecode format
+		<cr><lf>SQRYYYYDDD+HH:MM:SS.mmLT<cr>
+		S = 'S' -- sync'd in last hour, '0'-'9' - hours x 10 since last update, else '?'

+				Q = Number of correlating time-frames, from 0 to 5

+				R = 'R' -- reception in progress,'N' -- Noisy reception, ' ' -- standby mode

+				YYYY = year from 1990 to 2089

+				DDD = current day from 1 to 366 + = '+' if current year is a leap year, else ' '

+				HH = UTC hour 0 to 23

+				MM = Minutes of current hour from 0 to 59

+				SS = Seconds of current minute from 0 to 59

+				mm = 10's milliseconds of the current second from 00 to 99

+				L = Leap second pending at end of month -- 'I' = insert, 'D'=delete

+			T = DST <-> STD transition indicators
+		Note that this driver does not do anything with the T flag. The M320 also has a 'U' command which returns UT1 correction information. It is not used in this driver.
+		Model 33x timecode format
+		S9+D 00 YYYY+DDDUTCS HH:MM:SSl+5
+		S = sync indicator S insync N not in sync the sync flag is WWVB decoder sync nothing to do with time being correct 
+		9+ = signal level 0 thru 9+ If over 9 indicated as 9

+				D = data bit (fun to watch but useless ;-) space

+				00 = hours since last GOOD WWVB frame sync space

+				YYYY = current year + = leap year indicator

+				DDD = day of year

+				UTC = timezone (always UTC)

+				S = daylight savings indicator space

+				HH = hours : = This is the REAL in sync indicator (: = insync)

+				MM = minutes : = : = in sync ? = NOT in sync

+				SS = seconds

+				L = leap second flag

+				+5 = UT1 correction (sign + digit ))
+		This driver ignores UT1 correction, DST indicator,Leap year and signal level.
 		Fudge factors
 		flag1 polling enable (1=poll 0=no poll)
 		
-		mail
-		Last modified: Mon Mar 8 10:12:08 PST 2004
-		
-		
-		
-	
-
-
\ No newline at end of file
+		
+	
+
diff --git a/html/drivers/driver4.html b/html/drivers/driver4.html
index bda4a104af..582d6babeb 100644
--- a/html/drivers/driver4.html
+++ b/html/drivers/driver4.html
@@ -4,12 +4,12 @@
 
 	
 		
-		Spectracom 8170 and Netclock/2 WWVB Receivers
+		 WWVB/GPS Receivers
 		
 	
 
 	
-		Spectracom 8170 and Netclock/2 WWVB Receivers
+		WWVB/GPS Receivers
 		
 		Synopsis
 		Address: 127.127.4.u

@@ -60,7 +60,6 @@
 			
Enable verbose clockstats recording if set.
 		
 		
-		
+	
 	
-
 
\ No newline at end of file
diff --git a/html/drivers/driver9.html b/html/drivers/driver9.html
index 112f2d7a3f..812ab13b81 100644
--- a/html/drivers/driver9.html
+++ b/html/drivers/driver9.html
@@ -2,57 +2,56 @@
 
 
 
-    
-        
-        
-        Magnavox MX4200 GPS Receiver
-        
-    
+	
+		
+		
+		Magnavox MX4200 GPS Receiver
+		
+	
 
-    
-        Magnavox MX4200 GPS Receiver
-        
-        Synopsis
-        Address: 127.127.9.u

-        Reference ID: GPS

-        Driver ID: GPS_MX4200

-        Serial Port: /dev/gpsu; 4800 baud, 8-bits, no parity

-        Features: ppsclock (required)
-        Description
-        This driver supports the Magnavox MX4200 Navigation Receiver adapted to precision timing applications. It requires the ppsclock line discipline or streams module described in the Line Disciplines and Streams Modules page. It also requires a level converter such as described in the Pulse-per-second (PPS) Signal Interfacing page.
-        This driver supports all compatible receivers such as the 6-channel MX4200, MX4200D, and the 12-channel MX9212, MX9012R, MX9112.
-         Leica Geosystems acquired the Magnavox commercial GPS technology business in February of 1994. They now market and support former Magnavox GPS products such as the MX4200 and its successors.
-        

-        Leica MX9400N Navigator.
-        Operating Modes
-        This driver supports two modes of operation, static and mobile, controlled by clock flag 2.
-        In static mode (the default) the driver assumes that the GPS antenna is in a fixed location. The receiver is initially placed in a "Static, 3D Nav" mode, where latitude, longitude, elevation and time are calculated for a fixed station. An average position is calculated from this data. After 24 hours, the receiver is placed into a "Known Position" mode, initialized with the calculated position, and then solves only for time.
-        In mobile mode, the driver assumes the GPS antenna is mounted on a moving platform such as a car, ship, or aircraft. The receiver is placed in "Dynamic, 3D Nav" mode and solves for position, altitude and time while moving. No position averaging is performed.
-        Monitor Data
-        The driver writes each timecode as received to the clockstats file. Documentation for the NMEA-0183 proprietary sentences produced by the MX4200 can be found in MX4200 Receiver Data Format.
-        Fudge Factors
-        
-            time1 time
-            
Specifies the time offset calibration factor, in seconds and fraction, with default 0.0.
-            
time2 time
-            
Not used by this driver.
-            
stratum number
-            
Specifies the driver stratum, in decimal from 0 to 15, with default 0.
-            
refid string
-            
Specifies the driver reference identifier, an ASCII string from one to four characters, with default GPS.
-            
flag1 0 | 1
-            
Not used by this driver.
-            
flag2 0 | 1
-            
Assume GPS receiver is on a mobile platform if set.
-            
flag3 0 | 1
-            
Not used by this driver.
-            
flag4 0 | 1
-            
Not used by this driver.
-        
-        Additional Information
-        Reference Clock Drivers 
-        
-        
-    
+	
+		Magnavox MX4200 GPS Receiver
+		
+		Synopsis
+		Address: 127.127.9.u

+		Reference ID: GPS

+		Driver ID: GPS_MX4200

+		Serial Port: /dev/gpsu; 4800 baud, 8-bits, no parity

+		Features: ppsclock (required)
+		Description
+		This driver supports the Magnavox MX4200 Navigation Receiver adapted to precision timing applications. This driver supports all compatible receivers such as the 6-channel MX4200, MX4200D, and the 12-channel MX9212, MX9012R, MX9112.
+		 Leica Geosystems acquired the Magnavox commercial GPS technology business in February of 1994. They now market and support former Magnavox GPS products such as the MX4200 and its successors.
+		

+		Leica MX9400N Navigator.
+		Operating Modes
+		This driver supports two modes of operation, static and mobile, controlled by clock flag 2.
+		In static mode (the default) the driver assumes that the GPS antenna is in a fixed location. The receiver is initially placed in a "Static, 3D Nav" mode, where latitude, longitude, elevation and time are calculated for a fixed station. An average position is calculated from this data. After 24 hours, the receiver is placed into a "Known Position" mode, initialized with the calculated position, and then solves only for time.
+		In mobile mode, the driver assumes the GPS antenna is mounted on a moving platform such as a car, ship, or aircraft. The receiver is placed in "Dynamic, 3D Nav" mode and solves for position, altitude and time while moving. No position averaging is performed.
+		Monitor Data
+		The driver writes each timecode as received to the clockstats file. Documentation for the NMEA-0183 proprietary sentences produced by the MX4200 can be found in MX4200 Receiver Data Format.
+		Fudge Factors
+		
+			time1 time
+			
Specifies the time offset calibration factor, in seconds and fraction, with default 0.0.
+			
time2 time
+			
Not used by this driver.
+			
stratum number
+			
Specifies the driver stratum, in decimal from 0 to 15, with default 0.
+			
refid string
+			
Specifies the driver reference identifier, an ASCII string from one to four characters, with default GPS.
+			
flag1 0 | 1
+			
Not used by this driver.
+			
flag2 0 | 1
+			
Assume GPS receiver is on a mobile platform if set.
+			
flag3 0 | 1
+			
Not used by this driver.
+			
flag4 0 | 1
+			
Not used by this driver.
+		
+		Additional Information
+		Reference Clock Drivers 
+		
+		
+	
 
 
\ No newline at end of file
diff --git a/html/mx4200data.html b/html/drivers/mx4200data.html
similarity index 99%
rename from html/mx4200data.html
rename to html/drivers/mx4200data.html
index 7bf66b1154..6f9ac30b66 100644
--- a/html/mx4200data.html
+++ b/html/drivers/mx4200data.html
@@ -3,7 +3,7 @@
 	
 		
 		MX4200 Receiver Data Format
-		
+		
 	
 
 	
@@ -1068,7 +1068,7 @@
 		Example:

 		$PMVXG,830,T,1998,10,12,15:30:46,U,S,000298,00003,000000,01*02
 		
-		
+		
 	
 
 
\ No newline at end of file
diff --git a/html/gadget.html b/html/gadget.html
index b13fe081fc..2713f76782 100644
--- a/html/gadget.html
+++ b/html/gadget.html
@@ -11,9 +11,10 @@
 	
 		Gadget Box PPS Level Converter and CHU Modem
 		A Gadget Box built by Chuck Hanavin
+		

 		Related Links
 		
-			
+			
 			

 		
 		table of Contents
diff --git a/html/genkeys.html b/html/genkeys.html
new file mode 100644
index 0000000000..e6659c032b
--- /dev/null
+++ b/html/genkeys.html
@@ -0,0 +1,94 @@
+
+
+
+
+	
+		
+		
+		ntp-keygen - Generate Public and Private Keys Files
+		
+	
+
+	
+		ntp-keygen - Generate Public and Private Keys Files
+		from Alice's Adventures in Wonderland, Lewis Carroll
+		Alice holds the key.
+		Last update: 20:57 UTC Saturday, December 22, 2007
+		

+		Related Links
+		
+		Table of Contents
+		
+			Introduction
+			
Host and Sign Key Files
+			
Certificate Files
+			
Identity Scheme Files
+			
Symmetric Keys Files
+			
Running the Program
+			
Command Line Options
+			
File Formats
+			
Bugs
+		
+		
+		Introduction
+		Note: In order to support the MV identity scheme and provide for a trusted-agent function, the -p, and -q options have been changed in minor ways from previous versions. See the command line options for details.
+		This program generates cryptographic data files used by the NTPv4 authentication schemes. It generates MD5 key files used in symmetric key cryptography and, if the OpenSSL software library has been installed, generates files used in Autokey public key cryptography. All files are in printable ASCII format and can be embedded as attachments in mail to other sites and certificate authorities.
+		File names begin with the prefix ntpkey_ and end with the postfix _name.filestamp, where name is the host or group name and filestamp is the NTP decimal seconds when the file was generated. This both guarantees uniqueness and simplifies maintenance procedures.
+		The host name for the host, sign and certificate files is specified by the -s option and must agree with the host option of the crypto configuration command. If this option is not specified, the string returned by the Unix gethostname() function is used. The group name for the identity files and certificate subject and issuer fields is specified by the -i option and must agree with the ident option of the crypto configuration command. If this option is not specified, the host name is used.
+		Files containing private data are encrypted with DES-CBC and the password specified by the -p option and must agree with the pw option of the crypto configuration command. If the -p option is not specified, the string returned by the Unix  gethostname() function is used. However, private data files can be encrypted with the password specified by the -q option and redirected via the standard output stream to a file or another program. In a similar way the public data files can be redirected using the -e option.
+		All files are installed by default in the keys directory /usr/local/etc, which is normally in a shared filesystem in NFS-mounted networks. The actual location of the keys directory can be changed by the keysdir configuration command.
+		Host and Sign Key Files
+		With the -H option the ntp-keygen program generates a new private host key file ntpkey_RSAkey_hostname.filestamp  and link ntpkey_host_hostname. With the -S option the program generates a new private sign key file ntpkey_keynamesign_hostname.filestamp and soft link ntpkey_sign_hostname, where keyname is the name of the digest/signature scheme specified by the -S option, either RSA or DSA. If this option is not specified, the host key is used as the sign key.
+		Certificate Files
+		The ntp-keygen program automatically generates a new self-signed X.509v3 public certificate ntpkey_digestcert_hostname.filestamp, and soft link ntpkey_cert_hostname, where digest is the name of the digest/signature scheme. All digest/signature schemes in the OpenSSL library are available; however, the scheme specified in the certificate must be compatible with the sign key.
+		With the -P option the program generates a private certificate including an X509v3 Extended Key Usage extension field with value private. Certificates generated without this option do not contain this field and are by default public.
+		With the -T option the program generates a trusted certificate including an X509v3 Extended Key Usage extension field with value trustRoot. Certificates generated without this option do not contain this field and are by default nontrusted.
+		Identity Scheme Files
+		There are several optional identity schemes available with Autokey, including TC, PC, IFF, GQ and MV described on the Autokey Identity Schemes page. The IFF, GQ and MV schemes are based on a challenge-response exchange where the challenger uses public client parameters and the responder uses private server keys. For the IFF and GQ schemes the ntp-keygen program generates the server file ntpkey_SCHEMEkey_groupname.filestamp and soft link ntpkey_schemekey_groupname, where scheme is iff or gq with the -I  or -G options, respectively. In these schemes the client file is not stored locally and must be redirected using the -e option.
+		In the MV scheme the keys are generated by a trusted agent (TA) which for security purposes is neither a server nor a client. With the -V option the program generates the TA keys file ntpkey_MVta_hostname.filestamp and soft link ntpkey_mvta_hostname. In this scheme the server and client files are not stored locally and must be redirected using the -q and -e options, respectively.
+		Symmetric Keys Files
+		With the -M option the ntp-keygen program generates a symmetric keys file ntpkey_MD5key_hostname.filestamp and soft link ntpkey_md5key_hostname. The file contains a list of 16 printable, semi-random MD5 keys compatible with previous NTP versions. It is in plaini text format, so additional keys can be added by hand. Since it is not encrypted, it should be visible only to root and distributed by secure means to other hosts. While this file is not used with the Autokey Version 2 protocol, it is needed to authenticate some remote configuration commands used by the ntpq and ntpdc utilities.
+		While the key identifiers for MD5 keys must be in the range 1-65,535, inclusive, the ntp-keygen program uses only the identifiers from 1 to 16. The key identifier for each association is specified as the key option with the server or peer configuration command.
+		Running the Program
+		The safest way to run the ntp-keygen program is logged in directly as root. The recommended procedure is change to the keys directory, usually /ust/local/etc, then run the program. When run without options for the first time, or if all ntpkey files have been removed, the program generates an RSA host keys file and matching RSA-MD5 certificate file, which is all that is necessary in many cases. Additional information and examples are on the Authentication Options page.
+		If run again, the program uses the same host, sign and identity files, but generates a new certificate file and link using the fields of the original certificate, but updating the issue and expire dates.
+		If the -M option is specified, all other options are ignored. The -I, -G and -V options work only with the -T option; a warning message is displayed otherwise. The -q and -e options work only if an identity scheme has been previously specified and in either case a new certificate is not generated. The recommended procedure is to specify all except these options in one invocation of the program and one of these options in a subsequent invocation.
+		Command Line Options
+		
+			-c [ RSA-MD2 | RSA-MD5 | RSA-SHA | RSA-SHA1 | RSA-MDC2 | RSA-RIPEMD160 | DSA-SHA | DSA-SHA1 ]
+			
Specify the certificate digest/signature scheme. Note that RSA schemes must be used with a RSA sign key and DSA schemes must be used with a DSA sign key. If not specified, the scheme is RSA-MD5.
+			
-d
+			
Enable debugging. This option displays cryptographic data produced in eye-friendly billboards.
+			
-e
+			
Redirect the public client parameters to the standard output stream.
-G
+			
Generate a new private server keys file for the GQ identity scheme.
-H
+			
Generate a new private RSA host keys file.
-I
+			
Generate a new private server keys file for the IFF identity scheme.
-i name
+			
Specify the group name for the identity file and certificate subject and issuer fields. If not specified, the host name is used as the group name.
-m mod
+			
Set the modulus for cryptographic keys to mod in the range 256-2048. If not specified, the modulus is 512. Caution: some schemes may not work with values other than 512 and some with larger values may produce unacceptably large network packets and may require unacceptably long times to compute.
+			
-M
+			
Generate a new public keys file containing 16 MD5 semi-random keys.
-P
+			
Generate a new private certificate file. If not specified, the program generates a public certificate file.
-p password
+			
Specify the read and write password for locally generated files to password. If not specified the host name is used as the password.
-q password
+			
Redirect the server keys file to the standard output stream encrypted using password.
+			
-S [ RSA | DSA ]
+			
Generate a new sign keys file of the designated type. If not specified, the host key is used as the sign key.
-s name
+			
Specify the host name for the host, sign and certificate files. If not specified, the host name is the string returned by the Unix gethostname() function.
+			
-T
+			
Generate a new trusted certificate file. By default, the program generates a nontrusted certificate file.
-V nkeys
+			
Generate a new private trusted-agent file for the Mu-Varadharajan (MV) identity scheme containing nkeys activation keys.
+			
+		File Formats
+		All file formats begin with two lines. The first contains the file name, including the host/group name and filestamp, while the second contains the datestamp in conventional Unix date format. Empty lines and lines beginning with # are ignored. For all except the symmetric keys file, the cryptographic values are encoded first using ASN.1 encoding rules and then in PEM-encoded printable ASCII format preceded and followed by MIME content identifier lines.
+		Private/public key files and certificates are compatible with other OpenSSL applications and very likely other libraries as well. Certificates or certificate requests derived from them should be compatible with extant industry practice, although some users might find the interpretation of X509v3 extension fields somewhat liberal. However, the identity files, although encoded as the other files, are probably not compatible with anything other than Autokey.
+		The format of the symmetric keys file is different than the other files for backward compatibility with the NTPv3 format and can be further customized using an ordinary text editor. The lines following the header contain 16 MD5 keys, one key per line. Since DES-CBC is deprecated in NTPv4, the only key format of interest is MD5 alphanumeric strings. Keys are entered one per line in the format
+		keyno MD5 key
+		where keyno is an integer in the range 1-65,535 and key is the key itself, which is a string containing 16 characters or less. Each character is chosen from the 93 printable ASCII characters in the range 0x21 through 0x7f excluding space and the '#' character.
+		Note that the keys used by the ntpq and ntpdc programs are checked against passwords requested by the program and entered by hand, so it is generally appropriate to specify these keys in human readable ASCII format.
+		Bugs
+		It can take quite a while to generate some cryptographic values, from one to several minutes with modern architectures such as UltraSPARC and up to tens of minutes to an hour with older architectures such as SPARC IPC.
+		
+		
+	
+
+
\ No newline at end of file
diff --git a/html/groups.html b/html/groups.html
deleted file mode 100644
index 7f6d14bac9..0000000000
--- a/html/groups.html
+++ /dev/null
@@ -1,47 +0,0 @@
-
-
-
-
-	
-		
-		
-		Trusted Hosts and Groups
-		
-	
-
-	
-		Trusted Hosts and Groups
-		from Alice's Adventures in Wonderland, Lewis Carroll
-		Alice holds the key.
-		Last update: 00:12 UTC Tuesday, November 08, 2005
-		

-		Related Links
-		
-		Table of Contents
-		
-			Identity Schemes
-			
Example
-			
Command Line Options
-			
Random Seed File
-			
Cryptographic Data Files
-			
Bugs
-		
-		
-		Trusted Hosts and Groups
-		Each cryptographic configuration involves selection of a signature scheme and identification scheme, called a cryptotype, as explained in the Authentication Options page. The default cryptotype uses RSA encryption, MD5 message digest and TC identification. First, configure a NTP subnet including one or more low-stratum trusted hosts from which all other hosts derive synchronization directly or indirectly. Trusted hosts have trusted certificates; all other hosts have nontrusted certificates. These hosts will automatically and dynamically build authoritative certificate trails to one or more trusted hosts. A trusted group is the set of all hosts that have, directly or indirectly, a certificate trail ending at a trusted host. The trail is defined by static configuration file entries or dynamic means described on the Automatic NTP Configuration Options page.
-		On each trusted host as root, change to the keys directory. To insure a fresh fileset, remove all ntpkey files. Then run ntp-keygen -T to generate keys and a trusted certificate. On all other hosts do the same, but leave off the -T flag to generate keys and nontrusted certificates. When complete, start the NTP daemons beginning at the lowest stratum and working up the tree. It may take some time for Autokey to instantiate the certificate trails throughout the subnet, but setting up the environment is completely automatic.
-		If it is necessary to use a different sign key or different digest/signature scheme than the default, run ntp-keygen with the -S type option, where type is either RSA or DSA. The most often need to do this is when a DSA-signed certificate is used. If it is necessary to use a different certificate scheme than the default, run ntp-keygen with the -c scheme option and selected scheme as needed. If ntp-keygen is run again without these options, it generates a new certificate using the same scheme and sign key.
-		After setting up the environment it is advisable to update certificates from time to time, if only to extend the validity interval. Simply run ntp-keygen with the same flags as before to generate new certificates using existing keys. However, if the host or sign key is changed, ntpd should be restarted. When ntpd is restarted, it loads any new files and restarts the protocol. Other dependent hosts will continue as usual until signatures are refreshed, at which time the protocol is restarted.
-		Identity Schemes
-		As mentioned on the Autonomous Authentication page, the default TC identity scheme is vulnerable to a middleman attack. However, there are more secure identity schemes available, including PC, IFF, GQ and MV described on the Identification Schemes page. These schemes are based on a TA, one or more trusted hosts and some number of nontrusted hosts. Trusted hosts prove identity using values provided by the TA, while the remaining hosts prove identity using values provided by a trusted host and certificate trails that end on that host. The name of a trusted host is also the name of its sugroup and also the subject and issuer name on its trusted certificate. The TA is not necessarily a trusted host in this sense, but often is.
-		In some schemes there are separate keys for servers and clients. A server can also be a client of another server, but a client can never be a server for another client. In general, trusted hosts and nontrusted hosts that operate as both server and client have parameter files that contain both server and client keys. Hosts that operate only as clients have key files that contain only client keys.
-		The PC scheme supports only one trusted host in the group. On trusted host alice run ntp-keygen -P -p password to generate the host key file ntpkey_RSAkey_alice.filestamp and trusted private certificate file ntpkey_RSA-MD5_cert_alice.filestamp. Copy both files to all group hosts; they replace the files which would be generated in other schemes. On each host bob install a soft link from the generic name ntpkey_host_bob to the host key file and soft link ntpkey_cert_bob to the private certificate file. Note the generic links are on bob, but point to files generated by trusted host alice. In this scheme it is not possible to refresh either the keys or certificates without copying them to all other hosts in the group.
-		For the IFF scheme proceed as in the TC scheme to generate keys and certificates for all group hosts, then for every trusted host in the group, generate the IFF parameter file. On trusted host alice run ntp-keygen -T -I -p password to produce her parameter file ntpkey_IFFpar_alice.filestamp, which includes both server and client keys. Copy this file to all group hosts that operate as both servers and clients and install a soft link from the generic ntpkey_iff_alice to this file. If there are no hosts restricted to operate only as clients, there is nothing further to do. As the IFF scheme is independent of keys and certificates, these files can be refreshed as needed.
-		If a rogue client has the parameter file, it could masquerade as a legitimate server and present a middleman threat. To eliminate this threat, the client keys can be extracted from the parameter file and distributed to all restricted clients. After generating the parameter file, on alice run ntp-keygen -e and pipe the output to a file or mail program. Copy or mail this file to all restricted clients. On these clients install a soft link from the generic ntpkey_iff_alice to this file. To further protect the integrity of the keys, each file can be encrypted with a secret password.
-		For the GQ scheme proceed as in the TC scheme to generate keys and certificates for all group hosts, then for every trusted host in the group, generate the IFF parameter file. On trusted host alice run ntp-keygen -T -G -p password to produce her parameter file ntpkey_GQpar_alice.filestamp, which includes both server and client keys. Copy this file to all group hosts and install a soft link from the generic ntpkey_gq_alice to this file. In addition, on each host bob install a soft link from generic ntpkey_gq_bob to this file. As the GQ scheme updates the GQ parameters file and certificate at the same time, keys and certificates can be regenerated as needed.
-		For the MV scheme, proceed as in the TC scheme to generate keys and certificates for all group hosts. For illustration assume trish is the TA, alice one of several trusted hosts and bob one of her clients. On TA trish run ntp-keygen -V n -p password, where n is the number of revokable keys (typically 5) to produce the parameter file ntpkeys_MVpar_trish.filestamp and client key files ntpkeys_MVkeyd_trish.filestamp where d is the key number (0 < d < n). Copy the parameter file to alice and install a soft link from the generic ntpkey_mv_alice to this file. Copy one of the client key files to alice for later distribution to her clients. It doesn't matter which client key file goes to alice, since they all work the same way. Alice copies the client key file to all of her cliens. On client bob install a soft link from generic ntpkey_mvkey_bob to the client key file. As the MV scheme is independent of keys and certificates, these files can be refreshed as needed.
-		
-		
-	
-
-
\ No newline at end of file
diff --git a/html/hints.html b/html/hints.html
new file mode 100644
index 0000000000..ba4f271413
--- /dev/null
+++ b/html/hints.html
@@ -0,0 +1,24 @@
+
+
+
+
+	
+		
+		Hints and Kinks
+		
+	
+
+	
+		Hints and Kinks
+		 from Alice's Adventures in Wonderland, Lewis Carroll
+		Mother in law has all the answers.
+		Last update: 20:27 UTC Monday, December 02, 2002
+		

+		
+		This is an index for a set of troubleshooting notes contained in individual text files in the ./hints directory. They were supplied by various volunteers in the form of mail messages, patches or just plain word of mouth. Each note applies to a specific computer and operating system and gives information found useful in setting up the NTP distribution or site configuration. The notes are very informal and subject to errors; no attempt has been made to verify the accuracy of the information contained in them.
+		Additions or corrections to this list or the information contained in the notes is solicited. The most useful submissions include the name of the computer manufacturer (and model numbers where appropriate), operating system (specific version(s) where appropriate), problem description, problem solution and submitter's name and electric address. If the submitter is willing to continue debate on the problem, please so advise. See the directory listing.
+		
+		
+	
+
+
\ No newline at end of file
diff --git a/html/build/hints/a-ux b/html/hints/a-ux
similarity index 100%
rename from html/build/hints/a-ux
rename to html/hints/a-ux
diff --git a/html/build/hints/aix b/html/hints/aix
similarity index 100%
rename from html/build/hints/aix
rename to html/hints/aix
diff --git a/html/build/hints/bsdi b/html/hints/bsdi
similarity index 100%
rename from html/build/hints/bsdi
rename to html/hints/bsdi
diff --git a/html/build/hints/changes b/html/hints/changes
similarity index 100%
rename from html/build/hints/changes
rename to html/hints/changes
diff --git a/html/build/hints/decosf1 b/html/hints/decosf1
similarity index 100%
rename from html/build/hints/decosf1
rename to html/hints/decosf1
diff --git a/html/build/hints/decosf2 b/html/hints/decosf2
similarity index 100%
rename from html/build/hints/decosf2
rename to html/hints/decosf2
diff --git a/html/build/hints/freebsd b/html/hints/freebsd
similarity index 100%
rename from html/build/hints/freebsd
rename to html/hints/freebsd
diff --git a/html/build/hints/hpux b/html/hints/hpux
similarity index 100%
rename from html/build/hints/hpux
rename to html/hints/hpux
diff --git a/html/build/hints/linux b/html/hints/linux
similarity index 100%
rename from html/build/hints/linux
rename to html/hints/linux
diff --git a/html/build/hints/mpeix b/html/hints/mpeix
similarity index 100%
rename from html/build/hints/mpeix
rename to html/hints/mpeix
diff --git a/html/build/hints/notes-xntp-v3 b/html/hints/notes-xntp-v3
similarity index 100%
rename from html/build/hints/notes-xntp-v3
rename to html/hints/notes-xntp-v3
diff --git a/html/build/hints/parse b/html/hints/parse
similarity index 97%
rename from html/build/hints/parse
rename to html/hints/parse
index 07fbc6bfee..d2523515e8 100644
--- a/html/build/hints/parse
+++ b/html/hints/parse
@@ -24,7 +24,7 @@ Directory contents:
 			- Trimble SV6 GPS receiver
 
 			  If you want to add new clock types please check
-			  with kardel  informatik.uni-erlangen.de. These files
+			  with kardel@informatik.uni-erlangen.de. These files
 			  implement the conversion of RS232 data streams into
 			  timing information used by refclock_parse.c which is
 			  mostly generic except for NTP configuration constants.
diff --git a/html/build/hints/refclocks b/html/hints/refclocks
similarity index 100%
rename from html/build/hints/refclocks
rename to html/hints/refclocks
diff --git a/html/build/hints/rs6000 b/html/hints/rs6000
similarity index 100%
rename from html/build/hints/rs6000
rename to html/hints/rs6000
diff --git a/html/build/hints/sco.html b/html/hints/sco.html
similarity index 70%
rename from html/build/hints/sco.html
rename to html/hints/sco.html
index 1efb5c588f..7afde8300f 100644
--- a/html/build/hints/sco.html
+++ b/html/hints/sco.html
@@ -1,25 +1,26 @@
-
+
 
 
 
 	
-		
+		
+		
 		SCO Unix hints
-		
+		
 	
 
 	
-		SCO Unix hints
-		Older SCO Unix versions
+		SCO Unix hints
+		Older SCO Unix versions
 		NTP 4.0.x does not run on SCO Unix prior to version 3.2.5.0.0. If you need NTP on an older SCO Unix system and don't mind to modify your kernel, use 3.5.91 which has patches for SCO Unix 3.2.4.x. Apply the kernel modifications as described in XNTP on SCO 3.2.4.2.
-		Compiling NTP
+		Compiling NTP
 		Delete the old SCO supplied NTP programs using the "custom" utility. Run the NTP configure program with CFLAGS="-b elf -K processor-type" for best results.
-		Running NTP
+		Running NTP
 		Run "tickadj -As" after every reboot to set the variables "clock_drift" and "track_rtc" to the right values.
 		Run "ntpd" with a high negative nice-value, i.e. "nice --19 ntpd" for best results.
-		More information
+		More information
 		More information on the way SCO Unix and NTP interact can be found in NTP on SCO Unix, which includes links to precompiled versions of NTP.
-		Kees Hendrikse, January 1999
+		Kees Hendrikse, January 1999
 	
 
 
\ No newline at end of file
diff --git a/html/build/hints/sgi b/html/hints/sgi
similarity index 100%
rename from html/build/hints/sgi
rename to html/hints/sgi
diff --git a/html/build/hints/solaris-dosynctodr.html b/html/hints/solaris-dosynctodr.html
similarity index 94%
rename from html/build/hints/solaris-dosynctodr.html
rename to html/hints/solaris-dosynctodr.html
index fc7fae9355..89a12b27d0 100644
--- a/html/build/hints/solaris-dosynctodr.html
+++ b/html/hints/solaris-dosynctodr.html
@@ -25,7 +25,7 @@
 
 
 
-
+
@@ -35,12 +35,12 @@
 
         
 
-        
+        
         
                 
                 
         
 		        
         
                   
-                        
+                        
@@ -58,7 +58,7 @@
     
-                        
                                 
                                     
                             

                     
                     
+                        
@@ -86,9 +86,9 @@
 

 

-

                                         sopko 
                                 
                                 
 
+

   
-
+


 


 		
+
   
 
 
@@ -177,7 +177,7 @@
 
 
 
-
+
@@ -191,7 +191,7 @@
 
 SRDB ID
  
 Synopsis 4 Sep 1999
 
 


-
+

 Problem Description
 Top
 Ever since upgrading to Solaris 2.6, the system clock has been drifting and
@@ -200,7 +200,7 @@ didn''t complete' and 'time reset (step)' a lot in the /var/adm/messages
 file. The system either was previously working fine with the freeware
 xntpd or the configuration was copied from another system that was 
 using the freeware version.
--- 23-Apr-99 08:22 US/Eastern --
+-- 23-Apr-99 08:22 US/Eastern --

 Problem Solution
 Top
 The common lore for setting up xntpd on Solaris using
@@ -221,7 +221,7 @@ clock, the hard clock is also controlled. Setting
 defaulkt behavior, having exactly the opposite effect 
 as that intended.
 
-Do not set dosynctodr to 0.
+Do not set dosynctodr to 0.
diff --git a/html/build/hints/solaris.html b/html/hints/solaris.html
similarity index 98%
rename from html/build/hints/solaris.html
rename to html/hints/solaris.html
index 9dc2ab15d0..7161d5dd3b 100644
--- a/html/build/hints/solaris.html
+++ b/html/hints/solaris.html
@@ -38,7 +38,7 @@ set dosynctodr = 0
 
 Instead of the tick kernel variable, which many operating
 systems use to control microseconds added to the system time every
-clock tick (c.f. Dealing
+clock tick (c.f. Dealing
 with Frequency Tolerance Violations), Solaris has the variables
 nsec_per_tick and usec_per_tick.
 

diff --git a/html/build/hints/solaris.xtra.4023118 b/html/hints/solaris.xtra.4023118
similarity index 100%
rename from html/build/hints/solaris.xtra.4023118
rename to html/hints/solaris.xtra.4023118
diff --git a/html/build/hints/solaris.xtra.4095849 b/html/hints/solaris.xtra.4095849
similarity index 100%
rename from html/build/hints/solaris.xtra.4095849
rename to html/hints/solaris.xtra.4095849
diff --git a/html/build/hints/solaris.xtra.S99ntpd b/html/hints/solaris.xtra.S99ntpd
similarity index 100%
rename from html/build/hints/solaris.xtra.S99ntpd
rename to html/hints/solaris.xtra.S99ntpd
diff --git a/html/build/hints/solaris.xtra.patchfreq b/html/hints/solaris.xtra.patchfreq
similarity index 100%
rename from html/build/hints/solaris.xtra.patchfreq
rename to html/hints/solaris.xtra.patchfreq
diff --git a/html/build/hints/sun4 b/html/hints/sun4
similarity index 100%
rename from html/build/hints/sun4
rename to html/hints/sun4
diff --git a/html/build/hints/svr4-dell b/html/hints/svr4-dell
similarity index 100%
rename from html/build/hints/svr4-dell
rename to html/hints/svr4-dell
diff --git a/html/build/hints/svr4_package b/html/hints/svr4_package
similarity index 100%
rename from html/build/hints/svr4_package
rename to html/hints/svr4_package
diff --git a/html/build/hints/todo b/html/hints/todo
similarity index 100%
rename from html/build/hints/todo
rename to html/hints/todo
diff --git a/html/hints/vxworks.html b/html/hints/vxworks.html
new file mode 100644
index 0000000000..f73a01ca12
--- /dev/null
+++ b/html/hints/vxworks.html
@@ -0,0 +1,85 @@
+
+
+
+
+	
+		
+		
+        vxWorks Port of NTP
+		
+	
+
+
+    
+        
VxWorks port of NTP
+        Creating a port for vxWorks posed some problems. This port may help as a starting point for similar ports to real-time OS's and other embeddable kernels, particularly where main() is not allowed, and where the configure scripts need to be altered.
+        Configuration issues
+        I decided to do as little invasive surgery as possible on the NTP code, so I brought the vxWorks header tree in line with the standard Unix tree. The following changes were needed, as a side effect these changes will allow for easy porting of other autoconfigure enabled code.
+        Where I have 386 you will need to put in your target type. The vxWorks tree entry point is /usr/wind. If these are the same for your system, you should be able to cut and paste the changes.
+        WARNING: Check you are not overwriting files, before entering the following: there should be no conflict, but check first...
+		+            export CC="cc386 -nostdlib -m486 -DCPU=I80486 -I/usr/wind/target/h"
+            export RANLIB=ranlib386
+            export AR=ar386
+            export VX_KERNEL=/usr/wind/target/config/ims_std_bsp/vxWorks

+			
+            cd /usr/wind/target/sys
+            ln -s ../signal.h
+            ln -s ../time.h
+            ln -s socket.h sockio.h
+            ln -s ../selectLib.h select.h
+            ln -s ../timers.h
+            touch file.h param.h resource.h utsname.h var.h ../netdb.h ../a.out.h ../termios.h
+         echo " ******ADD #include \"sys/times.h\" to sys/time.h "
+            
+		The configure script must be changed in the following way to get the linking tests to work, once in the correct directory issue the following commands:
+		
+		      sed -e 's%main.*()%vxmain()%' configure > configure.vxnew
+            mv configure.vxnew configure
+            chmod 755 configure
+      
+		
The new version 4 of NTP requires some maths functions so it links in the maths library (-lm) in the ./ntpd/Makefile.am file change the line ntpd_LDADD = $(LDADD) -lm by removing the "-lm".
+		 >You are now ready to compile
+		
The ./configure.in file needed to be altered to allow for a host-target configuration to take place.
+		
+            The define SYS_VXWORKS was added to the compilation flags.
+            
Little endianess is set if the target is of type iX86.
+            
The size of char, integer, long values are all set. If Wind River ever changes these values they will need to be updated.
+            
clock_settime() is defined to be used for setting the clock.
+            
The Linking flags have -r added to allow for relinking into the vxWorks kernel
+        
+        Unfortunately I have had to make use of the ./include/ntp_machine.h file to add in the checks that would have been checked at linking stage by autoconf, a better method should be devised.
+        
+            There is now a NO_MAIN_ALLOWED define that simulates command line args, this allows the use of the normal startup sysntax.
+            
POSIX timers have been added.
+            
Structures normally found in netdb.h have been added with, the corresponding code is in ./libntp/machines.c. Where possible the defines for these have been kept non-vxWorks specific.
+        
+        Unfortunately there are still quite a few SYS_VXWORKS type defines in the source, but I have eliminated as many as possible. You have the choice of using the usrtime.a library avaliable from the vxworks archives or forgoing adjtime() and using the clock_[get|set]time(). The ./include/ntp_machine.h file clearly marks how to do this.
+        Compilation issues
+        You will need autoconf and automake ... available free from the gnu archives worldwide.
+        The variable arch is the target architecture (e.g. i486)
+        +            mkdir A.vxworks)
+            cd A.vxworks
+            ../configure --target=arch-wrs-vxworks
+            make
+       
+        Options I normally use are the --disable-all-clocks --enable-LOCAL-CLOCK flags. The program should proceed to compile without problem. The daemon ntpd, ntpdate, ntptrace, ntpdc, ntpq programs and of course the libraries are all fully ported. The other utilities are not, but they should be easy to port.
+        Running the software
+        Load in the various files, call them in the normal vxWorks function type manner. Here are some examples. Refer to the man pages for further information.
+        +            ld < ntpdate/ntpdate
+            ld < ntpd/ntpd
+            ld < ntptrace/ntptrace
+            ld < ntpq/ntpq
+            ld < ntpdc/ntpdc
+            ntpdate ("-b", "192.168.0.245")
+            sp(ntpd, "-c", "/export/home/casey/ntp/ntp.conf")
+            ntpdc("-c", "monlist", "192.168.0.244")
+            ntpq("-c", "peers", "192.168.0.244")
+            ntptrace("192.168.0.244")
+        
+        Casey Crellin, casey@csc.co.za
+    
+
+
\ No newline at end of file
diff --git a/html/hints/winnt.html b/html/hints/winnt.html
new file mode 100644
index 0000000000..dfd883a84f
--- /dev/null
+++ b/html/hints/winnt.html
@@ -0,0 +1,184 @@
+
+
+
+
+	
+		
+		
+        NTP on Windows NT
+		
+	
+    
+        NTP 4.x for Windows NT
+
+        Introduction
+        The NTP 4 distribution runs as service on Windows Vista, Windows NT 4.0, Windows 2000, Windows XP, Windows .NET Server 2003. It will NOT run on Windows 95, 98, ME, etc. The binaries work on multi-processor systems. This port has not been tested on the Alpha platform. This release now uses OpenSSL for authentication. IPv6 is not implemented yet for Win32 platforms. A ready-to-run install distribution is available from Meinberg at http://www.meinberg.de/english/sw/ntp.htm
+        Authentication Keys
+        With this release ntp-keygen is supported. See the  ntp keygen documentation for details on how to use ntp-keygen.
+        ntpd can now use the generated keys in the same way as on Unix platforms. Please refer to the Authentication Options for details on how to use these.
+        NOTE: ntpd and ntp-keygen both use OpenSSL which requires a random
+        character file called .rnd by default. Both of these programs will automatically generate this file if they are not found. The programs will look for an environmental variable called RANDFILE and use that for the name of the random character file if the variable exists. If it does not exist it will look for an environmental variable called HOME and use that directory to search for a file called .rnd in that directory. Finally, if neither RANDFILE nor HOME exists it will look in C:\ for a .rnd file. In each case it will search for and create the file if the environmental variable exists or in the C:\ directory if it doesn't.
+        Note that ntpd normally runs as a service so that the only way that it will have either RANDFILE or HOME defined is if it is a System environmental variable or if the service is run under a specific account name and that account has one of those variables defined. Otherwise it will use the file c:\.rnd. This was done so that OpenSSL will work normally on Win32 systems. This obviates the need to ship the OpenSSL.exe file and explain how to generate the .rnd file. A future version may change this behavior.
+        Refer to Compiling Requirements and Instructions for how to compile the program.
+        Reference Clocks
+        Reference clock support under Windows NT is tricky because the IO functions are so much different. Some of the clock types have been built into the ntpd executable and should work but have not been tested by the ntp project. If you have a clock that runs on Win32 and the driver is there but not implemented on Win32 you will have make the required configuration changes in config.h and then build ntpd from source and test it. The following reference clock is known to work and is supported by Windows NT: Type 1 Undisciplined Local Clock (LOCAL)
+        Functions Supported
+        All NTP functions are supported with some constraints. See the TODO list below. Note that the ntptrace executable is not supported and you should use the PERL script version instead.
+        Accuracy
+        Greg Brackley has implemented a fantastic interpolation scheme that improves the precision of the NTP clock using a realtime thread (is that poetic or what!) which captures a tick count from the 8253 counter after each OS tick. The count is used to interpolate the time between operating system ticks.
+        On a typical 200+ MHz system NTP achieves a precision of about 5 microseconds and synchronizes the clock to +/-500 microseconds using the Trimble Palisade as UTC reference. This allows distributed applications to use the 10 milliseconds ticks available to them with high confidence.
+        Binaries
+        Recent InstallShield based executable versions of NTP for Windows NT (intel) are available from:
+        
+			http://www.five-ten-sg.com/
+		
+        ToDo
+        These tasks are in no particular order of priority.
+        
+            Create a proper install/uninstall program
+            
Add sntp to the list of supported programs
+            
Add support for Visual C++ 7.0 or later (.NET)
+            
Add IPv6 support
+            
See if precision can be improved by using CPU cycle counter for tick interpolation.
+            
Make precision time available to applications using NTP_GETTIME API
+        
+        Compiling Requirements
+        
+            Windows NT 4.0 Windows 2000, Windows XP, or Windows.NET Server 2003
+            
Microsoft Visual C++ 6.0. NOTEVC++ 7.0 (aka .NET) is not yet supported
+            but will probably work fine.
+            
Some way of uncompressing and untarring the gzipped tar file.
+            
OpenSSL must be built on the box before building NTP. Additional steps would
+            be required to not use OpenSSL.
+        
+        Compiling Instructions
+        
+            Unpack and build OpenSSL according to the OpenSSL instructions for building on Windows. Currently the NTP build requires OpenSSL 0.9.7b as it looks for the path to that build for the include and libeay32.lib files. If you have a different version you will need to adjust both the preprocessor path and the link path to point to the correct locations of the include files and the lib file respectively.
+            
Unpack the NTP-4.x.tar.gz using utilities such as WinZip.
+            
Open the .\ports\winnt\ntp.dsw Visual C workspace
+            
Batch build all projects
+            
The built binaries can be found in the port\winnt\bin\Release subdirectory
+            
In addition you will need to install the OpenSSL libeay32.dll
+            
If you are shipping binaries in a kit it is strongly recommended that you ship this file (winnt.html) along with the binaries.
+        
+        Configuration File
+        The default NTP configuration file path is %SystemRoot%\system32\drivers\etc\. (%SystemRoot% is an environmental variable that can be determined by typing "set" at the "Command Prompt" or from the "System" icon in the "Control Panel").
+        Refer to your system environment and create your ntp.conf file in the directory corresponding to your system  installation. The older <WINDIR>\ntp.conf is still supported but you will get a log entry reporting that the first file wasn't found.
+        
Installation Instructions
+        The instsrv program in the instsrv subdirectory of the distribution can be used to install 'ntpd' as a service and start automatically at boot time. Instsrv is automatically compiled with the rest of the distribution if you followed the steps above.
+        
+            Start a command prompt and enter "instsrv.exe <pathname_for_ntpd.exe>"
+            
Clicking on the "Services" icon in the "Control Panel" will display the list of currently installed services in a dialog box. The NetworkTimeProtocol service should show up in this list. Select it in the list and hit the "Start" button in the dialog box. The NTP service should start.
+            
You can also stop and start the service by typing net start|stop NetworkTimeProtocol at the DOS prompt.
+            
View the event log by clicking on the "Event Viewer" icon in the "Administrative Tools" group, there should be several successful startup messages from NTP. NTP will keep running and restart automatically when the machine is rebooted.
+        
+        You can change the start mode (automatic/manual) and other startup parameters corresponding to the NTP service in the "Services" dialog box if you wish.
+        Removing NTP
+        You can also use instsrv to delete the NTP service by entering: >"instsrv.exe remove"
+        
Command Line Parameters and Registry Entries
+        Unlike the Unix environment, there is no clean way to run 'ntpdate' and reset the clock before starting 'ntpd' at boot time. NTP will step the clock up to 1000 seconds by default. While there is no reason that the system clock should be that much off during bootup if ntpd was running before, you may wish to override this default and/or pass other command line directives.
+        
Use the registry editor to edit the value for the ntpd executable under LocalMachine\System\CurrentControlSet\Services\NTP.
+        Add the -g option to the ImagePath key, behind "%INSTALLDIR>\ntpd.exe". This will force NTP to accept large time errors (including 1.1.1980 00:00)
+        Bug Reports
+        Send questions and bug reports to NTP Bug Reporting Procedures.
+        Change Log
+        Last revision 2 July 2003  Version 4.2.0
+        by Danny Mayer (mayer@ntp.org>)
+        Significant Changes:
+        This latest release of NTP constitutes a major upgrade to its ability to build and run on Windows platforms and should now build and run cleanly. More importantly it is now able to support all authentication in the same way as Unix boxes. This does require the usage of OpenSSL which is now a prerequisite for build on Windows. ntp-keygen is now supported and builds on Win32 platforms.
+        
Last revision 16 February 1999 Version 4.0.99e.
+        by Sven Dietrich (sven_dietrich@trimble.com)
+        pSignificant Changes:
+        
+            Perl 5 is no longer needed to compile NTP. The configuration script which creates version.c with the current date and time was modified by Frederick Czajka [w2k@austin.rr.com] so that Perl is no longer required.
+        
+        Last revision 15 November 1999  Version 4.0.98f.
+        by Sven Dietrich (sven_dietrich@trimble.com)
+        
ignificant Changes:
+        
+            Fixed I/O problem delaying packet responses which resulted in no-replys to NTPQ and others.
+            
The default configuration file path is <WINDIR>\system32\drivers\etc\ntp.conf. The old <WINDIR>\ntp.conf is still supported but you will get a log entry reporting that the first file wasn't found. The NTP 3.x legacy ntp.ini file is no longer supported.
+        
+        Known Problems / TODO:
+        
+            MD5 and name resolution do not yet get along. If you define MD5, you cannot use DNS names, only IP numbers.
+        
+        Last revision 27 July 1999  Version 4.0.95.
+		This version compiled under WINNT with Visual C 6.0 by Greg Brackley and Sven Dietrich. Significant changes:
+		
+            Visual Studio v6.0 support
+            
Winsock 2.0 support
+            
Use of I/O completion ports for sockets and comm port I/O
+            
Removed the use of multimedia timers (from ntpd, others need removing)
+            
Use of waitable timers (with user mode APC) and performance counters to fake getting a better time
+            
Trimble Palisade NTP Reference Clock support
+            
General cleanup, prototyping of functions
+            
Moved receiver buffer code to a separate module (removed unused members from the recvbuff struct)
+            
Moved io signal code to a separate module
+        
+		Last revision:  20-Oct-1996
+        This version corrects problems with building the XNTPversion 3.5-86 distribution under Windows NT. The following files were modified:
+      	
+            blddbg.bat
+            
bldrel.bat
+            
include\ntp_machine.h
+            
xntpd\ntp_unixclock.c
+            
xntpd\ntp_refclock.c
+            
scripts\wininstall\build.bat
+            
scripts\wininstall\setup.rul
+            
scripts\wininstall\readme.nt
+            
scripts\wininstall\distrib\ntpog.wri
+            
html\hints\winnt (this file)
+        
+        In order to build the entire Windows NT distribution you           need to modify the file scripts\wininstall\build.bat with the installation directory of the InstallShield software.  Then, simply type "bldrel" for non-debug or "blddbg" for debug executables.
+        Greg Schueman, 
+        	schueman@acm.org>
+        Last revision: 07-May-1996
+        This set of changes fixes all known bugs, and it includes

+        several major enhancements. Many changes have been made both to the build environment as well as the code.  There is no longer an ntp.mak file, instead there is a buildntall.bat file that will build the entire    release in one shot. The batch file requires Perl.  Perl is easily available from the NT Resource Kit or on the Net.
+        The multiple interface support was adapted from Larry Kahn's       work on the BIND NT port.  I have not been able to test it,      adequately as I only have NT servers with one network interfaces on which to test.
+        Enhancements:
+        
+            Event Logging now works correctly.
+            
Version numbers now work (requires Perl during build)
+            
Support for multiple network interface cards (untested)
+            
NTP.CONF now default, but supports ntp.ini if not found
+            
Installation procedure automated.
+            
All paths now allow environment variables such as %windir%
+        
+        Bug fixes
+        
+            INSTSRV replaced, works correctly
+            
Cleaned up many warnings
+            
Corrected use of an uninitialized variable in XNTPD
+            
Fixed ntpdate -b option
+            
Fixed ntpdate to accept names as well as IP addresses
+            (Winsock WSAStartup was called after a gethostbyname())
+            
Fixed problem with "longjmp" in xntpdc/ntpdc.c that  caused a software exception on doing a Control-C in xntpdc. A Cntrl-C now terminates the program.
+        
+        See below for more detail
+        Note: SIGINT is not supported for any Win32 application including; Windows NT and Windows 95. When a CTRL+C interrupt occurs, Win32 operating systems generate a new thread to specifically handle that interrupt. This can cause a single-thread application such as UNIX, to become multithreaded, resulting in unexpected behavior.
+        Possible enhancements and things left to do:
+        
+            Reference clock drivers for NT (at least Local Clock support)
+            
Control Panel Applet
+            
InstallShield based installation, like NT BIND has
+            
Integration with NT Performance Monitor
+            
SNMP integration
+            
Fully test multiple interface support
+        
+        Known problems:
+        
+            bug in ntptrace - if no Stratum 1 servers are available, such as on an IntraNet, the application crashes.
+         
+        Last revision: 12-Apr-1995
+		This NTPv3 distribution includes a sample configuration file and the project makefiles for WindowsNT 3.5 platform using Microsoft Visual C++ 2.0 compiler. Also included is a small routine to install the NTP daemon as a "service" on a WindowsNT box. Besides xntpd, the utilities that have been ported are ntpdate and xntpdc. The port to WindowsNT 3.5 has been tested using a Bancomm TimeServe2000 GPS receiver clock that acts as a stratum 1 NTP server with no authentication (it has not been tested with any refclock drivers compiled in).
+		
Following are the known flaws in this port
+		
+		Currently, I do not know of a way in NT to get information about multiple network interface cards. The current port uses just one socket bound to INADDR_ANY address. Therefore when dealing with a multihomed NT time server, clients should point to the default address on the server (otherwise the reply is not guaranteed to come from the same interface to which the request was sent). Working with Microsoft to get this resolved.
+		
There is some problem with "longjmp" in xntpdc/ntpdc.c that causes a software exception on doing a Control-C in xntpdc. Be patient!> 3) The error messages logged by xntpd currently contain only the numerical error code. Corresponding error message string has to be looked up in "Books Online" on Visual C++ 2.0 under the topic "Numerical List of Error Codes".
+		Last HTML Update: November 17, 1999
+		by Sven_Dietrich@Trimble.COM
+	
+
+
diff --git a/html/howto.html b/html/howto.html
index 3a1007fd82..40151bb476 100644
--- a/html/howto.html
+++ b/html/howto.html
@@ -13,10 +13,10 @@
 		How to Write a Reference Clock Driver
from Pogo, Walt KellyYou need a little magic.
-		Last update: 18:39 UTC Thursday, July 28, 2005
+		Last update: 16:02 UTC Wednesday, January 02, 2008

Related Links
-		
+		Table of Contents

 			Description
@@ -25,24 +25,30 @@
 		
Description
-		NTP reference clock support maintains the fiction that the clock is actually an ordinary peer in the NTP tradition, but operating at a synthetic stratum of zero. The entire suite of algorithms used to filter the received data, select the best clocks or peers and combine them to produce a system clock correction operate just like ordinary NTP peers. In this way, defective clocks can be detected and removed from the peer population. As no packets are exchanged with a reference clock; however, the transmit, receive and packet procedures are replaced with separate code to simulate them.
-		It is important to understand how the NTP clock driver interface works. The driver assumes three timescales: standard time maintained by a distant laboratory such as USNO or NIST, reference time maintained by the external radio and the system time maintained by NTP. The radio synchronizes reference time and frequency to standard time via radio, satellite or modem. As the transmission means may not always be reliable, most radios continue to provide clock updates for some time after signal loss using an internal reference oscillator. In such cases the radio may or may not reveal the time since last synchronized and/or the estimated time error.
-		All three timescales run only in Coordinated Universal Time (UTC), 24-hour format, and are not adjusted for local timezone or standard/daylight time. The local timezone, standard/daylight indicator and year, if provided, are ignored. However, it is important to determine whether a leap second is to be inserted in the UTC timescale in the near future so NTP can insert it in the system timescale at the appropriate epoch.
-		The NTP clock driver synchronizes the system time and frequency to the radio via serial or parallel port, PPS signal or other means. The driver routinely checks the radio timecode string or status indicators to determine whether it is operating correctly or not. If it is, the driver decodes the radio timecode in days, hours, minutes, seconds and nanoseconds and provides these data with the NTP receive timestamp corresponding to the on-time epoch of the timecode. The driver interface computes the difference between the timecode time and NTP timestamp and saves the difference in a circular buffer for later processing. Once each poll interval, usually 64 s, the driver provides ancillary data including leap bits and last reference time to the interface. The interface processes the circular buffer using a median/trimmed mean algorithm to extract the best estimate and provides this and the ancillary data to the clock filter as with ordinary NTP peers.
-		The audio drivers are designed to look like a typical external radio in that the reference oscillator is derived from the audio codec oscillator and separate from the system clock oscillator. In the WWV and IRIG drivers, the codec oscillator is disciplined in frequency to the standard timescale via radio or local sources and can be assumed to have the same reliability and accuracy as an external radio. In these cases the driver continues to provide updates to the clock filter even if the WWV or IRIG signals are lost. However, the interface is provided the last reference time when the signals were received and increases the dispersion as expected with an ordinary peer.
-		The best way to understand how the clock drivers work is to study the ntp_refclock.c module and one of the drivers already implemented, such as refclock_wwvb.c. Routines refclock_transmit() and refclock_receive() maintain the peer variables in a state analogous to a network peer and pass received data on through the clock filters. Routines refclock_peer() and refclock_unpeer() initialize and terminate reference clock associations, should this ever be necessary. A set of utility routines is included to open serial devices, process sample data, edit input lines to extract embedded timestamps and to perform various debugging functions.
-		The main interface used by these routines is the refclockproc structure, which contains for most drivers the decimal equivalents of the year, day, month, hour, second and nanosecond decoded from the radio timecode. Additional information includes the receive timestamp, reference timestamp, exception reports, statistics tallies, etc. The support routines are passed a pointer to the peer structure, which is used for all peer-specific processing and contains a pointer to the refclockproc structure, which in turn contains a pointer to the unit structure, if used. For legacy purposes, a table typeunit[type][unit] contains the peer structure pointer for each configured clock type and unit. This structure should not be used for new implementations.
-		The reference clock interface supports auxiliary functions to support in-stream timestamping, pulse-per-second (PPS) interfacing and precision time kernel support. In most cases the drivers do not need to be aware of them, since they are detected at autoconfigure time and loaded automatically when the device is opened. These include the tty_clk STREAMS module and ppsapi PPS interface described in the Line Disciplines and Streams Modules page. The tty_clk module reduces latency errors due to the operating system and serial port code in slower systems. The ppsapi PPS interface replaces the ppsclock STREAMS module and is expected to become the IETF standard cross-platform interface for PPS signals. In either case, the PPS signal can be connected via a level converter/pulse generator described in the Pulse-per-second (PPS) Signal Interfacing page.
-		Radio and modem reference clocks by convention have addresses in the form 127.127.t.u, where t is the clock type and u in the range 0-3 is used to distinguish multiple instances of clocks of the same type. Most clocks require a serial or parallel port or special bus peripheral. The particular device is normally specified by adding a soft link /dev/devicedd to the particular hardware device involved, where d corresponds to the unit number.
-		By convention, reference clock drivers are named in the form refclock_xxxx.c, where xxxx is a unique string. Each driver is assigned a unique type number, long-form driver name, short-form driver name and device name. The existing assignments are in the Reference Clock Drivers page and its dependencies. All drivers supported by the particular hardware and operating system are automatically detected in the autoconfigure phase and conditionally compiled. They are configured when the daemon is started according to the configuration file, as described in the Configuration Options page.
-		The standard clock driver interface includes a set of common support routines some of which do such things as start and stop the device, open the serial port, and establish special functions such as PPS signal support. Other routines read and write data to the device and process time values. Most drivers need only a little customizing code to, for instance, transform idiosyncratic timecode formats to standard form, poll the device as necessary, and handle exception conditions. A standard interface is available for remote debugging and monitoring programs, such as ntpq and ntpdc, as well as the filegen facility, which can be used to record device status on a continuous basis.
-		The general organization of a typical clock driver includes a receive-interrupt routine to read a timecode from the I/O buffer and convert to internal format, generally in days, hours, minutes, seconds and fraction. Some timecode formats include provisions for leap-second warning and determine the clock hardware and software health. The interrupt routine then calls refclock_process() with these data and the timestamp captured at the on-time character of the timecode. This routine saves each sample as received in a circular buffer, which can store from a few up to 60 samples, in cases where the timecodes arrive one per second.
-		The refclock_transmit() routine in the interface is called by the system at intervals defined by the poll interval in the peer structure, generally 64 s. This routine in turn calls the transmit poll routine in the driver. In the intended design, the driver calls the refclock_receive() to process the offset samples that have accumulated since the last poll and produce the final offset and variance. The samples are processed by recursively discarding median outlyers until about 60 percent of samples remain, then averaging the surviving samples. When a reference clock must be explicitly polled to produce a timecode, the driver can reset the poll interval so that the poll routine is called a specified number of times at 1-s intervals.
-		The interface code and this documentation have been developed over some time and required not a little hard work converting old drivers, etc. Should you find success writing a driver for a new radio or modem service, please consider contributing it to the common good. Send the driver file itself and patches for the other files to Dave Mills (mills@udel.edu).
+		NTP reference clock support maintains the fiction that the clock is actually an ordinary server in the NTP tradition, but operating at a synthetic stratum of zero. The entire suite of algorithms filter the received data and select the best sources to correct the system clock. No packets are exchanged with a reference clock; however, the transmit, receive and packet procedures are replaced with code to simulate them.
+		The driver assumes three timescales: standard time maintained by a distant laboratory such as USNO or NIST, reference time maintained by the external radio and the system time maintained by NTP. The radio synchronizes reference time via radio, satellite or modem. As the transmission means may not always be reliable, most radios continue to provide clock updates for some time after signal loss using an internal reference oscillator. In such cases the radio may or may not reveal the time since last synchronized or the estimated time error.
+		All three timescales run only in Coordinated Universal Time (UTC) and are not adjusted for local timezone or standard/daylight time. The local timezone, standard/daylight indicator and year, if provided, are ignored. However, it is important to determine whether a leap second is to be inserted in the UTC timescale in the near future so NTP can insert it in the system timescale at the appropriate epoch.
+		The interface routines in the ntp_refclock.c source file call the following driver routines via a transfer vector:
+		
+			startup
+			
The association has just been mobilized. The driver may open the device(s) required.
+			
shutdown
+			
The association is about to be demobilized. The driver should close all device(s) and free all structures.
+			
receive
+			
A timecode string is ready for retrieval using the refclock_gtlin() or refclock_gtraw() routines.
+			
poll
+			
Called at poll timeout, by default 64 s.
+			
timer
+			
Called once per second.
+		The receive routine retrieves a timecode string via serial or parallel port, PPS signal or other means. It decodes the timecode in days, hours, minutes, seconds and nanoseconds and checks for errors. It provides these data along with the on-time timestamp to the interface routine refclock_process(), which saves the computed offset in a 60-sample circular buffer. On occasion, either by timeout, sample count or call to the poll routine, the driver routine calls refclock_receive() to average the samples and update the system clock.
+		The best way to understand how the clock drivers work is to study one of the drivers already implemented, such as refclock_wwvb.c. The main interface is the refclockproc structure, which contains for most drivers the decoded timecode, on0time timestamp, reference timestamp, exception reports, statistics tallies, etc. The support routines are passed a pointer to the peer structure, which contains a pointer to the refclockproc structure, which in turn contains a pointer to the unit structure, if used. For legacy purposes, a table typeunit[type][unit] contains the peer structure pointer for each configured clock type and unit. This structure should not be used for new implementations.
+		Radio and modem reference clocks by convention have addresses of the form 127.127.t.u, where t is the clock type and u in the range 0-3 is used to distinguish multiple instances of clocks of the same type. Most clocks require a serial or parallel port or special bus peripheral. The particular device is normally specified by adding a soft link /dev/deviceu to the particular hardware device.
+		By convention, reference clock drivers are named in the form refclock_xxxx.c, where xxxx is a unique string. Each driver is assigned a unique type number, long-form driver name, short-form driver name and device name. The existing assignments are in the Reference Clock Drivers page and its dependencies. All drivers supported by the particular hardware and operating system are automatically detected in the autoconfigure phase and conditionally compiled.
Conventions, Fudge Factors and Flags
-		Most drivers support manual or automatic calibration for systematic offset bias using values encoded in the fudge configuration command. By convention, the time1 value defines the calibration offset in seconds. For those drivers that support statistics collection using the filegen utility and the clockstats file, the flag4 switch enables the utility. When a PPS signal is available, a special automatic calibration facility is provided. If the flag1 switch is set and the PPS signal is actively disciplining the system time, the calibration value is automatically adjusted to maintain a residual offset of zero. Should the PPS signal or the prefer peer fail, the adjustment is frozen and the remaining drivers continue to discipline the system clock with a minimum of residual error.
+		Most drivers support manual or automatic calibration for systematic offset bias using values encoded in the fudge configuration command. By convention, the time1 value defines the calibration offset in seconds. For those drivers that support statistics collection using the filegen utility and the clockstats file, the flag4 switch enables the utility.
+		If the calibration feature has been enabled, the flag1 switch is set and the PPS signal is actively disciplining the system time, the time1 value is automatically adjusted to maintain a residual offset of zero. Once the its value has stabilized, the value can be inserted in the configuration file and the calibration feature disabled.
Files Which Need to be Changed
-		A new reference clock implementation needs to supply, in addition to the driver itself, several changes to existing files.
+		When a new reference clock driver is installed, the following files need to be edited. Note that changes are also necessary to properly integrate the driver in the configuration and makefile scripts, but these are decidedly beyond the scope of this page.

 			./include/ntp.h
 			
The reference clock type defines are used in many places. Each driver is assigned a unique type number. Unused numbers are clearly marked in the list. A unique REFCLK_xxxx identification code should be recorded in the list opposite its assigned type number.
@@ -52,28 +58,7 @@
 			
The clocktypes array is used for certain control message displays functions. It should be initialized with the reference clock class assigned to the driver, as per the NTP specification RFC-1305. See the ./include/ntp_control.h header file for the assigned classes.
 			
./ntpd/refclock_conf.c
 			
This file contains a list of external structure definitions which are conditionally defined. A new set of entries should be installed similar to those already in the table. The refclock_conf array is a set of pointers to transfer vectors in the individual drivers. The external name of the transfer vector should be initialized in correspondence with the type number.
-			
./configure.in
-			
This is a configuration file used by the autoconfigure scheme. Add lines similar to the following:
-				-  AC_MSG_CHECKING(FOO clock_description)
-  AC_ARG_ENABLE(FOO,
-      AC_HELP_STRING([--enable-FOO], [x clock_description]),
-      [ntp_ok=$enableval], [ntp_ok=$ntp_eac])
-  if test "$ntp_ok" = "yes"; then
-      ntp_refclock=yes
-      AC_DEFINE(CLOCK_FOO, 1, [Foo clock?])
-  fi
-  AC_MSG_RESULT($ntp_ok)
-
-			
(Note that $ntp_eac is the value from --{dis,en}able-all-clocks for non-PARSE clocks and $ntp_eacp is the value from --{dis,en}able-parse-clocks for PARSE clocks. See the documentation on the autoconf and automake tools from the GNU distributions.)
-			
./ntpd/Makefile.am
-			
This is the makefile prototype used by the autoconfigure scheme. Add the driver file name to the entries already in the ntpd_SOURCES list.
-			
Do the following sequence of commands:
-				-  autoreconf
-  configure
-
-			
or simply run make, which will do this command sequence automatically.
+			
 		
Interface Routine Overview

@@ -83,21 +68,15 @@
 			This routine is used to shut down a clock and return its resources to the system.
 			
refclock_transmit - simulate the transmit procedure
 			
This routine implements the NTP transmit procedure for a reference clock. This provides a mechanism to call the driver at the NTP poll interval, as well as provides a reachability mechanism to detect a broken radio or other madness.
-			
refclock_sample - process a pile of samples from the clock
-			
This routine converts the timecode in the form days, hours, minutes, seconds, milliseconds/microseconds to internal timestamp format. It then calculates the difference from the receive timestamp and assembles the samples in a shift register. It implements a recursive median filter to suppress spikes in the data, as well as determine a rough dispersion estimate. A configuration constant time adjustment fudgetime1 can be added to the final offset to compensate for various systematic errors. The routine returns one if success and zero if failure due to invalid timecode data or very noisy offsets.
-			
Note that no provision is included for the year, as provided by some (but not all) radio clocks. Ordinarily, the year is implicit in the Unix file system and hardware/software clock support, so this is ordinarily not a problem. Nevertheless, the absence of the year should be considered more a bug than a feature and may be supported in future.
+			
refclock_process - insert a sample in the circular buffer
+			
This routine saves the offset computed from the on-time timestamp and the days, hours, minutes, seconds and nanoseconds in the circular buffer. Note that no provision is included for the year, as provided by some (but not all) radio clocks. Ordinarily, the year is implicit in the Unix file system and hardware/software clock support, so this is ordinarily not a problem.
 			
refclock_receive - simulate the receive and packet procedures
+			
 			
This routine simulates the NTP receive and packet procedures for a reference clock. This provides a mechanism in which the ordinary NTP filter, selection and combining algorithms can be used to suppress misbehaving radios and to mitigate between them when more than one is available for backup.
-			
refclock_gtlin - groom next input line and extract timestamp
-			
This routine processes the timecode received from the clock and removes the parity bit and control characters. If a timestamp is present in the timecode, as produced by the tty_clk line discipline/streams module, it returns that as the timestamp; otherwise, it returns the buffer timestamp. The routine return code is the number of characters in the line.
-			
refclock_open - open serial port for reference clock
-			
This routine opens a serial port for I/O and sets default options. It returns the file descriptor if success and zero if failure.
+			
refclock_gtraw, refclock_gtlin - read the buffer and on-time
These routines return the data received from the clock and the on-time timestamp. The refclock_gtraw routine returns a batch of one or more characters returned by the Unix terminal routines in raw mode. The refclock_gtlin routine removes the parity bit and control characters and returns all the characters up to and including the line terminator. Either routine returns the number of characters delivered.
refclock_open - open a serial port for reference clock
This routine opens a serial port for I/O and sets default options. It returns the file descriptor if success and zero if failure.
 			
refclock_ioctl - set serial port control functions
-			
This routine attempts to hide the internal, system-specific details of serial ports. It can handle POSIX (termios), SYSV (termio) and BSD (sgtty) interfaces with varying degrees of success. The routine sets up the tty_clk, chu_clk and ppsclock streams module/line discipline, if compiled in the daemon and requested in the call. The routine returns one if success and zero if failure.
-			
refclock_control - set and/or return clock values
-			
This routine is used mainly for debugging. It returns designated values from the interface structure that can be displayed using ntpdc and the clockstat command. It can also be used to initialize configuration variables, such as fudgetimes, fudgevalues, reference ID and stratum.
-			
refclock_buginfo - return debugging info
-			
This routine is used mainly for debugging. It returns designated values from the interface structure that can be displayed using ntpdc and the clkbug command.
+			
+			
This routine attempts to hide the internal, system-specific details of serial ports. It can handle POSIX (termios), SYSV (termio) and BSD (sgtty) interfaces with varying degrees of success. The routine returns one if success and zero if failure.
 		

diff --git a/html/index.html b/html/index.html
index 5cf6f22a39..23a6b53378 100644
--- a/html/index.html
+++ b/html/index.html
@@ -13,84 +13,46 @@
 		The Network Time Protocol (NTP) Distribution
 		P.T. Bridgeport Bear; from Pogo, Walt Kelly
 		Pleased to meet you.
-		Last update: 14:06 UTC Wednesday, October 31, 2007
+		Last update: 21:11 UTC Saturday, January 19, 2008
+		Note: These pages are being updated and may appear a little scruffy for awhile.
 		

 		Related Links
-		
-		

+		A list of all links is on the Site Map page.
+		
 		Table of Contents
 		
 			Introduction
 			
Building and Installing NTP
 			
Configuring Clients and Servers
-			
Program Manual Pages
-			
Supporting Documentation
-			
Background Information
-			
Application Notes
-		
+			Features and Options
+			
Resolving Problems
+			
Further Information
+	
 		
 		Introduction
-		Note: The software contained in this distribution is available without charge under the conditions set forth in the Copyright Notice.
-		The Network Time Protocol (NTP) is used to synchronize the time of a computer client or server to another server or reference time source, such as a radio or satellite receiver or modem. It provides accuracies typically less than a millisecond on LANs and up to a few milliseconds on WANs relative to a Global Positioning Service (GPS) receiver, for example. Typical NTP configurations utilize multiple redundant servers and diverse network paths in order to achieve high accuracy and reliability.
-		This software release implements NTP Version 4 (NTPv4), but is in general backwards compatible with previous versions except NTP Version 1, support for which is no longer viable. NTPv4 includes support for both symmetric key and public key cryptography to prevent accidental or malicious protocol attacks, as well as automatic server discovery using IP multicast means. This release includes full support for the IPv6 address family, where the operating system supports it, as well as the IPv4 address family. Either or both families can be used at the same time on the same machine.
-		Background information on computer network time synchronization can be found on the Executive Summary - Computer Network Time Synchronization page. Discussion on protocol conformance issues and interoperability with previous NTP versions can be found on the NTP Version 4 Release Notes page. Discussion on how NTP reckons the time can be found on the NTP Timescale and Leap Seconds page. Background information, bibliography and briefing slides suitable for presentations can be found on the Network Time Synchronization Project page. Additional information can be found at the NTP web site www.ntp.org. Bugs can be reported here.
+		Note: The NTP Version 4 software contained in this distribution is available without charge under the conditions set forth in the Copyright Notice.
+		
+		It is very important that readers understand that the NTP document collection began 25 years ago and remains today a work in progress. It has evolved as new features were invented and old features retired. It has been widely copied, cached and morphed to other formats, including man pages, with varying loss of fidelity. However, these HTML pages are the ONLY authoritative and definitive reference. Readers should always use the collection that comes with the distribution they use. A copy of the online collection at www.ntp.org is normally included in the most recent snapshot, but might not agree with an earlier snapshot or release version.
+		The Network Time Protocol (NTP) is widely used to synchronize a computer to Internet time servers or other sources, such as a radio or satellite receiver or telephone modem service. It provides accuracies typically less than a millisecond on LANs and up to a few milliseconds on WANs. Typical NTP configurations utilize multiple redundant servers and diverse network paths in order to achieve high accuracy and reliability.
+		NTP time synchronization services are widely available in the public Internet. The public NTP subnet in early 2008 includes several thousand  servers in most countries and on every continent of the globe, including Antarctica. These servers support a total population estimated at over 25 million computers in the global Internet.
+		The NTP subnet operates with a hierarchy of levels, where each level is assigned a number called the stratum. Stratum 1 (primary) servers at the lowest level are directly synchronized to national time services. Stratum 2 (secondary) servers at the next higher level are synchronize to stratum 1 servers and so on. Normally, NTP clients and servers with a relatively small number of clients do not synchronize to public primary servers. There are several hundred public secondary servers operating at higher strata and are the preferred choice. 
+		Background information on computer network time synchronization is on the Executive Summary - Computer Network Time Synchronization page. Discussion on new features and interoperability with previous NTP versions is on the NTP Version 4 Release Notes page. Background information, bibliography and briefing slides suitable for presentations are on the Network Time Synchronization Research Project page. Additional information is at the NTP web site www.ntp.org.
 		Building and Installing NTP
-		NTP supports Unix and Windows (XP, NT4 and 2000) systems. The Building and Installing the Distribution page presents an overview of the procedures for compiling the distribution and installing it on a typical client or server. The build procedures inspect the system hardware and software environment and automatically select the appropriate options for that environment. While these procedures work with most computers and operating systems marketed today, exceptions requiring manual intervention do exist, as documented on the Configuration Options and Release Notes pages.
-		Bringing up a NTP primary server requires a radio or satellite receiver or modem. The distribution includes hardware drivers for over 40 radio and satellite receivers and modem services in both the US and Europe. A list of supported drivers is given on the Reference Clock Drivers page. It is also possible to use an otherwise undisciplined machine as a primary or backup server, as described on the Undisciplined Local Clock page. For most popular workstations marketed by Sun, Silicon Graphics and Hewlett Packard, as well as widely available Unix clones such as FreeBSD and Linux, the automatic build procedures select all drivers that run on the target machine. While this increases the size of the executable binary somewhat, individual drivers can be included or excluded using the configure utility documented in the Configuration Options page.
-		Some programs included in this distribution use cryptographic algorithms to verify authenticity and credentials. Where local security policy permits relatively weak symmetric key cryptography, the required software is included in this distribution. However, where local policy requires stronger public key cryptography, additional software not in this distribution is required. This distribution uses the OpenSSL library available from http://www.openssl.org. This library is also used by the Secure Shell facility, so is often already installed on Unix workstations and servers. It includes support for most message digest and digital signature algorithms used in the industry, as well as X.509 certificate generation, signing and verification.
-		While public key cryptography is optional but highly recommended for all NTP operations, it is required for the NTPv4 Autokey protocol described on the Autonomous Authentication page and is an integral component of the generic automatic configuration scheme described on the Autonomous Configuration page. In addition, access can be restricted in various ways described on the Access Control Options page.
+		NTP supports Unix, VMS and Windows (Vista, XP, NT4 and 2000) systems. The Building and Installing the Distribution page details the procedures for building and installing on a typical system. This distribution includes drivers for 44 radio and satellite receivers and telephone modem services in the US, Canada and Europe. A list of supported drivers is on the Reference Clock Drivers page. The default build includes the debugging options and all drivers that run on the target machine; however, options and drivers can be included or excluded using options on the Configuration Options page.
 		Configuring Clients and Servers
-		NTP is by its very nature a complex distributed network application and can be configured and used for a great many widely divergent timekeeping scenarios. The documentation presented on these pages attempts to cover the entire suite of configuration, operation and maintenance facilities which this distribution supports. However, most applications will need only a few of these facilities. If this is the case, the Quick Start page may be useful to get a simple workstation on the air with an existing server.
-		However, in order to participate in the existing NTP synchronization subnet and obtain accurate, reliable time, it is usually necessary to construct an appropriate configuration file, commonly called ntp.conf, which establishes the servers and/or external receivers or modems to be used by this particular machine. Directions for constructing this file are in the Notes on Configuring NTP and Setting up a NTP Subnet page. However, in many common cases involving simple network topologies and workstations, the configuration data can be specified entirely on the command line for the ntpd - Network Time Protocol (NTP) daemon.
-		The most important factor in providing accurate, reliable time is the selection of modes and servers to be used in the configuration file. A discussion on the available modes is on the Association Management page. NTP support for one or more computers is normally engineered as part of the existing public NTP synchronization subnet. The public subnet consists of a multiply redundant hierarchy of servers and clients, with each level in the hierarchy identified by stratum number. Primary servers operate at stratum one and provide synchronization to secondary servers operating at stratum two and so on to higher strata. In this hierarchy, clients are simply servers that have no dependents.
-		Configuring a corporate or campus NTP subnet can be an engineering challenge. NTP contains many features designed to survive system and network failures, software bugs, clock errors and hacker attacks. Surviving these hazards requires intricate design of the timekeeping network using good principles of server redundancy and path diversity. The Manycast mode, new to NTPv4, is designed to track the current server and network states and adjust the client/server configuration for the best available accuracy and reliability. More information on the Manycast mode is on the Athentication Options and Automatic NTP Configuration Options pages.
-		The NTP subnet in 2007 includes several hundred public primary (stratum 1) servers synchronized directly to UTC by radio, satellite or modem and located in every continent of the globe, including Antarctica. Normally, client workstations and servers with a relatively small number of clients do not synchronize to primary servers. There are several hundred public secondary (stratum 2) servers synchronized to the primary servers and providing synchronization to a total population estimated at over 25 million clients and servers in the public Internet. The current lists are maintained on the Information on Time and Frequency Services page, which is updated frequently. There are thousands upon thousands of private primary and secondary servers not normally available to the public, many hiding behind firewalls. Clients are strongly discouraged to use these servers, since they sometimes hide in little ghettos behind dinky links to the outside world and unwanted traffic can bring up expensive ISDN lines, causing much grief and frustration. There are defensive means described on the Access Control Options page, including the Kiss-of-Death packet.
+		NTP is by its very nature a complex distributed network application and can be configured for widely divergent timekeeping scenarios. The documentation on these pages attempts to cover the entire suite of configuration, operation and maintenance features which this distribution supports. However, most applications will need only a few of these features. The Quick Start page may be useful to get a simple workstation on the air with existing servers.
+		The most important factor in providing accurate, reliable time is the selection of modes and servers in the configuration file. A discussion on the available modes is on the Association Management page. The current public server list is maintained at the www.ntp.org web site. In many cases the configuration can be automated using the schemes described on the Automatic Server Discovery Schemes page.
+		Features and Options
+		This distribution includes a statistics data recording facility which can record performance statistics and events of various types for retrospective analysis. These include time and frequency statistics, significant events and usage statistics described on the Monitoring Options page.
+		Some programs included in this distribution use cryptographic algorithms to verify server authenticity. Where local security policy permits relatively weak symmetric key cryptography, the required software is included in this distribution. Where local policy requires stronger public key cryptography, the OpenSSL library available from http://www.openssl.org is required. This library is also used by the Secure Shell facility, so is often already installed. NTP public key cryptography is described on the Authentication Options page.
+		This distribution includes features that can restrict access in various ways as described on the Access Control Options page. This can be used to deny service if not authenticated, deny service requiring persistent resources or deny service altogether.
+		This distribution includes a simulation framework in which substantially all the runtime NTP operations and most features can be tested and evaluated. This has been very useful in exploring invitro response to unusal circumstances or over time periods impractical invivo. Details are on the Network Time Protocol (NTP) Simulator page.
 		Resolving Problems
-		Like other things Internet, the NTP synchronization subnets tend to be large and devilishly intricate, with many opportunities for misconfiguration and network problems. The NTP engineering model is specifically designed to help isolate and repair such problems using an integrated management protocol, together with a suite of monitoring and debugging tools. There is an optional statistics data recording facility which can be used to record normal and aberrant operation, log problems to the system log facility, and retain records of client access. The NTP Debugging Techniques and Hints and Kinks pages contain useful information for identifying problems and devising solutions. In extreme cases, problems can be detected through the use of the ntpdsim - Network Time Protocol (NTP) simulator included in this software distribution.
-		Users are requested to report bugs, offer suggestions and contribute additions to this distribution. The Patching Procedures page suggests procedures which greatly simplify distribution updates, while the Porting Hints page suggest ways to make porting this code to new hardware and operating systems easier. Additional information on reference clock driver construction and debugging can be found in the Debugging Hints for Reference Clock Drivers page.
-		Program Manual Pages
-		
-			ntpd - Network Time Protocol (NTP) daemon
-			
ntpq - standard NTP query program
-			
ntpdc - special NTP query program
-			
ntpdate - set the date and time via NTP
-			
ntptrace - trace a chain of NTP servers back to the primary source
-			
tickadj - set time-related kernel variables
-			
ntptime - read kernel time variables
-			
ntp-keygen - generate public and private keys
-			
ntpdsim - Network Time Protocol (NTP) simulator
-		
-		Supporting Documentation
-		
-			Copyright Notice
-			
Notes on Configuring NTP and Setting up a NTP Subnet
-			
NTP Version 4 Release Notes
-			
Building and Installing the Distribution
-			
Configuration Options
-			
Reference Clock Drivers
-			
NTP Debugging Techniques
-			
Debugging Reference Clock Drivers
-			
ntpd System Log Messages
-			
Patching Procedures
-			
Hints and Kinks
-			
Porting Hints
-		
-		Background Information
-		
-			NTP Project and Reference Library
-			
Executive Summary - Computer Network Time Synchronization
-			
The Network Time Protocol Timescale and Era Numbering
-			
NTP Timescale and Leap Seconds
-			
Protocol Conformance Statement
-		
-		Application Notes
-		
-			Mitigation Rules and the prefer Keyword
-			
Association Management
-			
Pulse-per-second (PPS) Signal Interfacing
-			
Time and Time Interval Measurement with Application to Computer and Network Performance Evaluation
-			
Kernel Model for Precision Timekeeping
-		
+		Like other things in modern Internet life, NTP problems can be devilishly intricate. This distribution includes a number of utilities designed to identify and repair problems using an integrated management protocol supported by the ntpq utility program In addition, the ntpdc utility program can be useful in some cases.
+		The NTP Debugging Techniques and Hints and Kinks pages contain useful information for identifying problems and devising solutions. Additional information on reference clock driver construction and debugging is in the Debugging Hints for Reference Clock Drivers page.
+		Users are invited to report bugs and offer suggestions via the NTP Bug Reporting Procedures page.
+		Further Information
+		The Site Map page contains a list of document collections arranged by topic. The Program Manual Pages collection may be the best place to start, followed by the Configuration Commands and Options collection. A great wealth of additional information is available via the External Links collection, including a book and numerous background papers and briefing presentations.
 		
 		
 			
diff --git a/html/kern.html b/html/kern.html
index cc23504cc3..3187d2fa18 100644
--- a/html/kern.html
+++ b/html/kern.html
@@ -13,14 +13,13 @@
 		Kernel Model for Precision Timekeeping
 		 from Pogo, Walt Kelly
 		Alice touched the kernel and it exploded.
-		Last update: 18:40 UTC Thursday, July 28, 2005
+		Last update: 19:25 UTC Tuesday, January 01, 2008
 		

 		Related Links
-		
+		
 		
-		The technical report [2], which is a major revision and update of RFC-1589 [3], describes an engineering model for a precision time-of-day function for a generic operating system. The model is based on the principles of disciplined oscillators using phase-lock loops (PLL) and frequency-lock loops (FLL) often found in the engineering literature. The model uses a hybrid PLL/FLL discipline algorithm implemented in the kernel. The algorithm, which is very similar to the algorithm implemented in the NTP daemon, provides automatic time and frequency steering with update intervals from a few seconds to tens of minutes.
-		The hybrid PLL/FLL code described in [2] is included in Solaris and Digital/Compaq/HP Tru64. It includes two system calls ntp_gettime() and ntp_adjtime() and can discipline the system clock with microsecond resolution. However, newer hardware and kernels with the same system calls can discipline the clock with nanosecond resolution. The new code described in [1] is available for Linux, FreeBSD, SunOS and Tru64; however, only the Linux and FreeBSD implementations, which do not include licensed code, are readily available. The software and documentation, including a simulator used to verify correct behavior, but not involving licensed code, is available at nanokernel.tar.gz.
-		The model also changes the way the system clock is adjusted in time and frequency relative to an external precision timing source, such as described in the Pulse-per-second (PPS) Signal Interfacing page. The NTP software daemon uses the PPS to provide synchronization limited in principle only by the accuracy and stability of the external timing source.
+		The technical report [2], which is a revision and update of an earlier report [3], describes an engineering model for a precision clock discipline function for a generic operating system. The model is the same hybrid phase/frequecy-lock feedback loop used by ntpd, but implemented in the kernel. The code described in [2] is included in Solaris and Digital/Compaq/HP Tru64. It provides two system calls ntp_gettime() and ntp_adjtime() and can discipline the system clock with microsecond resolution. However, newer hardware and kernels with the same system calls can discipline the clock with nanosecond resolution. The new code described in [1] is in FreeBSD and is an option for Linux, SunOS and Tru64; however, of the options, only the Linux implementation, which does not include licensed code, is readily available. The software and documentation, including a simulator used to verify correct behavior, but not involving licensed code, is available from nanokernel.tar.gz.
+		The kernel model also provides support for an external precision timing source, such as described in the Pulse-per-second (PPS) Signal Interfacing page. The new system calls are used by the PPSAPI interface and in turn by the PPS Clock Discipline driver (type 22) to provide synchronization limited in principle only by the accuracy and stability of the external timing source.
 		References
 		
 			Mills, D.L., and P.-H. Kamp. The nanokernel. Proc. Precision Time and Time Interval (PTTI) Applications and Planning Meeting (Reston VA, November 2000). Paper: PostScript | PDF, Slides: HTML | PostScript | PDF | PowerPoint
diff --git a/html/kernpps.html b/html/kernpps.html
new file mode 100644
index 0000000000..7db03ee9d2
--- /dev/null
+++ b/html/kernpps.html
@@ -0,0 +1,47 @@
+
+
+
+
+	
+		
+		PPSAPI Interface for Precision Time Signals
+		
+	
+
+	
+		PPSAPI Interface for Precision Time Signals
+		Related Links
+		
+			
+			

+		
+		
+		Introduction
+		RFC-2783 describes the PPSAPI application programming interface for external precision time signals, such as the pulse-per-second (PPS) signal generated by some radio clocks and cesium oscillators. The PPSAPI provides a generic capability in the ubiquitous Unix kernel which can be used for a wide variety of measurement applications, including network time synchronization and related experiments. The hardware to do this requires only a serial port and a modem control lead, such as the data carrier detect (DCD) lead, which can be driven by an external source via a level converter/pulse generator such as described on the Pulse-per-second (PPS) Signal Interfacing page. In some systems a parallel port can be used for the same purpose.
+		The PPSAPI interface defined in RFC-2783 is the only PPS interface supported in NTP Version 4. The PPSAPI is supported in stock FreeBSD and, with the addition of the PPSkit kernel module, in Linux.
+		The special header file /usr/include/sys/timepps.h implements the PPSAPI using whatever primitives are available in each archeticture and operating system. It obsoletes previous APIs based on the tty_clock and ppsclock line disciplines and streams modules, which are no longer supported.
+		The PPS Clock Discipline driver (type 22) uses the PPSAPI in conjunction with a local radio clock or remote NTP server as a reference clock. The driver can also use the PPSAPI as an interface directly to the kernel PPS facility as described on the Kernel Model for Precision Timekeeping page.
+		PPSAPI Application Program Interface
+		The PPSAPI interface provides the following functions:
+		
+			time_pps_create
+			
Creates a PPS interface instance and returns a handle to it.
+			
time_pps_destroy
+			
Destroys a PPS interface and returns the resources used.
+			
time_pps_setparams
+			
Sets the parameters associated with a PPS interface instance, including offsets to be automatically added to captured timestamps.
+			
time_pps_getparams
+			
Returns the parameters associated with a PPS interface instance.
+			
time_pps_getcap
+			
Returns the capabilities of the current interface and kernel implementation.
+			
time_pps_fetch
+			
Returns the current timestamps associated with a PPS interface instance in either nanoseconds and nanoseconds (Unix timespec) or seconds and fraction (NTP) format.
+			
time_pps_kcbind
+			
If kernel PPS processing is supported, this binds the support to the associated PPS interface instance.
+		
+		The entire PPS interface functionality is currently provided by inline code in the timepps.h header file. While not all implementations support the full PPSAPI specification, they do support all the functions required for the PPS driver described next. The FreeBSD, Linux and Solaris implementations can be used with the stock kernels provided with those systems; however, the Tru64 and SunOS kernels require additional functions not provided in the stock kernels. Solaris users are cautioned that these functions operate improperly in Solaris versions prior to 2.8 with patch Generic_108528-02. Header files for other systems can be found via the web at nanokernel.tar.gz.
+
			
+
+	
+
+
\ No newline at end of file
diff --git a/html/keygen.html b/html/keygen.html
index d581764191..701dcd0afb 100644
--- a/html/keygen.html
+++ b/html/keygen.html
@@ -13,10 +13,10 @@
 		ntp-keygen - generate public and private keys
 		from Alice's Adventures in Wonderland, Lewis Carroll
 		Alice holds the key.
-		Last update: 17:16 UTC Monday, September 17, 2007
+		Last update: 02:47 UTC Sunday, January 20, 2008
 		

 		Related Links
-		
+		
 		Table of Contents
 		
 			Synopsis
@@ -33,32 +33,24 @@
 		Synopsis
 		ntp-keygen [ -cdeMPT ] [ -c [RSA-MD2 | RSA-MD5 | RSA-SHA | RSA-SHA1 | RSA-MDC2 | RSA-RIPEMD160 | DSA-SHA | DSA-SHA1 ] ] [ -H } [ -i issuername ] [ -p passwd2 ] [ -q passwd1 ] [ -S [ RSA | DSA ] ] [ -s subjectame ] [ -V nkeys ]
 		Description
-		This program generates cryptographic data files used by the NTPv4 authentication and identity schemes. It generates MD5 keys used in symmetric key cryptography and, if the OpenSSL software library has been installed, it generates encryption keys, certificates and identity keys used in the Autokey public key cryptography. All files are in PEM-encoded printable ASCII format so they can be embedded as MIME attachments in mail to other sites and certificate authorities.
-		Generated files are compatible with other OpenSSL applications and other Public Key Infrastructure (PKI) resources. Certificates or certificate requests generated by this or other programs should be compatible with extant industry practice, although some users might find the interpretation of X509v3 extension fields somewhat liberal. However, the identity keys files are probably not compatible with anything other than Autokey.
-		Most files written by this program are encrypted using a private password. The -p passwd2 option specifies the write password and the -q passwd2 option the read password for previously encrypted files. If no read password is specified, the host name returned by the Unix gethostname() function is used. If no write password is specified, the read password is used as the write password.
-		The ntpd configuration command crypto pw passwd specifies the read password for previously encrypted files. This must match the write password used by this program. For convenience, if the ntpd password is not specified, the host name returned by the Unix gethostname() function is used. Thus, if files are generated by this program without password, they can be read back by ntpd without password, but only on the same host.
+		This program generates cryptographic data files used by the NTPv4 authentication and identity schemes. It generates MD5 keys used in symmetric key cryptography and, if the OpenSSL software library has been installed, it generates host keys, certificates and identity keys used in the Autokey public key cryptography. All files are in PEM-encoded printable ASCII format so they can be embedded as MIME attachments in mail to other sites and certificate authorities.
+		Generated files are compatible with other OpenSSL applications and other Public Key Infrastructure (PKI) resources. Certificates generated by this program should be compatible with extant industry practice, although some users might find the interpretation of X509v3 extension fields somewhat liberal. However, the identity keys are probably not compatible with anything other than Autokey.
+		Most files used by this program are encrypted using a private password. The -p option specifies the password for local files and the -q option the password for files to be sent to remote sites. If no local password is specified, the string returned by the Unix gethostname() function is used. If no remote password is specified, the local password is used.
+		The ntpd command crypto pw specifies the read password for previously encrypted files. This must match the local password used by this program. If not specified, the host name is used. Thus, if files are generated by this program without password, they can be read back by ntpd without password, but only on the same host.
 		All files and links are installed by default in the keys directory /usr/local/etc, which is normally in a shared filesystem in NFS-mounted networks. The location of the keys directory can be changed by the keysdir configuration command. Normally, encrypted  files for each host are generated by that host and used only by that host, although exceptions exist as noted later on this page.
-		This program directs commentary and error messages to the standard error stream stderr and some files to the standard output stream stdout where they can be piped to other aplications or redirected to a file. The names used for generated files and links all begin with the string ntpkey and include the file type, generating host and filestamp, as described in the Cryptographic Data Files section below
+		This program directs commentary and error messages to the standard error stream stderr and remote files to the standard output stream stdout where they can be piped to other aplications or redirected to a file. The names used for generated files and links all begin with the string ntpkey and include the file type, generating host and filestamp, as described in the Cryptographic Data Files section below
 		Running the Program
-		The safest way to run this program is log in as root and change to the keys directory, usually /usr/local/etc. When run for the first time, or if all files with names beginning ntpkey have been removed, use the ntp-keygen command without arguments to generate a default RSA host key file and matching RSA-MD5 certificate file. The file names and password default to the host name as described above. If run again with the same command line, the program uses the same host key file, but generates a new certificate file.
-		Run the command on as many hosts as necessary. Designate one of them as the trusted host (TH) using the -T option on the command line and configure it to synchronize via reliable paths. THs have trusted, self-signed certificates; all other hosts have nontrusted, self-signed certificates. Then configure the nontrusted hosts to synchronize to the TH directly or indirectly. A certificate trail is created by asking the immediately ascendant host towards the root to sign its certificate, which is then provided to the immediately descendant host on request. All group hosts should have acyclic certificate trails ending on the TH.
-		By default the name used in the subject and issuer fields in the certificate is the host name. A different name can be assigned using the -s host option on the command line, but the name must match the host name specified by the crypto configuration command.
-		The host key is used to encrypt the cookie when required and so must be RSA type. By default, the host key is also the sign key used to encrypt signatures. A different sign key file name can be assigned using the -S option and this can be either RSA or DSA type. By default, the message digest type is MD5, but any combination of sign key type and message digest type supported by the OpenSSL library can be specified.
+		To test and gain experience with Autokey concepts, log in as root and change to the keys directory, usually /usr/local/etc. When run for the first time, or if all files with names beginning ntpkey have been removed, use the ntp-keygen command without arguments to generate a default RSA host key and matching RSA-MD5 certificate with expiration date one year hence. If run again, the program uses the same host key, but generates a new certificate with new expiration date one year hence.
+		Run the command on as many hosts as necessary. Designate one of them as the trusted host (TH) using ntp-keygen  with the -T option and configure it to synchronize from reliable Internet servers. Then configure the other hosts to synchronize to the TH directly or indirectly. A certificate trail is created when Autokey asks the immediately ascendant host towards the root to sign its certificate, which is then provided to the immediately descendant host on request. All group hosts should have acyclic certificate trails ending on the TH.
+		The host key is used to encrypt the cookie when required and so must be RSA type. By default, the host key is also the sign key used to encrypt signatures. A different sign key can be assigned using the -S option and this can be either RSA or DSA type. By default, the message digest type is MD5, but any combination of sign key type and message digest type supported by the OpenSSL library can be specified using the -c option.
 		Trusted Hosts and Secure Groups
-		As described on the Authentication Options page, an NTP secure group consists of one or more low-stratum THs as the root from which all other group hosts derive synchronization directly or indirectly. For authentication purposes all THs in a group must have the same host and gtoup name; all other hosts have the same group name, but different host names. The host name and group name must match the names specified by the crypto configuratrion command. Host and group names are used only for authentication purposes and have nothing to do with DNS names.
-		It is convenient to nominate a single TH acting as a trusted authority (TA) to generate a set of files and links that are then copied intact to all other THs in the group, most conveniently as a tar archive. This means that it doesn't matter which certificate trail ends at which TH, since the cryptographic media are the same.
-		To generate and install cryptographic media files, The TA uses the
-		ntp-keygen -q passwd -s host -T
-		command to specify the password, host/group name and trusted certificate. For THs the host and group names are the same and must match the host and group names specified on the crypto configuration command. If run again with the same command line, the program uses the same host key file, but generates a new trusted certificate file. Group hosts other than the THs use the same command line, but with a different host name and without the -T option. On these hosts if the -s host option is missing, the host name is the default described above.
+		As described on the Authentication Options page, an NTP secure group consists of one or more low-stratum THs as the root from which all other group hosts derive synchronization directly or indirectly. For authentication purposes all hosts in a group must have the same group name specified by the -i option and matching the crypto ident command option. The group name is used in the subject and issuer fields of trusted certificates and when constructing the file names for identity keys. All hosts must have different host names specified by the -s option and matching the crypto host command option. Host names are used in the subject and issuer fields of nontrusted certificates and when constructing the file names for host and sign keys and certificats. Host and group names are used only for authentication purposes and have nothing to do with DNS names.
 		Identity Schemes
-		As described on the Authentication Options page, there are five identity schemes, three of which - IFF, GQ and MV - require files specific to each scheme and group. There are two files for each scheme, an encrypted keys file and a nonencrypted parameters file. THs need only the keys file; all the others need the parameters file. Other hosts expecting to support a client population also need the keys file; hosts acting only as clients need only the parameters file. Both files are generated by the TA on behalf of all servers and clients in the group.
-		The parameters files are public; they can be stored in a public place and sent in the clear. The keys files are encrypted with the host read password. To retrieve the keys file, a host sends a mail request to the TA including its private read password. The TA encrypts the keys file with this password and returns it as an attachment. The attachment is then copied intact to the keys directory with name given in the first line of the file, but all in lower case and with the filestamp deleted..
-		The TA can generate GQ keys, certificate and identity files for all THs using the command
-		ntp-keygen -q passwd -s host -T -G -e >parameters_file
-		where the the redirected parameters_file can be piped to a mail application or stored locally and renamed as above for later distribution. The procedure for IFF files is similar with -G replaced by -I.
-		The TA can generate an encrypted GQ keys file copy using the command
-		ntp-keygen -q passwd1 -p passwd2 -s host >keys_file
-		where passwd1 is the read password for the TA, passwd2 is the read password for the requesting host and keys_file is sent or stored as above. The program uses the keys and parameters of whatever scheme generated the keys file.
+		As described on the Authentication Options page, there are five identity schemes, three of which - IFF, GQ and MV - require identity keys specific to each scheme. There are two files for each scheme, an encrypted keys file and a nonencrypted parameters file. In general, servers use the keys file and clients use the parameters file. In general, servers expecting to support a client population ned the keys file while others need only the parameters file. Both files are generated by the TA on behalf of all servers and clients in the group.
+		The parameters files are public; they can be stored in a public place and sent in the clear. The keys files are encrypted with the local password. To retrieve the keys file, a host sends a mail request to the TA including its local password. The TA encrypts the keys file with this password and returns it as an attachment. The attachment is then copied intact to the keys directory with name given in the first line of the file, but all in lower case and with the filestamp deleted..
+		For example, the TA can generate IFF keys, trusted certificate and parameter using the command
+		ntp-keygen -p local_passwd -T -I -e >parameters_file
+		where the -e option redirects the parameters_file to the standard output stream for a mail application or stored locally for later distribution. 
 		 
 		Command Line Options
 		
@@ -66,7 +58,7 @@
 			Select certificate and message digest/signature encryption scheme. Note that RSA schemes must be used with a RSA sign key and DSA schemes must be used with a DSA sign key. The default without this option is RSA-MD5.
 			
-d
 			
Enable debugging. This option displays the cryptographic data produced for eye-friendly billboards.
-e
-			
Generate unencrypted IFF or GQ parameters file from existing key file IFFkey. or GQkey  file, respectively. The file contents are sent to the standard output stream stdout..
-G
+			
Generate unencrypted IFF or GQ parameters file from existing key file IFFkey. or GQkey  file, respectively. The file contents are sent to the standard output stream stdout. Note: Unencrypted Q parameter files should be used with caution, as a host in possesion of this file can masquerade as a group member. Use the GQ encrypted keys fiie instead.
-G
 			
Generate GQ key file GQkey and link gqkey for the Guillou-Quisquater (GQ) identity scheme.
 			
-H
 			
Generate a new public/private host keys RSAkey, and link host.
diff --git a/html/ldisc.html b/html/ldisc.html
deleted file mode 100644
index 428a2513ad..0000000000
--- a/html/ldisc.html
+++ /dev/null
@@ -1,47 +0,0 @@
-
-
-
-
-	
-		
-		Line Disciplines and Streams Modules
-		
-	
-
-	
-		Line Disciplines and Streams Modules
-		Last update: 18:40 UTC Thursday, July 28, 2005
-		Related Links
-		
-		
-		Description
-		Most radio and modem clocks used for a primary (stratum-1) NTP server utilize serial ports operating at speeds of 9600 baud or greater. The intrinsic delay and jitter contributed by the serial port hardware and software driver can accumulate up to a millisecond in newer Unix systems and tens of milliseconds in older ones. In order to reduce the effects of delay and jitter, a set of special line disciplines, stream modules and operating system calls (ioctls) can be configured in some Unix kernels. These routines intercept special characters or signals provided by the radio or modem clock and save a timestamp for later processing.
-		The routines provide two important functions. Some insert a timestamp in the receive data stream upon occurance of a designated character or characters at the serial interface. This can be used to timestamp an on-time character produced by a radio clock, for example. Other routines support an application program interface for pulse-per-second (PPS) signals generated by some radio clocks and laboratory instruments. These routines are normally accessed through the PPSAPI application program interface described below.
-		The routines can be compiled in the kernel in older BSD-derived systems, or installed as System V streams modules and either compiled in the kernel or dynamically loaded when required. In either case, they require minor changes in some kernel files and in the NTP daemon ntpd. The streams modules can be pushed and popped from the streams stack using conventional System V streams program primitives. Note that some Unix kernels do not support line disciplines and some do not support System V streams. The routines described here are known to work correctly with the Unix kernels called out in the descriptions, but have not been tested for other kernels.
-		tty_clk Line Discipline/Streams Module
-		This routine intercepts characters received from the serial port and passes unchanged all except a set of designated characters to the generic serial port discipline. For each of the exception characters, the character is inserted in the receiver buffer followed by a local timestamp in Unix timeval format. Both select() and SIGIO are supported by the routine. Support for this routine is automatically detected during the NTP build process and interface code compiled as necessary.
-		There are two versions of the tty_clk routine. The tty_clk.c line discipline is designed for older BSD systems and is compiled in the kernel. The tty_clk_STREAMS.c is designed for System V streams, in which case it can be either compiled in the kernel or dynamically loaded. Since these programs are small, unobtrusive, and do nothing unless specifically enabled by an application program, it probably doesn't matter which version is chosen. Instructions on how to configure and build a kernel supporting either of these routines is in the README file in the ./kernel directory.
-		The tty_clk routine defines a new ioctl CLK_SETSTR, which takes a pointer to a string of no more than 32 characters. Until the first CLK_SETSTR is performed, the routine will simply pass through characters. Once it is passed a string by CLK_SETSTR, any character in that string will be immediately followed by a timestamp in Unix timeval format. You can change the string whenever you want by doing another CLK_SETSTR. The character must be an exact, 8 bit match. The character '\000' cannot, be used, as it is the string terminator. Passing an empty string to CLK_SETSTR turns off timestamping. Passing NULL may produce surprising results.
-		TIOCDCDTIMESTAMP ioctl in FreeBSD
-		This ioctl is included in FreeBSD 2.2 and later. It causes a timestamp to be inserted in the serial port receive data stream when the data carrier detect (DCD) signal is asserted. This is useful for those radio clocks that indicate the on-time epoch by means of a modem control signal. It is not recommended that this be used for PPS timestamps, as this function is available using the PPS application program interface included in FreeBSD 3.4 and later.
-		The TIOCDCDTIMESTAMP ioctl() is detected and compiled automatically on FreeBSD systems if available. With FreeBSD 2.2 the measured delay between activation of the DCD signal and the time the timestamp is captured on a 66MHz 486DX2 is 19 ms and on a 100MHz Pentium is 6 ms.
-		ppsclockStreams Module (depredated)
-		This routine is a streams module which causes a timestamp to be captured when the DCD signal is asserted. It is normally used in connection with a PPS signal generated by some radio clocks. However, it is normally used only by the PPSAPI interface and SunOS 4.1.3 and should be avoided in other contexts. Instructions on how to configure and build a kernel supporting either of these routines is in the README file in the ./kernel directory.
-		The ppsclock streams module implements the CIOGETEV ioctl, which takes a pointer to the structure
-		-struct ppsclockev {
-     struct timeval tv;
-     u_int serial;
-};
-
-		The ppsclock module is pushed on the streams stack of the serial port connected to the DCD line. At each positive-going edge of the PPS signal, the routine latches the current local timestamp and increments a counter. At each CIOGETEV ioctl call, the current values of the timestamp and counter are returned in the ppsclockev structure.
-		TIOCSPPS and TIOCGETPPSEV ioctls in Solaris
-		These ioctls are included in Solaris 2.4 and later. They implement the same function as the ppsclock streams module, but are implemented as integrated system calls independent of the streams facility. They are normally used in connection with a pulse-per-second (PPS) signal generated by some radio clocks. However, these ioctls are normally used only by the PPSAPI interface and should be avoided in other contexts. See the Sun documentation for the calling sequence and return values.
-		Users are cautioned that these ioctls function improperly in Solaris versions prior to 2.8 with patch Generic_108528-02.
-		tty_chu Line Discipline/Streams Module (depredated)
-		This routine is a special purpose line discipline for receiving a special timecode broadcast by Canadian time and frequency standard station CHU. It has been removed from the distribution since its function has been replaced by the Radio CHU Audio Demodulator/Decoder (type 7) clock driver.
-		
-		
-	
-
-
\ No newline at end of file
diff --git a/html/manyopt.html b/html/manyopt.html
index f5235f9ed0..31373e7bc3 100644
--- a/html/manyopt.html
+++ b/html/manyopt.html
@@ -13,10 +13,10 @@
 		Automatic Server Discovery Schemes
 		from Alice's Adventures in Wonderland, Lewis Carroll
 		Make sure who your friends are.
-		Last update: 21:27 UTC Tuesday, October 23, 2007
+		Last update: 21:48 UTC Friday, December 28, 2007
 		

 		Related Links
-		
+		
 		Table of Contents
 		
 			Broadcast/Multicast Scheme
@@ -25,41 +25,31 @@
 		
 		
 		Introduction
-		This page describes the automatic server discovery schemes provided in NTPv4. Details about the configuration commands and options are described on the Configuration Options page. Details about the cryptographic authentication schemes are described on the Authentication Options page. Details about the other modes not directly involved in these schemes are described on the Association Management page. Additional information is available in the papers, reports, memoranda and briefings on the NTP Project page.
-		There are three types of associations in NTP: persistent, preemptable and ephemeral. Persistent associations are mobilized by a configuration command and never demobilized. Preemptable associations, which are new to NTPv4, are mobilized by a configuration command which includes the prempt option and are demobilized by timeout or error or when displaced by a "better" server. Ephemeral associations are mobilized upon arrival of designated messages and demobilized only by timeout or error.
-		Ordinarily, successful mobilization of ephemeral associations requires the server to be cryptographically authenticated to the client. This can be done using either symmetric key or Autokey public key cryptography, as described in the Authentication Options page.
-		There are three automatic server discovery schemes in NTP: broadcast/multicast, manycast and server pool described on this page. The broadcast/multicast and manycast schemes utilize the ubiquitous broadcast or one-to-many paradigm native to IPv4 and IPv6. The server pool scheme uses DNS to resolve multiple addresses of volunteer servers scattered throughout the world. 
-		Following is a summary of the operations of each scheme. Note that reference to option applies to the commands described on the Configuration Options page. See that page for applicability and defaults.
+		This page describes the automatic server discovery schemes provided in NTPv4. Details about the configuration commands and options are described on the Configuration Options page. Details about the cryptographic authentication schemes are described on the Authentication Options page. Details about the other modes not directly involved in these schemes are described on the Association Management page. Additional information is available in the papers, reports, memoranda and briefings on the NTP Project page.
+		There are three automatic server discovery schemes: broadcast/multicast, manycast and server pool described on this page. The broadcast/multicast and manycast schemes utilize the ubiquitous broadcast or one-to-many paradigm native to IPv4 and IPv6. The server pool scheme uses DNS to resolve addresses of multiple volunteer servers scattered throughout the world. All three schemes work in much the same way and might be described as grab-n'-drop. Through one means or another they grab at least the number of potential servers specified by the tos maxclock configuration command, order them from best to worst using the NTP algorithms, then cast off from the end of the list until no more than the number of survivors specified in the tos minclock command remain.
+		This process is handled using a set of counters, one for each preemptible association. Once each poll interval the counter is increased by one. It the counter reaches a cutoff value of 10, it is preempted and demobilized. However, the counters for the survivors at the beginning of the list are set to zero.
+		Any of the schemes can use a stratum filter to select just those servers with stratum considered useful. This can avoid large numbers of clients ganging up on a small number of low-stratum servers and avoid servers above a certain stratum level. The range of acceptable strata range from the number specified by the tos floor command, inclusive, to the number specified by the tos ceiling command, exclusive. Potential servers operating at the same stratum as the client will be avoided unless the tos cohort command is present.
+		
+		Since an intruder can impersonate a broadcast or multicast server and inject false time values, broadcast mode should always be cryptographically authenticated.
+		Following is a summary of each scheme. Note that reference to option applies to the commands described on the Configuration Options page. See that page for applicability and defaults.
 		Broadcast/Multicast Scheme
-		In operation a broadcast server generates messages continuously at intervals by default 64 s and time-to-live by default 127. These defaults can be overriden by the minpoll and ttl options, respectively. Not all kernels support the ttl command.
-		A broadcast client responds to the first message received by waiting a randomized interval to avoid implosion at the server. The client then polls the server in client/server and iburst modes in order to quickly authenticate the server, set the host clock and calibrate the broadcast message propagation delay. This normally results in a volley of eight client/server exchanges at 2-s intervals during which both the synchronization and cryptographic protocols run concurrently.
-		Following the volley, the server continues in listen-only mode and sends no further messages. If for some reason the broadcast server does not respond to client messages, the client will time out and continue in listen-only mode with a default propagation delay.
-		A server is configured in broadcast mode using the broadcast command and specifying the broadcast address of a local interface. If two or more local interfaces are installed with different broadcast addresses, a broadcast command is needed for each address. This provides a way to limit exposure in a firewall, for example.
-		A broadcast client is configured using the broadcastclient command. While a broadcast message can be received on any interface, the restrict command described on the Access Control Options can be used to filter out unwanted addresses. Since an intruder can impersonate a broadcast or multicast server and inject false time values, broadcast mode should always be cryptographically authenticated.
-		Multicast Mode
-		NTP multicast mode can be used to extend the scope of a timekeeping subnet in two ways: multicasting and manycasting. A general discussion of IP multicast technology is beyond the scope of this page. In simple terms a host or router sending to a multicast group address expects all hosts or routers listening on this address to receive the message. There is no intrinsic limit on the number of senders or receivers and senders can be receivers and vice versa.
-		The IANA has assigned IPv4 multicast address 224.0.1.1 and IPv6 address FF05::101 (site local) to NTP, but these addresses should be used only where the multicast span can be reliably constrained to protect neighbor networks. In general, administratively scoped IPv4 group addresses should be used, as described in RFC-2365, or GLOP group addresses, as described in RFC-2770.
+		A broadcast server generates messages continuously at intervals by default 64 s and time-to-live by default 127. These defaults can be overriden by the minpoll and ttl options, respectively. Not all kernels support the ttl command. A broadcast client responds to the first message received by waiting a randomized interval to avoid implosion at the server. It then polls the server in client/server mode and using the iburst opion in order to quickly authenticate the server, set the host clock and calibrate the broadcast message propagation delay. This normally results in a volley of six client/server exchanges at 2-s intervals during which both the synchronization and cryptographic protocols run concurrently.
+		Following the volley, the server continues in listen-only mode and sends no further messages. If for some reason the broadcast server does not respond to these messages, the client will cease transmission and continue in listen-only mode with a default propagation delay. The volley can be avoided by using the authdelay configuration command with nonzero argument.
+		A server is configured in broadcast mode using the broadcast command and specifying the broadcast address of a local interface. If two or more local interfaces are installed with different broadcast addresses, a broadcast command is needed for each address. This provides a way to limit exposure in a firewall, for example. A broadcast client is configured using the broadcastclient command. 
+		NTP multicast mode can be used to extend the scope of a timekeeping using IPv4 multicast or IPv6 broadcast with defined span. The IANA has assigned IPv4 multicast address 224.0.1.1 and IPv6 address FF05::101 (site local) to NTP, but these addresses should be used only where the multicast span can be reliably constrained to protect neighbor networks. In general, administratively scoped IPv4 group addresses should be used, as described in RFC-2365, or GLOP group addresses, as described in RFC-2770.
 		A multicast server is configured using the broadcast command, but specifying a multicast address instead of a broadcast address. A multicast client is configured using the multicastclient command specifying a list of one or more multicast addresses. Note that there is a subtle distinction between the IPv4 and IPv6 address families. The IPv4 broadcast or mulitcast mode is determined by the IPv4 class. For IPv6 the same distinction can be made using the link-local prefix FF02 for each interface and site-local prefix FF05 for all interfacesl.
-		By design, multicast messages travel from the sender via a shortest-path or shared spanning tree to the receivers, which may require these messages emit from one or more local interfaces. It is possible to configure multiple multicast groups using multiple broadcast or multicastclient commands. Other than these particulars, multicast messages are processed just like broadcast messages. Note that the calibration feature in broadcast mode is extremely important, since IP multicast messages can travel far different paths through the IP routing fabric than ordinary IP unicast messages.
-		Broadcasting is the simplest way to provide automatic server discovery. It uses the multi-destination paradigm, where the subnet spanning tree is constructed automatically, either by the switches in an Ethernet LAN or the DVMRP or PIM protocols when spanning multiple networks.
-		A broadcast or multicast server is mobilized by the broadcast configuration command. The addresses can be either from the IPv4 broadcast/mulitcast address family or the IPv6 address family. Multiple broadcast server associations can be specified for a single host.
-		A host is enabled for broadcast reception using the broadcastclient configuration command, with or without the novolley option. Upon receiving the first message from a broadcast server, the client mobilizes an ephemeral client association and exchanges a volley of client/server messages in order to quickly authenticate the source, set the clock and measure the propagation delay, then reverts to listen-only mode. A multicast client is mobilized in the same way using the multicastclient configuration command and specified multicast group address.
-		Broadcasting can be used with either symmetric key or public key cryptography. Public key cryptography offers the best protection against compromised keys and is generally considered stronger. By default, either of these two means is required, but this can be overridden by the disable auth command.
-		In both broadcast and multicast client operations the client association is demobilized in case of error or timeout due to loss of server or connectivity. 
+		In both broadcast and multicast versions the client association is demobilized in case of timeout.
 		Manycast Scheme
-		Manycasting is a automatic discovery and configuration paradigm new to NTPv4. It is intended as a means for a client to troll the nearby network neighborhood to find cooperating servers, validate them using cryptographic means and evaluate their time values with respect to other servers that might be lurking in the vicinity. The intended result is that each client mobilizes associations with a given number of the "best" nearby servers, yet automatically reconfigures to sustain this number of servers should one or another fail.
-		Note that the manycast paradigm does not coincide with the anycast paradigm described in RFC-1546, which is designed to find a single server from a clique of servers providing the same service. The manycast paradigm is designed to find a plurality of redundant servers satisfying defined optimality criteria.
-		Manycasting can be used with either symmetric key or public key cryptography. Public key cryptography offers the best protection against compromised keys and is generally considered stronger. By default, either of these two means is required, but this can be overridden by the disable auth command.
-		A manycast client association is configured using the manycastclient configuration command, which is similar to the server configuration command, but with a broadcast or multicast address. Depending on address family. The manycast client sends ordinary client mode messages, but with a broadcast address rather than a unicast address. It sends only if less than a given threshold of servers have been found and then only at the minimum feasible rate and minimum feasible time-to-live (TTL) hops. There can be as many manycast client associations as different broadcast addresses, each one serving as a template for a future unicast client/server association.
-		Manycast servers configured with the manycastserver command listen on the specified broadcast address for manycast client messages. If a manycast server is in scope of the current TTL and is itself synchronized to a valid source and operating at a stratum level equal to or lower than the manycast client, it replies to the manycast client message with an ordinary unicast server message.
-		The manycast client receiving this message mobilizes a preemptable client association according to the matching manycast client template, but only if cryptographically authenticated and the server stratum is less than or equal to the client stratum. The client runs the NTP mitigation algorithms, which act to demobilize all but a threshold number of associations according to stratum and synchronization distance. The surviving associations then continue in ordinary client/server mode.
-		If for some reason the number of available servers falls below the threshold, the manycast client resumes sending broadcast messages. The polling strategy is designed to reduce as much as possible the volume of broadcast messages and the effects of implosion due to near-simultaneous arrival of manycast server messages. The strategy is determined by the tos and ttl configuration commands described below.
+		Manycast is a automatic server discovery and configuration paradigm new to NTPv4. It is intended as a means for a client to troll the nearby network neighborhood to find cooperating servers, validate them using cryptographic means and evaluate their time values with respect to other servers that might be lurking in the vicinity. It uses the grab-n'-drop paradigm with the additional feature that active means are used to grab additional servers should the number of survivors fall below the minclock threshold.
+		The manycast paradigm is not the anycast paradigm described in RFC-1546, which is designed to find a single server from a clique of servers providing the same service. The manycast paradigm is designed to find a plurality of redundant servers satisfying defined optimality criteria.
+		A manycast clients is configured using the manycastclient configuration command, which is similar to the server configuration command. It sends ordinary client mode messages, but with a broadcast address rather than a unicast address and sends only if less than minclock survivors remain and then only at the minimum feasible rate and minimum feasible time-to-live (TTL) hops. The polling strategy is designed to reduce as much as possible the volume of broadcast messages and the effects of implosion due to near-simultaneous arrival of manycast server messages. There can be as many manycast client associations as different addresses, each one serving as a template for a future unicast client/server association.
+		A manycast server is configured using the manycastserver command, which listens on the specified broadcast address for manycast client messages. If a manycast server is in scope of the current TTL and is itself synchronized to a valid source and operating at a stratum level equal to or lower than the manycast client, it replies with an ordinary unicast server message.
+		The manycast client receiving this message mobilizes a preemptable client association according to the matching manycast client template, but only if cryptographically authenticated and the server stratum is less than or equal to the client stratum. 
 		It is possible and frequently useful to configure a host as both manycast client and manycast server. A number of hosts configured this way and sharing a common group address will automatically organize themselves in an optimum configuration based on stratum and synchronization distance.
-		For example, consider an NTP subnet of two primary servers and several secondary servers and a number of dependent clients. With twoAll servers and clients have identical configuration files including both multicastclient and multicastserver commands using, for instance, multicast group address 239.1.1.1. Each primary server configuration file must include commands for the primary reference source such as a GPS receiver.
-		The remaining configuration files for all secondary servers and clients have the same contents, except for the tos command, which is specific for each stratum level. For stratum 1 and stratum 2 servers, that command is not necessary. For stratum 3 and above servers the tos floor value is set to the intended stratum number. Thus, all stratum 3 configuration files use tos floor 3, all stratum 4 files use tos floor 4 and so forth.
-		Once operations have stabilized, the primary servers will find the primary reference source and each other, since they both operate at the same stratum (1), but not with any secondary server or client, since these operate at a higher stratum. The secondary servers will find the servers at the same stratum level. If one of the primary servers loses its GPS receiver, it will continue to operate as a client and other clients will time out the corresponding association and re-associate accordingly.
 		Server Pool Scheme
-		bibbidt
+		The idea of targeting servers on a random basis to distribute and balance the load is not a new one; however, the NTP pool scheme puts this on steroids. At present, several hundred operators around the globe have volunteered their servers for public access. In general, NTP is a lightweight service and servers used for other purposes don't mind an additional small load. The trick is to randomize over the population and minimize the load on any one server while retaining the advantages of multiple servers with the NTP mitigation algorithms.
+		To support this service the DNS for some volunteer servers as been modified to collect a number of the volunteer servers and return a randomized list in response to a query. The client receiving this list modbilizes some or all of them just as in the other discovery schemes and casts off the excess.
+		The pool scheme is configured using one or pool commands with the DNS name region.pool.ntp.org, where region is a region of the world, country of the region or state of the country or even the whole world if absent. The pool command can be used more than once; duplicate servers are detected and discarded. In principle, it is possible to use a  configuration file containing a single line pool.ntp.org.
 		
 		
 	
diff --git a/html/measure.html b/html/measure.html
deleted file mode 100644
index 9cce97a143..0000000000
--- a/html/measure.html
+++ /dev/null
@@ -1,23 +0,0 @@
-
-
-
-
-	
-		
-		Time and Time Interval Measurement with Application to Computer and Network Performance Evaluation
-		
-	
-
-	
-		Time and Time Interval Measurement with Application to Computer and Network Performance Evaluation
-		Last update: 18:41 UTC Thursday, July 28, 2005
-		
-		The technical memorandum: Time and Time Interval Measurement with Application to Computer and Network Performance Evaluation(PostScript) describes a number of techniques for conducting experiments typical of computer network and transmission systems engineering.
-		In most experiments in which time is involved, it is necessary to develop estimates of time, frequency and measurement errors from a series of time measurements between the clocks of a number of computers and ancillary devices interconnected by some kind of computer network. However, time is not a physical quantity, such as mass, nor can it be measured relative to an absolute frame of reference, such as velocity. The only way to measure time in our universe is to compare the reading of one clock, which runs according to its own timescale, with another clock, which runs according to a given timescale, at some given instant or epoch. The errors arise from the precision of time comparisons and the accuracy of frequency estimates between the timescales involved.
-		The usual data collected during a performance run of some experiment might include time offsets, time delays, frequency offsets and various error statistics. While time offsets between two clocks can be measured directly, frequency offsets can be estimated only from two or more time offsets made over some time interval in the experiment. In practice, a sequence of time comparisons can be performed over the lifetime of the experiment and the instantaneous frequency estimated either in real time with a recurrence relation, or retrospectively with a polynomial fit to the data.
-		Estimating time and frequency errors in real time has been studied by a distinct subspecies of physicists who have made a career of the technology involved. Various means including autoregressive models, Kalman filters and simple weighted-average algorithms are used extensively by national standards laboratories to model cesium-clock ensembles. These techniques have been adapted to computer network and transmission engineering problems as well. This memorandum explores issues in performing experiments of this type and summarizes various techniques found useful in practice.
-		
-		
-	
-
-
\ No newline at end of file
diff --git a/html/miscopt.html b/html/miscopt.html
index 5ef60fc93a..3026cd9a1f 100644
--- a/html/miscopt.html
+++ b/html/miscopt.html
@@ -12,10 +12,10 @@
 		Miscellaneous Options
 		from Pogo, Walt Kelly
 		We have three, now looking for more.
-		Last update: 20:47 UTC Monday, October 15, 2007
+		Last update: 22:42 UTC Sunday, December 16, 2007
 		

 		Related Links
-		
+		
 		
 		
 			broadcastdelay seconds
@@ -126,7 +126,12 @@
 			
This command specifies a list of TTL values in increasing order. up to 8 values can be specified. In manycast mode these values are used in turn in an expanding-ring search. The default is eight multiples of 32 starting at 31.
 		
 		Files
-		ntp.drift frequency compensation (PPM)
+		ntp.drift frequency
+		Leapseconds File
+		The NIST provides a file documenting the epoch for all historic occasions of leap second insertion since 1972. The leapsecond table shows each epoch of insertion along with the offset of International Atomic Time (TAI) with respect to Coordinated Universal Time (UTC), as disseminated by NTP. The table can be obtained directly from NIST national time servers using ftp as the ASCII file pub/leap-seconds.
+		While not strictly a security function, the Autokey protocol provides means to securely retrieve the leapsecond table from a server or peer. Servers load the leapsecond table directly from the file specified in the crypto command, with default ntpkey_leap, while clients can obtain the table indirectly from the servers using the Autokey protocol. Once loaded, the table can be provided on request to other clients and servers.
+		As explained in the Authentication Options page, all cryptographically sound key generation schemes must have means to randomize the entropy seed used to initialize the internal random number generator. The OpenSSL library uses a designated random seed file for this purpose. The file must be available when starting the NTP daemon and the ntp-keygen program. If a site supports OpenSSL or its companion OpenSSH, it is very likely that means to do this are already available.
+		 compensation (PPM)
 		
 		
 	
diff --git a/html/monopt.html b/html/monopt.html
index a4c073a24f..2aab0154d7 100644
--- a/html/monopt.html
+++ b/html/monopt.html
@@ -13,120 +13,376 @@
 		Monitoring Options
 		from Pogo, Walt Kelly
 		The pig watches the logs.
-		Last update: 00:40 UTC Sunday, December 24, 2006
+		Last update: 19:44 UTC Friday, January 11, 2008
 		

 		Related Links
-		
-		
-		ntpd includes a comprehensive monitoring facility suitable for continuous, long term recording of server and client timekeeping performance. See the statistics command below for a listing and example of each type of statistics currently supported. Statistic files are managed using file generation sets and scripts in the ./scripts directory of this distribution. Using these facilities and Unix cron jobs, the datacan be automatically summarized and archived for retrospective analysis.
-		Monitoring Commands
+		
+		Table of Contents
+		
+			introduction
+			
Monitoring Options
+			
File Set Types
+		
		
+		Introduction
+		ntpd includes a comprehensive monitoring facility which collects statistical data of various types and writes the data to files associated with each type at defined intervals. The files associated with a particular type are collectively called the generation file set for that type. The files in the file set are the members of that set.
File sets have names specific to the type and generation epoch. The  names are constructed from three concatenated elements prefix, filename and suffix:
+		
+			prefix
+			
The directory path specified in the statsdir command.
+			
name
+			
The name specified by the file option of the filegen command.
+			
suffix
+			
A string of elements bdginning with . (dot) followed by a string of elementes depending on the particular file set type.
+		
+		Statistics files can be managed using scripts, examples of which are in the ./scripts directory. Using these or similar scripts and Unix cron jobs, the files can be automatically summarized and archived for retrospective analysis.
+		Monitoring Commands
 		
-			statistics name [...]
-			
Enables writing of statistics records. Currently, six kinds of namestatistics are supported.
+			
filegen name file filename [type type] [link | nolink] [enable | disable]
+			
+				name
+				
Specifies the file set type from the list in the next section.
+				
file filename
+				
Specfies the file set name.
+				
type typename
+				
Specifies the file set interval. The following intervals are supported with default day:
 				
-					clockstats
-					
Enables recording of clock driver statistics information. Each update received from a clock driver appends a line of the following form to the file generation set named clockstats:
-					
49213 525.624 127.127.4.1 93 226 00:08:29.606 D
-					
The first two fields show the date (Modified Julian Day) and time (seconds and fraction past UTC midnight). The next field shows the clock address in dotted-quad notation, The final field shows the last timecode received from the clock in decoded ASCII format, where meaningful. In some clock drivers a good deal of additional information can be gathered and displayed as well. See information specific to each clock for further details.
+					
none
+					
The file set is actually a single plain file.
+					
pid
+					
One file set member is created for every incarnation of ntpd. . The file name suffix is the string .n, where n is the process ID of the ntpd server process.
+					
day
+					
One file set member is created per day. A day is defined as the period between 00:00 and 24:00 UTC. The file name suffix is the string .yyyymmdd, where yyyy is the year, mm the month of the year and dd the day of the month. Thus, member created on 10 December 1992 would have suffix .19921210.
+					
week
+					
One file set member is created per week. The week is defined as the day of year modulo 7. The file name suffix is the string .yyyyWww, where yyyy is the year, W stands for itself and ww the week number. For example, The member created on 10 January 1992 would have suffix .1992W1.
+					
month
+					
One file set member is created per month. The file name suffix is the string .yyyymm, where yyyy is the year and mm the month of the year. For example, The member created on 10 January 1992 would have suffix .199201.
+					
year
+					
One file set member is generated per year. The file name suffix is the string .yyyy, where yyyy is the year. For example, The member created on 1 January 1992 would have suffix .1992.
age
+					
One file set member is generated every 24 hours of ntpd operation. The filename suffix is the string .adddddddd, where a stands for itself and dddddddd is the  ntpd running time in seconds at the start of the corresponding 24-hour period.
+				
+				
link | nolink
+				
It is convenient to be able to access the current file set members by file name, but without the suffix. This feature is enabled by link and disabled by nolink. If enabled, which is the default, a hard link from the current file set member to a file without suffix is created. When there is already a file with this name and the number of links to this file is one, it is renamed by appending a dot, the letter C, and the pid of the ntpd server process. When the number of links is greater than one, the file is unlinked. This allows the current file to be accessed by a constant name.
+				
enable | disable
+				
Enable or disable the recording function, with default enable. These options are intended for remote configutation commands.
+			
+			
statsdir directory_path
+			
Specify the directory path prefix for statistics file names.
+		
+		File Set Types
+							clockstats
+			
Record reference clock statistics. Each update received from a reference clock driver appends one line to the clockstats file set:
49213 525.624 127.127.4.1 93 226 00:08:29.606 D
+			

+						
 Product Area
 Bundled Network
 Product
 		
 		
 		
 		
 		
 		
 		
 		
 		
 		
 		
 		
 		
 		
 		
+							
+								
+								
+								
+							
+							
+								
+								
+								
+							
+							
+								
+								
+								
+							
+							
+								
+								
+								
+							
+							
+								
+								
+								
+							
+						Item Units Description
49213 MJD date
525.624 s time past midnight
127.127.4.1 IP reference clock address
message text log message
+					The message field includes the last timecode received in decoded ASCII format, where meaningful. In some cases a good deal of additional information is displayed. See information specific to each reference clock for further details.
 					cryptostats
-					
This option requires the OpenSSL cryptographic software library. It enables recording of cryptographic public key protocol information. Each message received by the protocol module appends a line of the following form to the file generation set named cryptostats:
-					
49213 525.624 127.127.4.1 message
-					
The first two fields show the date (Modified Julian Day) and time (seconds and fraction past UTC midnight). The next field shows the peer address in dotted-quad notation, The final message field includes the message type and certain ancillary information. See the Authentication Options page for further information.
+					
Record significant events in the Autokey protocol. This option requires the OpenSSL cryptographic software library. Each event of the protocol module appends one line to the cryptostats file set:
49213 525.624 127.127.4.1 message
+					

+						
+							
+								
+								
+								
+							
+							
+								
+								
+								
+							
+							
+								
+								
+								
+							
+							
+								
+								
+								
+							
+							
+								
+								
+								
+							
+						Item Units Description
49213 MJD date
525.624 s time past midnight
127.127.4.1 IP source address
message text log message
+					The message field includes the message type and certain ancillary information. See the Authentication Options page for further information.
 					
loopstats
-					
Enables recording of loop filter statistics information. Each update of the local clock outputs a line of the following form to the file generation set named loopstats:
-					
50935 75440.031 0.000006019 13.778190 0.000351733 0.0133806	6
-					
The first two fields show the date (Modified Julian Day) and time (seconds and fraction past UTC midnight). The next five fields show time offset (seconds), frequency offset (parts per million - PPM), RMS jitter (seconds), Allan deviation (PPM) and clock discipline time constant.
+					
Record clock disiplilne loop statistics. Each system clock update appends one line to the loopstats file set:
50935 75440.031 0.000006019 13.778190 0.000351733 0.0133806	6
+					

+						
+							
+								
+								
+								
+							
+							
+								
+								
+								
+							
+							
+								
+								
+								
+							
+							
+								
+								
+								
+							
+							
+								
+								
+								
+							
+							
+								
+								
+								
+							
+							
+								
+								
+								
+							
+							
+								
+								
+								
+							
+						Item Units Description
50935 MJD date
75440.031 s time past midnight
0.000006019 s clock offset
13.778190 PPM frequency offset
0.000351733 hex RMS jitter
0.0133806 PPM RMS wander
6 log₂ s clock discipline loop time constant
 					
peerstats
-					
Enables recording of peer statistics information. This includes statistics records of all peers of a NTP server and of special signals, where present and configured. Each valid update appends a line of the following form to the current element of a file generation set named peerstats:
-					
48773 10847.650 127.127.4.1 9714 -0.001605376 0.000000000 0.001424877 0.000958674
-					
The first two fields show the date (Modified Julian Day) and time (seconds and fraction past UTC midnight). The next two fields show the peer address in dotted-quad notation and status, respectively. The status field is encoded in hex in the format described in Appendix B of the NTP specification RFC 1305. The final four fields show the offset, delay, dispersion and RMS jitter, all in seconds.
+					
Record peer statistics. Each NTP packet or reference clock update received appends one line to the peerstats file set:
48773 10847.650 127.127.4.1 9714 -0.001605376 0.000000000 0.001424877 0.000958674
+					

+						
+							
+								
+								
+								
+							
+							
+								
+								
+								
+							
+							
+								
+								
+								
+							
+							
+								
+								
+								
+							
+							
+								
+								
+								
+							
+							
+								
+								
+								
+							
+							
+								
+								
+								
+							
+							
+								
+								
+								
+							
+							
+								
+								
+								
+							
+							
+								
+								
+								
+							
+						Item Units Description
48773 MJD date
10847.650 s time past midnight
127.127.4.1 IP source address
128.4.1.20 IP destination address
9714 hex status word
-0.001605376 s clock offset
0.000000000 s roundtrip delay
0.001424877 s dispersion
0.000958674 s RMS jitter
+					The status field is encoded in hex format as described in Appendix B of the NTP specification RFC 1305.
 					
rawstats
-					
Enables recording of raw-timestamp statistics information. This includes statistics records of all peers of a NTP server and of special signals, where present and configured. Each NTP message received from a peer or clock driver appends a line of the following form to the file generation set named rawstats:
-					
50928 2132.543 128.4.1.1 128.4.1.20 3102453281.584327000 3102453281.58622800031 02453332.540806000 3102453332.541458000
-					
The first two fields show the date (Modified Julian Day) and time (seconds and fraction past UTC midnight). The next two fields show the remote peer or clock address followed by the local address in dotted-quad notation, The final four fields show the originate, receive, transmit and final NTP timestamps in order. The timestamp values are as received and before processing by the various data smoothing and mitigation algorithms.
+					
Record timestamp statistics. Each NTP packet received appends one line to the rawstats file set:
50928 2132.543 128.4.1.1 128.4.1.20 3102453281.584327000 3102453281.58622800031 02453332.540806000 3102453332.541458000
+					

+						
+							
+								
+								
+								
+							
+							
+								
+								
+								
+							
+							
+								
+								
+								
+							
+							
+								
+								
+								
+							
+							
+								
+								
+								
+							
+							
+								
+								
+								
+							
+							
+								
+								
+								
+							
+							
+								
+								
+								
+							
+						Item Units Description
50928 MJD date
2132.543 s time past midnight
128.4.1.1 IP source address
128.4.1.20 IP destination address
3102453281.584327000 NTP s receive timestamp
3102453281.586228000 NTP s transmit timestamp
3102453332.540806000 NTP s destination timestamp
 					
sysstats
-					
Enables recording of ntpd statistics counters on a periodic basis. Each hour a line of the following form is appended to the file generation set named sysstats:
-					
50928 2132.543 36000 81965 0 9546 56 71793 512 540 10 147
-					
The first two fields show the date (Modified Julian Day) and time (seconds and fraction past UTC midnight). The remaining ten fields show the statistics counter values accumulated since the last generated line.
-						
-							Time since restart 36000
-							
Time in hours since the system was last rebooted.
-							
Packets received 81965
-							
Total number of packets received.
-							
Packets processed 0
-							
Number of packets received in response to previous packets sent
-							
Current version 9546
-							
Number of packets matching the current NTP version.
-							
Previous version 56
-							
Number of packets matching the previous NTP version.
-							
Bad version 71793
-							
Number of packets matching neither NTP version.
-							
Access denied 512
-							
Number of packets denied access for any reason.
-							
Bad length or format 540
-							
Number of packets with invalid length, format or port number.
-							
Bad authentication 10
-							
Number of packets not verified as authentic.
-							
Rate exceeded 147
-							
Number of packets discarded due to rate limitation.
-						
+					
Record system statistics. Each hour one line is appended to the sysstats file set in the following format:
50928 2132.543 36000 81965 0 9546 56 512 540 10 147
+					

+						
+							
+								
+								
+								
+							
+							
+								
+								
+								
+							
+							
+								
+								
+								
+							
+							
+								
+								
+								
+							
+							
+								
+								
+								
+							
+							
+								
+								
+								
+							
+							
+								
+								
+								
+							
+					
+								
+								
+								
+							
+					
+								
+								
+								
+							
+					
+								
+								
+								
+							
+							
+								
+								
+								
+							
+							
+								
+								
+								
+							
+						Item Units Description
50928 MJD date
2132.543 s time past midnight
36000 s time since restart
81965 # packets received last hour
0 # server packets received last hour
9546 # current version packets last hour
56 # previous version packets last hour
512 # access denied packets last hour
540 # bad length or format packets last hour
10 # bad authentication packets last hour
147 # rate exceeded packets last hour
 					
timingstats
-					
ONLY available when the deamon is compiled with process time debugging support (--enable-debug-timing - costs performance). Enables recording of ntpd processing time information for various selected code paths:
-	                                
53876 36.920 10.0.3.5 1 0.000014592 input processing delay
-	                                
The first two fields show the date (Modified Julian Day) and time (seconds and fraction past UTC midnight). The next field is a potential peer address, - or -REFCLOCK- depending on the associated io source. Then an event count for the number of processed events in the code path follows. The fifth field is the total time spend for the events. The rest of the line denotes the code path description (see source for more information).
-					
statsdir directory_path
-					
Indicates the full path of a directory where statistics files should be created (see below). This keyword allows the (otherwise constant) filegen filename prefix to be modified for file generation sets, which is useful for handling statistics logs.
-					
filegen name [file filename] [type typename] [link | nolink] [enable | disable]
-					
Configures setting of generation file set name. Generation file sets provide a means for handling files that are continuously growing during the lifetime of a server. Server statistics are a typical example for such files. Generation file sets provide access to a set of files used to store the actual data. At any time at most one element of the set is being written to. The type given specifies when and how data will be directed to a new element of the set. This way, information stored in elements of a file set that are currently unused are available for administrational operations without the risk of disturbing the operation of ntpd. (Most important: they can be removed to free space for new data produced.)
-					
Note that this command can be sent from the ntpdc program running at a remote location.
-						
-							name
-							
This is the type of the statistics records, as shown in the statistics command.
-						
-					
file filename
-						
-							This is the file name for the statistics records. Filenames of set members are built from three concatenated elements prefix, filename and suffix:
-								
-									prefix
-									
This is a constant filename path. It is not subject to modifications via the filegen option. It is defined by the server, usually specified as a compile-time constant. It may, however, be configurable for individual file generation sets via other commands. For example, the prefix used with loopstats and peerstats generation can be configured using the statsdir option explained above.
-									
filename
-									
This string is directly concatenated to the prefix mentioned above (no intervening / (slash)). This can be modified using the file argument to the filegen statement. No .. elements are allowed in this component to prevent filenames referring to parts outside the filesystem hierarchy denoted by prefix.
-									
suffix
-									
This part is reflects individual elements of a file set. It is generated according to the type of a file set.
-								
-						
-					
type typename
-						
-							A file generation set is characterized by its type. The following types are supported:
-								
-									none
-									
The file set is actually a single plain file.
-									
pid
-									
One element of file set is used per incarnation of a ntpd server. This type does not perform any changes to file set members during runtime, however it provides an easy way of separating files belonging to different ntpd server incarnations. The set member filename is built by appending a . (dot) to concatenated prefix and filename strings, and appending the decimal representation of the process ID of the ntpd server process.
-									
day
-									
One file generation set element is created per day. A day is defined as the period between 00:00 and 24:00 UTC. The file set member suffix consists of a . (dot) and a day specification in the form YYYYMMdd. YYYY is a 4-digit year number (e.g., 1992). MM is a two digit month number. dd is a two digit day number. Thus, all information written at 10 December 1992 would end up in a file named prefix filename.19921210.
-									
week
-									
Any file set member contains data related to a certain week of a year. The term week is defined by computing day-of-year modulo 7. Elements of such a file generation set are distinguished by appending the following suffix to the file set filename base: A dot, a 4-digit year number, the letter W, and a 2-digit week number. For example, information from January, 10th 1992 would end up in a file with suffix .1992W1.
-									
month
-									
One generation file set element is generated per month. The file name suffix consists of a dot, a 4-digit year number, and a 2-digit month.
-									
year
-									
One generation file element is generated per year. The filename suffix consists of a dot and a 4 digit year number.
-									
age
-									
This type of file generation sets changes to a new element of the file set every 24 hours of server operation. The filename suffix consists of a dot, the letter a, and an 8-digit number. This number is taken to be the number of seconds the server is running at the start of the corresponding 24-hour period. Information is only written to a file generation by specifying enable; output is prevented by specifying disable.
-								
-						
-					
link | nolink
-						
-							It is convenient to be able to access the current element of a file generation set by a fixed name. This feature is enabled by specifying link and disabled using nolink. If link is specified, a hard link from the current file set element to a file without suffix is created. When there is already a file with this name and the number of links of this file is one, it is renamed appending a dot, the letter C, and the pid of the ntpd server process. When the number of links is greater than one, the file is unlinked. This allows the current file to be accessed by a constant name.
-						
-					
enable | disable
-						
-							Enables or disables the recording function.
-						
+					
(Only available when the deamon is compiled with process time debugging support (--enable-debug-timing - costs performance). Record processing time statistics for various selected code paths.
53876 36.920 10.0.3.5 1 0.000014592 input processing delay
+					

+						
+							
+								
+								
+								
+							
+							
+								
+								
+								
+							
+							
+								
+								
+								
+							
+							
+								
+								
+								
+							
+							
+								
+								
+								
+							
+							
+								
+								
+								
+							
+							
+								
+								
+								
+							
+						Item Units Description
53876 MJD date
36.920 s time past midnight
10.0.3.5 IP server address
1 # event count
0.000014592 s total time
message text code path description (see source)
 				
-				
-				
-		
+		
+	
 	
-
 
diff --git a/html/msyslog.html b/html/msyslog.html
index d386eacee2..f5ace49db3 100644
--- a/html/msyslog.html
+++ b/html/msyslog.html
@@ -10,10 +10,10 @@
 		ntpd System Log Messages
 		from Alice's Adventures in Wonderland, Lewis Carroll
 		The mushroom knows all the error codes, which is more than most of us do.
-		Last update: 15:20 UTC Wednesday, October 31, 2007
+		Last update: 01:09 UTC Saturday, November 24, 2007
 		

 		Related Links
-		
+		

 		
 		
 		You have come here because you found a cryptic message in the system log. This page by no means lists all messages that might be found, since new ones come and old ones go. Generally, however, the most common ones will be found here. They are listed by program module and log severity code in bold: LOG_ERR, LOG_NOTICE and LOG_INFO.
diff --git a/html/notes.html b/html/notes.html
deleted file mode 100644
index e757dbd837..0000000000
--- a/html/notes.html
+++ /dev/null
@@ -1,280 +0,0 @@
-
-
-
-
-	
-		
-		
-		Notes on setting up a NTP subnet
-		
-	
-
-	
-		Notes on setting up a NTP subnet
-		From NBS Special Publication 432 (out of print)
-		Last update: 18:44 UTC Thursday, July 28, 2005
-		

-		
-		Introduction
-		This document is a collection of notes concerning the use of ntpd and related programs, and on coping with the Network Time Protocol (NTP) in general. It is a major rewrite and update of an earlier document written by Dennis Ferguson of the University of Toronto and includes many changes and additions resulting from the NTP Version 3 specification and new Version 4 implementation features. It supersedes earlier documents, which should no longer be used for new configurations.
-		ntpd includes a complete implementation of the NTP Version 3 specification, as defined in:
-		
-			Mills, D.L. Network Time Protocol (Version 3) specification, implementation and analysis. Network Working Group Report RFC-1305, University of Delaware, March 1992, 113 pp. Abstract: PostScript | PDF, Body: PostScript | PDF, Appendices: PostScript | PDF
-		
-		Additional features have are described for NTP Version 4 Release Notes. It also retains compatibility with both NTP Version 2, as defined in RFC-1119, and NTP Version 1, as defined in RFC-1059, although this compatibility is sometimes strained and only semiautomatic. In order to support in principle the ultimate precision of about 232 picoseconds in the NTP specification, ntpd uses NTP timestamp format for external communication and double precision floating point arithmetic internally. ntpd fully implements NTP Versions 2 and 3 authentication and in addition Version 4 autokey. It supports the NTP mode-6 control message facility along with a private mode-7 control- message facility used to remotely reconfigure the system and monitor a considerable amount of internal detail. As extensions to the specification, a flexible address-and-mask restriction facility has been included.
-		The code is biased towards the needs of a busy time server with numerous, often hundreds, of clients and other servers. Tables are hashed to allow efficient handling of many associations, though at the expense of additional overhead when the number of associations is small. Many fancy features have been included to permit efficient management and monitoring of a busy primary server, features which are probably excess baggage for a high stratum client. In such cases, a stripped-down version of the protocol, the Simple Network Time Protocol (SNTP) can be used. SNTP and NTP servers and clients can interwork in most situations, as described in: Mills, D.L. Simple Network Time Protocol (SNTP). Network Working Group Report RFC-2030, University of Delaware, October 1996, 14 pp. (ASCII).
-		The code was written with near demonic attention to details which can affect precision and as a consequence should be able to make good use of high performance, special purpose hardware such as precision oscillators and radio clocks. The present code supports a number of radio clocks, including those for the WWV, CHU, WWVB, MSF, DCF77, GOES and GPS radio and satellite time services and USNO, ACTS and PTB modem time services. It also supports the IRIG-B and IRIG-E signal format connected via an audio codec. The server methodically avoids the use of Unix-specific library routines where possible by implementing local versions, in order to aid in porting the code to perverse Unix and non-Unix platforms.
-		While this implementation conforms in most respects to the NTP Version 3 specification RFC-1305, a number of improvements have been made which are described in the conformance statement in the NTP Protocol Conformance Statement page. It has been specifically tuned to achieve the highest accuracy possible on whatever hardware and operating-system platform is available. In general, its precision and stability are limited only by the characteristics of the onboard clock source used by the hardware and operating system, usually an uncompensated crystal oscillator. On modern RISC-based processors connected directly to radio clocks via serial-asynchronous interfaces, the accuracy is usually limited by the radio clock and interface to the order of a millisecond or less. The code includes special features to support a pulse-per-second (PPS) signal and/or an IRIG-B signal generated by some radio clocks. When used in conjunction with a suitable hardware level converter, the accuracy can be improved to a few tens of microseconds. Further improvement is possible using an outboard, stabilized frequency source, in which the accuracy and stability are limited only by the characteristics of that source.
-		The NTP Version 4 distribution includes, in addition to the daemon itself (ntpd), several utility programs, including two remote-monitoring programs (ntpq, ntpdc), a remote clock-setting program similar to the Unix rdate program (ntpdate), a traceback utility useful to discover suitable synchronization sources (ntptrace), and various programs used to configure the local platform and calibrate the intrinsic errors. NTP has been ported to a large number of platforms, including most RISC and CISC workstations and mainframes manufactured today. Example configuration files for many models of these machines are included in the distribution. While in most cases the standard version of the implementation runs with no hardware or operating system modifications, not all features of the distribution are available on all platforms. For instance, a special feature allowing Sun workstations to achieve accuracies in the order of 100 microseconds requires some minor changes and additions to the kernel and input/output support.
-		There are, however, several drawbacks to all of this. ntpd is quite fat. This is rotten if your intended platform for the daemon is memory limited. ntpd uses SIGIO for all input, a facility which appears to not enjoy universal support and whose use seems to exercise the parts of your vendors' kernels which are most likely to have been done poorly. The code is unforgiving in the face of kernel problems which affect performance, and generally requires that you repair the problems in order to achieve acceptable performance. The code has a distinctly experimental flavour and contains features which could charitably be termed failed experiments, but which have not been completely hacked out. Much was learned from the addition of support for a variety of radio clocks, with the result that some radio clock drivers could use some rewriting.
-		How NTP Works
-		The approach used by NTP to achieve reliable time synchronization from a set of possibly unreliable remote time servers is somewhat different than other protocols. In particular, NTP does not attempt to synchronize clocks to each other. Rather, each server attempts to synchronize to Universal Coordinated Time (UTC) using the best available source and available transmission paths to that source. This is a fine point which is worth understanding. A group of NTP-synchronized clocks may be close to each other in time, but this is not a consequence of the clocks in the group having synchronized to each other, but rather because each clock has synchronized closely to UTC via the best source it has access to. As such, trying to synchronize a set of clocks to a set of servers whose time is not in mutual agreement may not result in any sort of useful synchronization of the clocks, even if you don't care about UTC. However, in networks isolated from UTC sources, provisions can made to nominate one of them as a phantom UTC source.
-		NTP operates on the premise that there is one true standard time, and that if several servers which claim synchronization to standard time disagree about what that time is, then one or more of them must be broken. There is no attempt to resolve differences more gracefully since the premise is that substantial differences cannot exist. In essence, NTP expects that the time being distributed from the root of the synchronization subnet will be derived from some external source of UTC (e.g., a radio clock). This makes it somewhat inconvenient (though by no means impossible) to synchronize hosts together without a reliable source of UTC to synchronize them to. If your network is isolated and you cannot access other people's servers across the Internet, a radio clock may make a good investment.
-		Time is distributed through a hierarchy of NTP servers, with each server adopting a stratum which indicates how far away from an external source of UTC it is operating at. Stratum-1 servers, which are at the top of the pile (or bottom, depending on your point of view), have access to some external time source, usually a radio clock synchronized to time signal broadcasts from radio stations which explicitly provide a standard time service. A stratum-2 server is one which is currently obtaining time from a stratum-1 server, a stratum-3 server gets its time from a stratum-2 server, and so on. To avoid long lived synchronization loops the number of strata is limited to 15.
-		Each client in the synchronization subnet (which may also be a server for other, higher stratum clients) chooses exactly one of the available servers to synchronize to, usually from among the lowest stratum servers it has access to. This is, however, not always an optimal configuration, for indeed NTP operates under another premise as well, that each server's time should be viewed with a certain amount of distrust. NTP really prefers to have access to several sources of lower stratum time (at least three) since it can then apply an agreement algorithm to detect insanity on the part of any one of these. Normally, when all servers are in agreement, NTP will choose the best of these, where "best" is defined in terms of lowest stratum, closest (in terms of network delay) and claimed precision, along with several other considerations. The implication is that, while one should aim to provide each client with three or more sources of lower stratum time, several of these will only be providing backup service and may be of lesser quality in terms of network delay and stratum (i.e., a same-stratum peer which receives time from lower stratum sources the local server doesn't access directly can also provide good backup service).
-		Finally, there is the issue of association modes. There are a number of modes in which NTP servers can associate with each other, with the mode of each server in the pair indicating the behaviour the other server can expect from it. In particular, when configuring a server to obtain time from other servers, there is a choice of two modes which may be used. Configuring an association in symmetric-active mode (usually indicated by a peer declaration in the configuration file) indicates to the remote server that one wishes to obtain time from the remote server and that one is also willing to supply time to the remote server if need be. This mode is appropriate in configurations involving a number of redundant time servers interconnected via diverse network paths, which is presently the case for most stratum-1 and stratum-2 servers on the Internet today. Configuring an association in client mode (usually indicated by a server declaration in the configuration file) indicates that one wishes to obtain time from the remote server, but that one is not willing to provide time to the remote server. This mode is appropriate for file-server and workstation clients that do not provide synchronization to other local clients. Client mode is also useful for boot-date-setting programs and the like, which really have no time to provide and which don't retain state about associations over the longer term.
-		Where the requirements in accuracy and reliability are modest, clients can be configured to use broadcast and/or multicast modes. These modes are not normally utilized by servers with dependent clients. The advantage of these modes is that clients do not need to be configured for a specific server, so that all clients operating can use the same configuration file. Broadcast mode requires a broadcast server on the same subnet, while multicast mode requires support for IP multicast on the client machine, as well as connectivity via the MBONE to a multicast server. Since broadcast messages are not propagated by routers, only those broadcast servers on the same subnet will be used. There is at present no way to select which of possibly many multicast servers will be used, since all operate on the same group address.
-		Where the maximum accuracy and reliability provided by NTP are needed, clients and servers operate in either client/server or symmetric modes. Symmetric modes are most often used between two or more servers operating as a mutually redundant group. In these modes, the servers in the group members arrange the synchronization paths for maximum performance, depending on network jitter and propagation delay. If one or more of the group members fail, the remaining members automatically reconfigure as required. Dependent clients and servers normally operate in client/server mode, in which a client or dependent server can be synchronized to a group member, but no group member can synchronize to the client or dependent server. This provides protection against malfunctions or protocol attacks.
-		Servers that provide synchronization to a sizeable population of clients normally operate as a group of three or more mutually redundant servers, each operating with three or more stratum-one or stratum-two servers in client-server modes, as well as all other members of the group in symmetric modes. This provides protection against malfunctions in which one or more servers fail to operate or provide incorrect time. The NTP algorithms have been specifically engineered to resist attacks where some fraction of the configured synchronization sources accidently or purposely provide incorrect time. In these cases a special voting procedure is used to identify spurious sources and discard their data.
-		Configuring Your Subnet
-		At startup time the ntpd daemon running on a host reads the initial configuration information from a file, usually /etc/ntp.conf, unless a different name has been specified at compile time. Putting something in this file which will enable the host to obtain time from somewhere else is usually the first big hurdle after installation of the software itself, which is described in the Building and Installing the Distribution page. At its simplest, what you need to do in the configuration file is declare the servers that the daemon should poll for time synchronization. In principle, no such list is needed if some other time server operating in broadcast/multicast mode is available, which requires the client to operate in a broadcastclient mode.
-		In the case of a workstation operating in an enterprise network for a public or private organization, there is often an administrative department that coordinates network services, including NTP. Where available, the addresses of appropriate servers can be provided by that department. However, if this infrastructure is not available, it is necessary to explore some portion of the existing NTP subnet now running in the Internet. There are at present many thousands of time servers running NTP in the Internet, a significant number of which are willing to provide a public time- synchronization service. Some of these are listed in the list of public time servers, which can be accessed via the NTP web page. These data are updated on a regular basis using information provided voluntarily by various site administrators. There are other ways to explore the nearby subnet using the ntptrace and ntpdc programs.
-		It is vital to carefully consider the issues of robustness and reliability when selecting the sources of synchronization. Normally, not less than three sources should be available, preferably selected to avoid common points of failure. It is usually better to choose sources which are likely to be "close" to you in terms of network topology, though you shouldn't worry overly about this if you are unable to determine who is close and who isn't. Normally, it is much more serious when a server becomes faulty and delivers incorrect time than when it simply stops operating, since an NTP-synchronized host normally can coast for hours or even days without its clock accumulating serious error approaching a second, for instance. Selecting at least three sources from different operating administrations, where possible, is the minimum recommended, although a lesser number could provide acceptable service with a degraded degree of robustness.
-		Normally, it is not considered good practice for a single workstation to request synchronization from a primary (stratum-1) time server. At present, these servers provide synchronization for hundreds of clients in many cases and could, along with the network access paths, become seriously overloaded if large numbers of workstation clients requested synchronization directly. Therefore, workstations located in sparsely populated administrative domains with no local synchronization infrastructure should request synchronization from nearby stratum-2 servers instead. In most cases the keepers of those servers in the lists of public servers provide unrestricted access without prior permission; however, in all cases it is considered polite to notify the administrator listed in the file upon commencement of regular service. In all cases the access mode and notification requirements listed in the file must be respected. Under no conditions should servers not in these lists be used without prior permission, as to do so can create severe problems in the local infrastructure, especially in cases of dial-up access to the Internet.
-		In the case of a gateway or file server providing service to a significant number of workstations or file servers in an enterprise network it is even more important to provide multiple, redundant sources of synchronization and multiple, diversity-routed, network access paths. The preferred configuration is at least three administratively coordinated time servers providing service throughout the administrative domain including campus networks and subnetworks. Each of these should obtain service from at least two different outside sources of synchronization, preferably via different gateways and access paths. These sources should all operate at the same stratum level, which is one less than the stratum level to be used by the local time servers themselves. In addition, each of these time servers should peer with all of the other time servers in the local administrative domain at the stratum level used by the local time servers, as well as at least one (different) outside source at this level. This configuration results in the use of six outside sources at a lower stratum level (toward the primary source of synchronization, usually a radio clock), plus three outside sources at the same stratum level, for a total of nine outside sources of synchronization. While this may seem excessive, the actual load on network resources is minimal, since the interval between polling messages exchanged between peers usually ratchets back to no more than one message every 17 minutes.
-		The stratum level to be used by the local time servers is an engineering choice. As a matter of policy, and in order to reduce the load on the primary servers, it is desirable to use the highest stratum consistent with reliable, accurate time synchronization throughout the administrative domain. In the case of enterprise networks serving hundreds or thousands of client file servers and workstations, conventional practice is to obtain service from stratum-1 primary servers listed for public access. When choosing sources away from the primary sources, the particular synchronization path in use at any time can be verified using the ntptrace program included in this distribution. It is important to avoid loops and possible common points of failure when selecting these sources. Note that, while NTP detects and rejects loops involving neighboring servers, it does not detect loops involving intervening servers. In the unlikely case that all primary sources of synchronization are lost throughout the subnet, the remaining servers on that subnet can form temporary loops and, if the loss continues for an interval of many hours, the servers will drop off the subnet and free-run with respect to their internal (disciplined) timing sources. After some period with no outside timing source (currently one day), a host will declare itself unsynchronized and provide this information to local application programs.
-		In many cases the purchase of one or more radio clocks is justified, in which cases good engineering practice is to use the configurations described above anyway and connect the radio clock to one of the local servers. This server is then encouraged to participate in a special primary-server subnetwork in which each radio-equipped server peers with several other similarly equipped servers. In this way the radio-equipped server may provide synchronization, as well as receive synchronization, should the local or remote radio clock(s) fail or become faulty. ntpd treats attached radio clock(s) in the same way as other servers and applies the same criteria and algorithms to the time indications, so can detect when the radio fails or becomes faulty and switch to alternate sources of synchronization. It is strongly advised, and in practice for most primary servers today, to employ the authentication or access-control features of the NTP specification in order to protect against hostile intruders and possible destabilization of the time service. Using this or similar strategies, the remaining hosts in the same administrative domain can be synchronized to the three (or more) selected time servers. Assuming these servers are synchronized directly to stratum-1 sources and operate normally as stratum-2, the next level away from the primary source of synchronization, for instance various campus file servers, will operate at stratum 3 and dependent workstations at stratum 4. Engineered correctly, such a subnet will survive all but the most exotic failures or even hostile penetrations of the various, distributed timekeeping resources.
-		The above arrangement should provide very good, robust time service with a minimum of traffic to distant servers and with manageable loads on the local servers. While it is theoretically possible to extend the synchronization subnet to even higher strata, this is seldom justified and can make the maintenance of configuration files unmanageable. Serving time to a higher stratum peer is very inexpensive in terms of the load on the lower stratum server if the latter is located on the same concatenated LAN. When justified by the accuracy expectations, NTP can be operated in broadcast and multicast modes, so that clients need only listen for periodic broadcasts and do not need to send anything.
-		When planning your network you might, beyond this, keep in mind a few generic don'ts, in particular:
-		
-			Don't synchronize a local time server to another peer at the same stratum, unless the latter is receiving time from lower stratum sources the former doesn't talk to directly. This minimizes the occurrence of common points of failure, but does not eliminate them in cases where the usual chain of associations to the primary sources of synchronization are disrupted due to failures.
-			


-			
Don't configure peer associations with higher stratum servers. Let the higher strata configure lower stratum servers, but not the reverse. This greatly simplifies configuration file maintenance, since there is usually much greater configuration churn in the high stratum clients such as personal workstations.
-			


-			
Don't synchronize more than one time server in a particular administrative domain to the same time server outside that domain. Such a practice invites common points of failure, as well as raises the possibility of massive abuse, should the configuration file be automatically distributed do a large number of clients.
-		
-		There are many useful exceptions to these rules. When in doubt, however, follow them.
-		Configuring Your Server or Client
-		As mentioned previously, the configuration file is usually called /etc/ntp.conf. This is an ASCII file conforming to the usual comment and whitespace conventions. A working configuration file might look like (in this and other examples, do not copy this directly):
-		-     # peer configuration for host whimsy
-     # (expected to operate at stratum 2)
-
-     server rackety.udel.edu
-     server umd1.umd.edu
-     server lilben.tn.cornell.edu
-
-     driftfile /etc/ntp.drift
-
-		(Note the use of host names, although host addresses in dotted-quad notation can also be used. It is always preferable to use names rather than addresses, since over time the addresses can change, while the names seldom change.)
-		This particular host is expected to operate as a client at stratum 2 by virtue of the server keyword and the fact that two of the three servers declared (the first two) have radio clocks and usually run at stratum 1. The third server in the list has no radio clock, but is known to maintain associations with a number of stratum 1 peers and usually operates at stratum 2. Of particular importance with the last host is that it maintains associations with peers besides the two stratum 1 peers mentioned. This can be verified using the ntpq program mentioned above. When configured using the server keyword, this host can receive synchronization from any of the listed servers, but can never provide synchronization to them.
-		Unless restricted using facilities described later, this host can provide synchronization to dependent clients, which do not have to be listed in the configuration file. Associations maintained for these clients are transitory and result in no persistent state in the host. These clients are normally not visible using the ntpq program included in the distribution; however, ntpd includes a monitoring feature (described later) which caches a minimal amount of client information useful for debugging administrative purposes.
-		A time server expected to both receive synchronization from another server, as well as to provide synchronization to it, is declared using the peer keyword instead of the server keyword. In all other aspects the server operates the same in either mode and can provide synchronization to dependent clients or other peers. If a local source of UTC time is available, it is considered good engineering practice to declare time servers outside the administrative domain as peer and those inside as server in order to provide redundancy in the global Internet, while minimizing the possibility of instability within the domain itself. A time server in one domain can in principle heal another domain temporarily isolated from all other sources of synchronization. However, it is probably unwise for a casual workstation to bridge fragments of the local domain which have become temporarily isolated.
-		Note the inclusion of a driftfile declaration. One of the things the NTP daemon does when it is first started is to compute the error in the intrinsic frequency of the clock on the computer it is running on. It usually takes about a day or so after the daemon is started to compute a good estimate of this (and it needs a good estimate to synchronize closely to its server). Once the initial value is computed, it will change only by relatively small amounts during the course of continued operation. The driftfile declaration indicates to the daemon the name of a file where it may store the current value of the frequency error so that, if the daemon is stopped and restarted, it can reinitialize itself to the previous estimate and avoid the day's worth of time it will take to recompute the frequency estimate. Since this is a desirable feature, a driftfile declaration should always be included in the configuration file.
-		An implication in the above is that, should ntpd be stopped for some reason, the local platform time will diverge from UTC by an amount that depends on the intrinsic error of the clock oscillator and the time since last synchronized. In view of the length of time necessary to refine the frequency estimate, every effort should be made to operate the daemon on a continuous basis and minimize the intervals when for some reason it is not running.
-		Configuring NTP with NetInfo
-		If NetInfo support is compiled into NTP, you can opt to configure NTP in your NetInfo domain. NTP will look in the NetInfo directory /locations/ntp for property/value pairs which are equivalent to the lines in the configuration file described above. Each configuration keyword may have a corresponding property in NetInfo. Each value for a given property is treated as arguments to that property, similar to a line in the configuration file.
-		For example, the configuration shown in the configuration file above can be duplicated in NetInfo by adding a property "server" with values "rackety.udel.edu", "umd1.umd.edu", and "lilben.tn.cornell.edu"; and a property "driftfile" with the single value "/etc/ntp.drift".
-		Values may contain multiple tokens similar to the arguments available in the configuration file. For example, to use mimsy.mil as an NTP version 1 time server, you would add a value "mimsy.mil version 1" to the "server" property.
-		Ntp4 Versus Previous Versions
-		There are several items of note when dealing with a mixture of ntp4 and previous distributions of NTP Version 2 (ntpd) and NTP Version 1 (ntp3.4). The ntp4 implementation conforms to the NTP Version 3 specification RFC-1305 and, in addition, contains additional features documented in the Release Notes page. As such, by default when no additional information is available concerning the preferences of the peer, ntpd claims to be version 4 in the packets that it sends from configured associations. The version subcommand of the server, peer, broadcast and manycastclient command can be used to change the default. In unconfigured (ephemeral) associaitons, the daemon always replies in the same version as the request.
-		An NTP implementation conforming to a previous version specification ordinarily discards packets from a later version. However, in most respects documented in RFC-1305, The version 2 implementation is compatible with the version 3 algorithms and protocol. The version 1 implementation contains most of the version 2 algorithms, but without important features for clock selection and robustness. Nevertheless, in most respects the NTP versions are backwards compatible. The sticky part here is that, when a previous version implementation receives a packet claiming to be from a version 4 server, it discards it without further processing. Hence there is a danger that in some situations synchronization with previous versions will fail.
-		The trouble occurs when an previous version is to be included in an ntpd configuration file. With no further indication, ntpd will send packets claiming to be version 4 when it polls. To get around this, ntpd allows a qualifier to be added to configuration entries to indicate which version to use when polling. Hence the entries
-		-     # specify NTP version 1
-
-     server mimsy.mil version
-1     # server running ntpd version 1
-     server apple.com version
-2     # server running ntpd version 2
-
-		will cause version 1 packets to be sent to the host mimsy.mil and version 2 packets to be sent to apple.com. If you are testing ntpd against previous version servers you will need to be careful about this. Note that, as indicated in the RFC-1305 specification, there is no longer support for the original NTP specification, once called NTP Version 0.
-		Traffic Monitoring
-		ntpd handles peers whose stratum is higher than the stratum of the local server and polls using client mode by a fast path which minimizes the work done in responding to their polls, and normally retains no memory of these pollers. Sometimes, however, it is interesting to be able to determine who is polling the server, and how often, as well as who has been sending other types of queries to the server.
-		To allow this, ntpd implements a traffic monitoring facility which records the source address and a minimal amount of other information from each packet which is received by the server. This feature is normally enabled, but can be disabled if desired using the configuration file entry:
-		-     # disable monitoring feature
-     disable monitor
-
-		The recorded information can be displayed using the ntpdc query program, described briefly below.
-		Address-and-Mask Restrictions
-		The address-and-mask configuration facility supported by ntpd is quite flexible and general, but is not an integral part of the NTP Version 3 specification. The major drawback is that, while the internal implementation is very nice, the user interface is not. For this reason it is probably worth doing an example here. Briefly, the facility works as follows. There is an internal list, each entry of which holds an address, a mask and a set of flags. On receipt of a packet, the source address of the packet is compared to each entry in the list, with a match being posted when the following is true:
-		-     (source_addr & mask) == (address &
-mask)
-
-		A particular source address may match several list entries. In this case the entry with the most one bits in the mask is chosen. The flags associated with this entry are used to control the access.
-		In the current implementation the flags always add restrictions. In effect, an entry with no flags set leaves matching hosts unrestricted. An entry can be added to the internal list using a restrict declaration. The flags associated with the entry are specified textually. For example, the notrust flag indicates that hosts matching this entry, while treated normally in other respects, shouldn't be trusted to provide synchronization even if otherwise so enabled. The nomodify flag indicates that hosts matching this entry should not be allowed to do run-time configuration. There are many more flags, see the ntpd page.
-		Now the example. Suppose you are running the server on a host whose address is 128.100.100.7. You would like to ensure that run time reconfiguration requests can only be made from the local host and that the server only ever synchronizes to one of a pair of off-campus servers or, failing that, a time source on net 128.100. The following entries in the configuration file would implement this policy:
-		-     # by default, don't trust and don't allow
-modifications
-
-     restrict default notrust nomodify
-
-     # these guys are trusted for time, but no
-modifications allowed
-
-     restrict 128.100.0.0 mask 255.255.0.0 nomodify
-     restrict 128.8.10.1 nomodify
-     restrict 192.35.82.50 nomodify
-
-     # the local addresses are unrestricted
-
-     restrict 128.100.100.7
-     restrict 127.0.0.1
-
-		The first entry is the default entry, which all hosts match and hence which provides the default set of flags. The next three entries indicate that matching hosts will only have the nomodify flag set and hence will be trusted for time. If the mask isn't specified in the restrict keyword, it defaults to 255.255.255.255. Note that the address 128.100.100.7 matches three entries in the table, the default entry (mask 0.0.0.0), the entry for net 128.100 (mask 255.255.0.0) and the entry for the host itself (mask 255.255.255.255). As expected, the flags for the host are derived from the last entry since the mask has the most bits set.
-		The only other thing worth mentioning is that the restrict declarations apply to packets from all hosts, including those that are configured elsewhere in the configuration file and even including your clock pseudopeer(s), if any. Hence, if you specify a default set of restrictions which you don't wish to be applied to your configured peers, you must remove those restrictions for the configured peers with additional restrict declarations mentioning each peer separately.
-		Authentication
-		ntpd supports the optional authentication procedure specified in the NTP Version 2 and 3 specifications. Briefly, when an association runs in authenticated mode, each packet transmitted has appended to it a 32-bit key ID and a 64/128-bit cryptographic checksum of the packet contents computed using either the Data Encryption Standard (DES) or Message Digest (MD5) algorithms. Note that, while either of these algorithms provide sufficient protection from message- modification attacks, distribution of the former algorithm implementation is restricted to the U.S. and Canada, while the latter presently is free from such restrictions. For this reason, the DES algorithm is not included in the current distribution. Directions for obtaining it in other countries is in the Building and Installing the Distribution page. With either algorithm the receiving peer recomputes the checksum and compares it with the one included in the packet. For this to work, the peers must share at least one encryption key and, furthermore, must associate the shared key with the same key ID.
-		This facility requires some minor modifications to the basic packet processing procedures, as required by the specification. These modifications are enabled by the enable auth configuration declaration, which is currently the default. In authenticated mode, peers which send unauthenticated packets, peers which send authenticated packets which the local server is unable to decrypt and peers which send authenticated packets encrypted using a key we don't trust are all marked untrustworthy and unsuitable for synchronization. Note that, while the server may know many keys (identified by many key IDs), it is possible to declare only a subset of these as trusted. This allows the server to share keys with a client which requires authenticated time and which trusts the server, but which is not trusted by the server. Also, some additional configuration language is required to specify the key ID to be used to authenticate each configured peer association. Hence, for a server running in authenticated mode, the configuration file might look similar to the following:
-		-     # peer configuration for 128.100.100.7
-     # (expected to operate at stratum 2)
-     # fully authenticated this time
-
-     peer 128.100.49.105 key 22 #
-suzuki.ccie.utoronto.ca
-     peer 128.8.10.1 key 4    #
-umd1.umd.edu
-     peer 192.35.82.50 key 6  #
-lilben.tn.cornell.edu
-
-     keys /usr/local/etc/ntp.keys  # path for
-key file
-     trustedkey 1 2 14 15     #
-define trusted keys
-     requestkey
-15            #
-key (7) for accessing server variables
-     controlkey
-15            #
-key (6) for accessing server variables
-
-     authdelay
-0.000094       # authentication delay
-(Sun4c/50 IPX)
-
-		There are a couple of previously unmentioned things in here. The keys line specifies the path to the keys file (see below and the ntpd document page for details of the file format). The trustedkey declaration identifies those keys that are known to be uncompromised; the remainder presumably represent the expired or possibly compromised keys. Both sets of keys must be declared by key identifier in the ntp.keys file described below. This provides a way to retire old keys while minimizing the frequency of delicate key-distribution procedures. The requestkey line establishes the key to be used for mode-6 control messages as specified in RFC-1305 and used by the ntpq utility program, while the controlkey line establishes the key to be used for mode-7 private control messages used by the ntpdc utility program. These keys are used to prevent unauthorized modification of daemon variables.
-		Ordinarily, the authentication delay; that is, the processing time taken between the freezing of a transmit timestamp and the actual transmission of the packet when authentication is enabled (i.e. more or less the time it takes for the DES or MD5 routine to encrypt a single block) is computed automatically by the daemon. If necessary, the delay can be overridden by the authdelay line, which is used as a correction for the transmit timestamp.
-		Additional utility programs included in the ./authstuff directory can be used to generate random keys, certify implementation correctness and display sample keys. As a general rule, keys should be chosen randomly, except possibly the request and control keys, which must be entered by the user as a password.
-		The ntp.keys file contains the list of keys and associated key IDs the server knows about (for obvious reasons this file is better left unreadable by anyone except root). The contents of this file might look like:
-		-     # ntp keys file (ntp.keys)
-     1    N   
-29233E0461ECD6AE    # DES key in NTP format
-     2    M   
-RIrop8KPPvQvYotM    # md5 key as an ASCII random string
-     14   M   
-sundial           
-;  # md5 key as an ASCII string
-     15   A   
-sundial           
-;  # DES key as an ASCII string
-
-     # the following 3 keys are identical
-
-     10   A    SeCReT
-     10   N   
-d3e54352e5548080
-     10   S   
-a7cb86a4cba80101
-
-		In the keys file the first token on each line indicates the key ID, the second token the format of the key and the third the key itself. There are four key formats. An A indicates a DES key written as a 1- to-8 character string in 7-bit ASCII representation, with each character standing for a key octet (like a Unix password). An S indicates a DES key written as a hex number in the DES standard format, with the low order bit (LSB) of each octet being the (odd) parity bit. An N indicates a DES key again written as a hex number, but in NTP standard format with the high order bit of each octet being the (odd) parity bit (confusing enough?). An M indicates an MD5 key written as a 1-to-31 character ASCII string in the A format. Note that, because of the simple tokenizing routine, the characters ' ', '#', '\t', '\n' and '\0' can't be used in either a DES or MD5 ASCII key. Everything else is fair game, though. Key 0 (zero) is used for special purposes and should not appear in this file.
-		The big trouble with the authentication facility is the keys file. It is a maintenance headache and a security problem. This should be fixed some day. Presumably, this whole bag of worms goes away if/when a generic security regime for the Internet is established. An alternative with NTP Version 4 is the autokey feature, which uses random session keys and public-key cryptography and avoids the key file entirely. While this feature is not completely finished yet, details can be found in the Release Notes page.
-		Query Programs
-		Three utility query programs are included with the distribution, ntpq, ntptrace and ntpdc. ntpq is a handy program which sends queries and receives responses using NTP standard mode-6 control messages. Since it uses the standard control protocol specified in RFC- 1305, it may be used with NTP Version 2 and Version 3 implementations for both Unix and Fuzzball, but not Version 1 implementations. It is most useful to query remote NTP implementations to assess timekeeping accuracy and expose bugs in configuration or operation.
-		ntptrace can be used to display the current synchronization path from a selected host through possibly intervening servers to the primary source of synchronization, usually a radio clock. It works with both version 2 and version 3 servers, but not version 1.
-		ntpdc is a horrid program which uses NTP private mode-7 control messages to query local or remote servers. The format and contents of these messages are specific to this version of ntpd and some older versions. The program does allow inspection of a wide variety of internal counters and other state data, and hence does make a pretty good debugging tool, even if it is frustrating to use. The other thing of note about ntpdc is that it provides a user interface to the run time reconfiguration facility. See the respective document pages for details on the use of these programs.
-		Run-Time Reconfiguration
-		ntpd was written specifically to allow its configuration to be fully modifiable at run time. Indeed, the only way to configure the server is at run time. The configuration file is read only after the rest of the server has been initialized into a running default-configured state. This facility was included not so much for the benefit of Unix, where it is handy but not strictly essential, but rather for dedicated platforms where the feature is more important for maintenance. Nevertheless, run time configuration works very nicely for Unix servers as well.
-		Nearly all of the things it is possible to configure in the configuration file may be altered via NTP mode-7 messages using the ntpdc program. Mode-6 messages may also provide some limited configuration functionality (though the only thing you can currently do with mode-6 messages is set the leap-second warning bits) and the ntpq program provides generic support for the latter. The leap bits that can be set in the leap_warning variable (up to one month ahead) and in the leap_indication variable have a slightly different encoding than the usual interpretation:
-		-       
-Value           Action
-
-        
-00            
-p; The daemon passes the leap bits of its
-            
-           
-synchronisation source (usual mode of operation)
-
-        01/10   A leap
-second is added/deleted
-
-        
-11            
-p; Leap information from the synchronization source
-            
-            is
-ignored (thus LEAP_NOWARNING is passed on)
-
-		Mode-6 and mode-7 messages which would modify the configuration of the server are required to be authenticated using standard NTP authentication. To enable the facilities one must, in addition to specifying the location of a keys file, indicate in the configuration file the key IDs to be used for authenticating reconfiguration commands. Hence the following fragment might be added to a configuration file to enable the mode-6 (ntpq) and mode-7 (ntpdc) facilities in the daemon:
-		-     # specify mode-6 and mode-7 trusted keys
-
-     requestkey 65535    # for mode-7
-requests
-     controlkey 65534    # for mode-6
-requests
-
-		If the requestkey and/or the controlkey configuration declarations are omitted from the configuration file, the corresponding run-time reconfiguration facility is disabled.
-		The query programs require the user to specify a key ID and a key to use for authenticating requests to be sent. The key ID provided should be the same as the one mentioned in the configuration file, while the key should match that corresponding to the key ID in the keys file. As the query programs prompt for the key as a password, it is useful to make the request and control authentication keys typeable (in ASCII format) from the keyboard.
-		Name Resolution
-		ntpd includes the capability to specify host names requiring resolution in peer and server declarations in the configuration file. However, in some outposts of the Internet, name resolution is unreliable and the interface to the Unix resolver routines is synchronous. The hangups and delays resulting from name-resolver clanking can be unacceptable once the NTP server is running (and remember it is up and running before the configuration file is read). However, it is advantageous to resolve time server names, since their addresses are occasionally changed.
-		In order to prevent configuration delays due to the name resolver, the daemon runs the name resolution process in parallel with the main daemon code. When the daemon comes across a peer or server entry with a non-numeric host address, it records the relevant information in a temporary file and continues on. When the end of the configuration file has been reached and one or more entries requiring name resolution have been found, the server runs the name resolver from the temporary file. The server then continues on normally but with the offending peers/servers omitted from its configuration.
-		As each name is resolved, it configures the associated entry into the server using the same mode-7 run time reconfiguration facility that ntpdc uses. If temporary resolver failures occur, the resolver will periodically retry the requests until a definite response is received. The program will continue to run until all entries have been resolved.
-		Dealing with Frequency Tolerance Violations (tickadj and Friends)
-		The NTP Version 3 specification RFC-1305 calls for a maximum oscillator frequency tolerance of +-100 parts-per-million (PPM), which is representative of those components suitable for use in relatively inexpensive workstation platforms. For those platforms meeting this tolerance, NTP will automatically compensate for the frequency errors of the individual oscillator and no further adjustments are required, either to the configuration file or to various kernel variables. For the NTP Version 4 release, this tolerance has been increased to +-500 PPM.
-		However, in the case of certain notorious platforms, in particular Sun 4.1.1 systems, the performance can be improved by adjusting the values of certain kernel variables; in particular, tick and tickadj. The variable tick is the increment in microseconds added to the system time on each interval- timer interrupt, while the variable tickadj is used by the time adjustment code as a slew rate, in microseconds per tick. When the time is being adjusted via a call to the system routine adjtime(), the kernel increases or reduces tick by tickadj microseconds per tick until the specified adjustment has been completed. Unfortunately, in most Unix implementations the tick increment must be either zero or plus/minus exactly tickadj microseconds, meaning that adjustments are truncated to be an integral multiple of tickadj (this latter behaviour is a misfeature, and is the only reason the tickadj code needs to concern itself with the internal implementation of tickadj at all). In addition, the stock Unix implementation considers it an error to request another adjustment before a prior one has completed.
-		Thus, to make very sure it avoids problems related to the roundoff, the tickadj program can be used to adjust the values of tick and tickadj. This ensures that all adjustments given to adjtime() are an even multiple of tickadj microseconds and computes the largest adjustment that can be completed in the adjustment interval (using both the value of tick and the value of tickadj) so it can avoid exceeding this limit. It is important to note that not all systems will allow inspection or modification of kernel variables other than at system build time. It is also important to know that, with the current NTP tolerances, it is rarely necessary to make these changes, but in many cases they will substantially improve the general accuracy of the time service.
-		Unfortunately, the value of tickadj set by default is almost always too large for ntpd. NTP operates by continuously making small adjustments to the clock, usually at one-second intervals. If tickadj is set too large, the adjustments will disappear in the roundoff; while, if tickadj is too small, NTP will have difficulty if it needs to make an occasional large adjustment. While the daemon itself will read the kernel's values of these variables, it will not change the values, even if they are unsuitable. You must do this yourself before the daemon is started using the tickadj program included in the ./util directory of the distribution. Note that the latter program will also compute an optimal value of tickadj for NTP use based on the kernel's value of tick.
-		The tickadj program can reset several other kernel variables if asked. It can change the value of tick if asked. This is handy to compensate for kernel bugs which cause the clock to run with a very large frequency error, as with SunOS 4.1.1 systems. It can also be used to set the value of the kernel dosynctodr variable to zero. This variable controls whether to synchronize the system clock to the time-of-day clock, something you really don't want to be happen when ntpd is trying to keep it under control. In some systems, such as recent Sun Solaris kernels, the dosynctodr variable is the only one that can be changed by the tickadj program. In this and other modern kernels, it is not necessary to change the other variables in any case.
-		We have a report that says starting with Solaris 2.6 we should leave dosynctodr alone.
-		In order to maintain reasonable correctness bounds, as well as reasonably good accuracy with acceptable polling intervals, ntpd will complain if the frequency error is greater than 500 PPM. For machines with a value of tick in the 10-ms range, a change of one in the value of tick will change the frequency by about 100 PPM. In order to determine the value of tick for a particular CPU, disconnect the machine from all sources of time (dosynctodr = 0) and record its actual time compared to an outside source (eyeball-and-wristwatch will do) over a day or more. Multiply the time change over the day by 0.116 and add or subtract the result to tick, depending on whether the CPU is fast or slow. An example call to tickadj useful on SunOS 4.1.1 is:
-		-     tickadj -t 9999 -a 5 -s
-
-		which sets tick 100 PPM fast, tickadj to 5 microseconds and turns off the clock/calendar chip fiddle. This line can be added to the rc.local configuration file to automatically set the kernel variables at boot time.
-		All this stuff about diddling kernel variables so the NTP daemon will work is really silly. If vendors would ship machines with clocks that kept reasonable time and would make their adjtime() system call apply the slew it is given exactly, independent of the value of tickadj, all this could go away. This is in fact the case on many current Unix systems.
-		Tuning Your Subnet
-		There are several parameters available for tuning the NTP subnet for maximum accuracy and minimum jitter. One of these is the prefer configuration declaration described in Mitigation Rules and the prefer Keyword documentation page. When more than one eligible server exists, the NTP clock-selection and combining algorithms act to winnow out all except the "best" set of servers using several criteria based on differences between the readings of different servers and between successive readings of the same server. The result is usually a set of surviving servers that are apparently statistically equivalent in accuracy, jitter and stability. The population of survivors remaining in this set depends on the individual server characteristics measured during the selection process and may vary from time to time as the result of normal statistical variations. In LANs with high speed RISC-based time servers, the population can become somewhat unstable, with individual servers popping in and out of the surviving population, generally resulting in a regime called clockhopping.
-		When only the smallest residual jitter can be tolerated, it may be convenient to elect one of the servers at each stratum level as the preferred one using the keyword prefer on the configuration declaration for the selected server:
-		-     # preferred server declaration
-
-     peer rackety.udel.edu prefer   
-# preferred server
-
-		The preferred server will always be included in the surviving population, regardless of its characteristics and as long as it survives preliminary sanity checks and validation procedures.
-		The most useful application of the prefer keyword is in high speed LANs equipped with precision radio clocks, such as a GPS receiver. In order to insure robustness, the hosts need to include outside peers as well as the GPS-equipped server; however, as long as that server is running, the synchronization preference should be that server. The keyword should normally be used in all cases in order to prefer an attached radio clock. It is probably inadvisable to use this keyword for peers outside the LAN, since it interferes with the carefully crafted judgement of the selection and combining algorithms.
-		Provisions for Leap Seconds and Accuracy Metrics
-		ntpd understands leap seconds and will attempt to take appropriate action when one occurs. In principle, every host running ntpd will insert a leap second in the local timescale in precise synchronization with UTC. This requires that the leap-warning bits be activated some time prior to the occurrence of a leap second at the primary (stratum 1) servers. Subsequently, these bits are propagated throughout the subnet depending on these servers by the NTP protocol itself and automatically implemented by ntpd and the time- conversion routines of each host. The implementation is independent of the idiosyncrasies of the particular radio clock, which vary widely among the various devices, as long as the idiosyncratic behavior does not last for more than about 20 minutes following the leap. Provisions are included to modify the behavior in cases where this cannot be guaranteed. While provisions for leap seconds have been carefully crafted so that correct timekeeping immediately before, during and after the occurrence of a leap second is scrupulously correct, stock Unix systems are mostly inept in responding to the available information. This caveat goes also for the maximum-error and statistical-error bounds carefully calculated for all clients and servers, which could be very useful for application programs needing to calibrate the delays and offsets to achieve a near- simultaneous commit procedure, for example. While this information is maintained in the ntpd data structures, there is at present no way for application programs to access it. This may be a topic for further development.
-		Clock Support Overview
-		ntpd was designed to support radio (and other external) clocks and does some parts of this function with utmost care. Clocks are treated by the protocol as ordinary NTP peers, even to the point of referring to them with an (invalid) IP host address. Clock addresses are of the form 127.127.t.u, where t specifies the particular type of clock (i.e., refers to a particular clock driver) and u is a unit number whose interpretation is clock-driver dependent. This is analogous to the use of major and minor device numbers by Unix and permits multiple instantiations of clocks of the same type on the same server, should such magnificent redundancy be required.
-		Because clocks look much like peers, both configuration file syntax and run time reconfiguration commands can be used to control clocks in the same way as ordinary peers. Clocks are configured via server declarations in the configuration file, can be started and stopped using ntpdc and are subject to address-and-mask restrictions much like a normal peer, should this stretch of imagination ever be useful. As a concession to the need to sometimes transmit additional information to clock drivers, an additional configuration file is available: the fudge statement. This enables one to specify the values of two time quantities, two integral values and two flags, the use of which is dependent on the particular clock driver. For example, to configure a PST radio clock which can be accessed through the serial device /dev/pst1, with propagation delays to WWV and WWVH of 7.5 and 26.5 milliseconds, respectively, on a machine with an imprecise system clock and with the driver set to disbelieve the radio clock once it has gone 30 minutes without an update, one might use the following configuration file entries:
-		-     # radio clock fudge fiddles
-     server 127.127.3.1
-     fudge 127.127.3.1 time1 0.0075 time2 0.0265
-     fudge 127.127.3.1 value2 30 flag1 1
-
-		Additional information on the interpretation of these data with respect to various radio clock drivers is given in the Reference Clock Drivers document page and in the individual driver documents accessible via that page.
-		Towards the Ultimate Tick
-		This section considers issues in providing precision time synchronization in NTP subnets which need the highest quality time available in the present technology. These issues are important in subnets supporting real-time services such as distributed multimedia conferencing and wide-area experiment control and monitoring.
-		In the Internet of today synchronization paths often span continents and oceans with moderate to high variations in delay due to traffic spasms. NTP is specifically designed to minimize timekeeping jitter due to delay variations using intricately crafted filtering and selection algorithms; however, in cases where these variations are as much as a second or more, the residual jitter following these algorithms may still be excessive. Sometimes, as in the case of some isolated NTP subnets where a local source of precision time is available, such as a PPS signal produced by a calibrated cesium clock, it is possible to remove the jitter and retime the local clock oscillator of the NTP server. This has turned out to be a useful feature to improve the synchronization quality of time distributed in remote places where radio clocks are not available. In these cases special features of the distribution are used together with the PPS signal to provide a jitter-free timing signal, while NTP itself is used to provide the coarse timing and resolve the seconds numbering.
-		Most available radio clocks can provide time to an accuracy in the order of milliseconds, depending on propagation conditions, local noise levels and so forth. However, as a practical matter, all clocks can occasionally display errors significantly exceeding nominal specifications. Usually, the algorithms used by NTP for ordinary network peers, as well as radio clock peers will detect and discard these errors as discrepancies between the disciplined local clock oscillator and the decoded time message produced by the radio clock. Some radio clocks can produce a special PPS signal which can be interfaced to the server platform in a number of ways and used to substantially improve the (disciplined) clock oscillator jitter and wander characteristics by at least an order of magnitude. Using these features it is possible to achieve accuracies in the order of a few tens of microseconds with a fast RISC- based platform.
-		There are three ways to implement PPS support, depending on the radio clock model, platform model and serial line interface. These are described in detail in the application notes mentioned in the The Network Time Protocol (NTP) Distribution document page. Each of these requires circuitry to convert the TTL signal produced by most clocks to the EIA levels used by most serial interfaces. The Pulse-per-second (PPS) Signal Interfacing page describes a device designed to do this. Besides being useful for this purpose, this device includes an inexpensive modem designed for use with the Canadian CHU time/frequency radio station.
-		In order to select the appropriate implementation, it is important to understand the underlying PPS mechanism used by ntpd. The PPS support depends on a continuous source of PPS pulses used to calculate an offset within +-500 milliseconds relative to the local clock. The serial timecode produced by the radio or the time determined by NTP in absence of the radio is used to adjust the local clock within +-128 milliseconds of the actual time. As long as the local clock is within this interval the PPS support is used to discipline the local clock and the timecode used only to verify that the local clock is in fact within the interval. Outside this interval the PPS support is disabled and the timecode used directly to control the local clock.
-		Parting Shots
-		There are several undocumented programs which can be useful in unusual cases. They can be found in the ./clockstuff and ./authstuff directories of the distribution. One of these is the propdelay program, which can compute high frequency radio propagation delays between any two points whose latitude and longitude are known. The program understands something about the phenomena which allow high frequency radio propagation to occur, and will generally provide a better estimate than a calculation based on the great circle distance. Other programs of interest include clktest, which allows one to exercise the generic clock line discipline, and chutest, which runs the basic reduction algorithms used by the daemon on data received from a serial port. 
-		
-		
-			
-		

-		
-	
-
-
diff --git a/html/ntpd.html b/html/ntpd.html
index c27b6a364f..99a4c09ff7 100644
--- a/html/ntpd.html
+++ b/html/ntpd.html
@@ -13,10 +13,10 @@
 		ntpd - Network Time Protocol (NTP) daemon
 		from Alice's Adventures in Wonderland, Lewis Carroll
 		The mushroom knows all the command line options.
-		Last update: 19:27 UTC Sunday, July 01, 2007
+		Last update: 01:10 UTC Saturday, November 24, 2007
 		

 		Related Links
-		
+		
 		Table of Contents
 		
 			Synopsis

diff --git a/html/ntpdc.html b/html/ntpdc.html
index 02bc13aec4..4c803d4335 100644
--- a/html/ntpdc.html
+++ b/html/ntpdc.html
@@ -13,10 +13,10 @@
 		ntpdc - special NTP query program
 		from Alice's Adventures in Wonderland, Lewis Carroll
 		This program is a big puppy.
-		Last update: 04:11 AM UTC Monday, November 27, 2006
+		Last update: 01:11 UTC Saturday, November 24, 2007
 		

 		More Help
-		
+		
 		
 		Synopsis
 		ntpdc [ -ilnps ] [ -c command ] [ host ] [ ... ]
diff --git a/html/ntpdsim.html b/html/ntpdsim.html
index 31eccf84ec..3ae33b5653 100644
--- a/html/ntpdsim.html
+++ b/html/ntpdsim.html
@@ -13,10 +13,10 @@
 		ntpdsim - Network Time Protocol (NTP) simulator
 		from Alice's Adventures in Wonderland, Lewis Carroll
 		The mushroom knows all the command line options.
-		Last update: 20:07 UTC Friday, June 16, 2006
+		Last update: 01:12 UTC Saturday, November 24, 2007
 		

 		Related Links
-		
+		
 		Table of Contents
 		
 			Synopsis

diff --git a/html/ntpdsim_new.html b/html/ntpdsim_new.html
index 47c226ac10..76706fd39e 100644
--- a/html/ntpdsim_new.html
+++ b/html/ntpdsim_new.html
@@ -5,18 +5,18 @@
 	
 		
 		
-		ntpdsim - Network Time Protocol (NTP) simulator
+		ntpdsim - Network Time Protocol (NTP) Simulator
 		
 	
 
 	
-		ntpdsim - Network Time Protocol (NTP) simulator
+		ntpdsim - Network Time Protocol (NTP) Simulator
 		from Alice's Adventures in Wonderland, Lewis Carroll
 		The mushroom knows all the command line options.
-		Last update: 21:32 UTC Friday, June 16, 2006
+		Last update: 19:45 UTC Saturday, January 19, 2008
 		

 		Related Links
-		
+		
 		Table of Contents
 		
 			Description

diff --git a/html/ntpq.html b/html/ntpq.html
index 4c077e22cc..85ead196d6 100644
--- a/html/ntpq.html
+++ b/html/ntpq.html
@@ -13,10 +13,10 @@
 		ntpq - standard NTP query program
 		from Pogo, Walt Kelly
 		A typical NTP monitoring packet
-		Last update: 18:45 UTC Thursday, July 28, 2005
+		Last update: 01:13 UTC Saturday, November 24, 2007
 		

 		More Help
-		
+		
 		
 		Synopsis
 		ntpq [-inp] [-c command] [host] [...]
diff --git a/html/ntptrace.html b/html/ntptrace.html
index 3b533f9eca..6ecc3e9f0c 100644
--- a/html/ntptrace.html
+++ b/html/ntptrace.html
@@ -13,13 +13,14 @@
 		ntptrace - trace a chain of NTP servers back to the primary source
 		from Alice's Adventures in Wonderland, Lewis Carroll
 		The rabbit knows the way back.
-		Last update: 18:47 UTC Thursday, July 28, 2005
+		Last update: 19:06 UTC Wednesday, January 16, 2008
 		

 		
 		Synopsis
 		ntptrace [ -vdn ] [ -r retries ] [ -t timeout ] [ server ]
 		Description
-		ntptrace determines where a given Network Time Protocol (NTP) server gets its time from, and follows the chain of NTP servers back to their master time source. If given no arguments, it starts with localhost. Here is an example of the output from ntptrace:
+		ntptrace is a perl script that uses the ntpq utility program to follow the chain of NTP servers from a given host back to the primary time source. For ntptrace to work properly, each of these servers must implement the NTP Control and Monitoring Protocol specified in RFC 1305 and enable NTP Mode 6 packets.
+		If given no arguments, ntptrace starts with localhost. Here is an example of the output from ntptrace:
 		 % ntptrace
 localhost: stratum 4, offset 0.0019529, synch distance 0.144135
diff --git a/html/pic/broad.gif b/html/pic/broad.gif
new file mode 100644
index 0000000000..b372bb5c14
Binary files /dev/null and b/html/pic/broad.gif differ
diff --git a/html/pic/peer.gif b/html/pic/peer.gif
new file mode 100644
index 0000000000..35bd36f7fb
Binary files /dev/null and b/html/pic/peer.gif differ
diff --git a/html/pps.html b/html/pps.html
index b9fcd7f387..576f6ebec8 100644
--- a/html/pps.html
+++ b/html/pps.html
@@ -13,29 +13,35 @@
 		Pulse-per-second (PPS) Signal Interfacing
 		from Alice's Adventures in Wonderland, Lewis Carroll
 		Alice is trying to find the PPS signal connector.
-		Last update: 18:48 UTC Thursday, July 28, 2005
+		Last update: 22:01 UTC Wednesday, January 02, 2008
 		

 		Related Links
-		
+		
+		Table of Contents
+			Introduction
+			
Gadget Box
+			
Operating System Support
+			
Using the Pulse-per-Second (PPS) Signal
 		
-		Some radio clocks and related timekeeping gear have a pulse-per-second (PPS) signal that can be used to discipline the system clock to a high degree of precision, typically to the order less than 10 ms in time and 0.01 parts-per-million (PPM) in frequency. This page describes the hardware and software necessar for NTP to use this signal.
-		A Gadget Box built by Chuck Hanavin

-		Gadget Box
-		The PPS signal can be connected in either of two ways: via the data carrier detector (DCD) pin of a serial port or via the acknowledge (ACK) pin of a parallel port, depending on the hardware and operating system. Note that NTP no longer supports connection via the data leads of a serial port. However, the PPS signal levels are usually incompatible with serial port levels. The gadget box consists of a handful of electronic components assembled in a small aluminum box. It includes level converters and a optional modem designed to decode the radio timecode signals transmitted by Canadian time and frequency station CHU. This can be used with the Radio CHU Audio Demodulator/Decoder. A complete set of schematics, PCB artwork and drill templates can be obrtained via the web at gadget.tar.Z.
-		Operating System Support 
-		Both the serial and parallel port connection require operating system support, which is available in only a few operating systems, including FreeBSD, Linux (with PPSkit patch) and Solaris. Support on an experimental basis is available for several other systems, including SunOS and HP/Compaq/Digital Tru64. The PPSAPI application program interface defined in [1] is the only interface currently supported. Older PPS interfaces based on the ppsclock and tty_clk streams modules are no longer supported. As the PPSAPI is expected to become an IETF cross-platform standard, it should be used by new applications.
-		The entire PPS interface functionality is currently provided by inline code in the timepps.h header file. While not all implementations support the full PPSAPI specification, they do support all the functions required for the PPS driver described next. The FreeBSD, Linux and Solaris implementations can be used with the stock kernels provided with those systems; however, the Tru64 and SunOS kernels require additional functions not provided in the stock kernels. Solaris users are cautioned that these functions operate improperly in Solaris versions prior to 2.8 with patch Generic_108528-02. Header files for other systems can be found via the web at nanokernel.tar.gz.
-		PPS Driver
-		In the preferred mode of operation, PPS signals are processed by the PPS Clock Discipline driver and other clock drivers which might be involved need not know or care about them. In some cases where there is no other driver, time might be obtained from remote NTP servers via the network and local PPS signals, for instance from a calibrated cesium oscillator, used to stabilize the frequency and remove network jitter. Note that the pps configuration command has been obsoleted by this driver.
-		The PPS driver operates in conjunction with a preferred peer, as described in the Mitigation Rules and the prefer Keyword page. One of the drivers described in the Reference Clock Drivers page or another NTP server furnishes the coarse timing and disambiguates the seconds numbering of the PPS signal itself. The NTP daemon mitigates between the clock driver or NTP server and the PPS driver as described in that page in order to provide the most accurate time, while respecting the various types of equipment failures that could happen.
-		Some Unix system kernels support a PPS signal directly, as described in the A Kernel Model for Precision Timekeeping page. Specifically, the PPS driver can be used to direct the PPS signal to the kernel for use as a discipline source for both time and frequency. The presence of the kernel support is automatically detected during the NTP build process and supporting code automatically compiled. Note that the PPS driver does not normally enable the PPS kernel code, since performance is generally better without it. However, this code can be enabled by a driver fudge flag if necessary.
-		Some configurations may include multiple radio clocks with individual PPS outputs. In some PPSAPI designs multiple PPS signals can be connected to multiple instances of the PPS driver. In such cases the NTP mitigation and grooming algorithms operate with all the radio timecodes and PPS signals to develop the highest degree of redundancy and survivability.
-		Reference
-		
-			Mogul, J., D. Mills, J. Brittenson, J. Stone and U. Windl. Pulse-per-second API for Unix-like operating systems, version 1. Request for Comments RFC-2783, Internet Engineering Task Force, March 2000, 31 pp. ASCII
-		
-		
-		
+		Introduction
+			Most radio clocks are connected using a serial port operating at speeds of 9600 bps. The accuracy using typical timecode formats, where the on-time epoch is indicated by a designated ASCII character like carriage-return <cr>, is normally limited to a hundred microseconds. Using carefuly crafted averaging techniques, the NTP algorithms can whittle this down to a few tens of microseconds. However, some radios produce a PPS signal which can be used to improve the accuracy to few microseconds. This page describes the hardware and software necessar for NTP to use the PPS signal.
+			
+		

+		A Gadget Box built by Chuck Hanavin
+		
+			Gadget Box
+			The PPS signal can be connected in either of two ways: via the DCD data carrier detect pin of a serial port or via the ACK acknowledge pin of a parallel port, depending on the hardware and operating system. Note that NTP no longer supports connection via the RD data pin of a serial port.
+			However, the PPS signal levels are usually incompatible with serial port levels. The gadget box consists of a handful of electronic components assembled in a small aluminum box. It includes level converters and a optional modem designed to decode the radio timecode signals transmitted by Canadian time and frequency station CHU. This can be used with the Radio CHU Audio Demodulator/Decoder. A complete set of schematics, PCB artwork and drill templates can be obrtained via the web at gadget.tar.Z.
+			Operating System Support
+			Both the serial and parallel port connection require operating system support, which is available in only a few operating systems, including FreeBSD, Linux (with PPSkit patch) and Solaris. Support on an experimental basis is available for several other systems, including SunOS and HP/Compaq/Digital Tru64. The kernel interface described on the PPSAPI Interface for Precision Time Signals page is the only interface currently supported. Older PPS interfaces based on the ppsclock and tty_clk streams modules are no longer supported.
+			PPS Driver
+			PPS support requires the PPS driver (described on the Type 22 PPS Clock Discipline page. The driver operates in conjunction with a prefer peer, as described in the Mitigation Rules and the prefer Keyword page. The prefer peer is ordinarily the radio clock that provides the PPS signal, but in principle another radio clock or remote Internet server could be designated prerred. A source is desgnated prefer using the prefer keyword, as described on the Mitigation Rules and the prefer keyword page. Only one source can be designated preferred. PPS signals are processed by the PPS driver and other clock drivers which might be involved need not know or care about PPS capability. Note that the pps configuration command has been obsoleted by this driver.
+			Using the Pulse-per-Second (PPS) Signal
+			The PPS signal  can be used in two ways, one using the NTP grooming and mitigations algorithms and the other using PPS signal support in the kernel, as described in the Kernel Model for Precision Timekeeping page. In either case, the PPS signal must be present and within nominal jitter and wander tolerances. In addition, the PPS driver and prefer peer must survive the sanity checks and intersection algorithms. Finally, the offset of the system clock relative to the prefer peer must be less than 128 ms, or well within the 0.5-s unambiguous range. The PPS peer remains active as long as these conditions are met.
+			The presence of PPS kernel support is automatically detected during the NTP configuration process and supporting code automatically compiled. When kernel PPS support is enabled, the PPS driver can direct the signal directly to the kernel. Note that the PPS driver does not normally enable the PPS kernel, since performance is generally better with older systems. However, the kernel can be enabled by a driver fudge flag if necessary. This is advised for newer machines in the Pentium class.
+			The kernel maintains a watchdog timer for the PPS signal; if the signal has not been heard or is out of tolerance for more than some interval, currently two minutes, the kernel discipline is disabled and operation continues as if it were not present.  
+			
+			
 	
 
 
\ No newline at end of file
diff --git a/html/prefer.html b/html/prefer.html
index 00225d1dbb..1bbbc4ff87 100644
--- a/html/prefer.html
+++ b/html/prefer.html
@@ -12,17 +12,16 @@
 		Mitigation Rules and the prefer Keyword
 		 from Alice's Adventures in Wonderland, Lewis Carroll
 		Listen carefully to what I say; it is very complicated.
-		Last update: 18:49 UTC Thursday, July 28, 2005
+		Last update: 19:20 UTC Wednesday, January 02, 2008
 		

 		Related Links
-		
+		
 		Table of Contents
 		
 			Introduction
 			
The prefer Peer
 			
Peer Classification
 			
Mitigation Rules
-			
Using the Pulse-per-Second (PPS) Signal
 		
 		
 		Introduction
@@ -58,13 +57,6 @@
 			
If the above is not the case and the peer previously chosen as the system peer is in the surviving population, then choose it as the system peer and average its offset along with the other survivors to determine the system clock offset. This behavior is designed to avoid excess jitter due to clockhopping, when switching the system peer would not materially improve the time accuracy.
 			
If the above is not the case, then choose the first candidate in the list of survivors ranked in order of synchronization distance and average its offset along with the other survivors to determine the system clock offset. This is the default case and the only case considered in the current NTP specification.
 		
-		Using the Pulse-per-Second (PPS) Signal
-		Most radio clocks are connected using a serial port operating at speeds of 9600 bps or higher. The accuracy using typical timecode formats, where the on-time epoch is indicated by a designated ASCII character, like carriage-return <cr>, is limited to a millisecond or two. However, some radios produce a PPS signal which can be used to improve the accuracy with typical workstation servers to the order of microseconds. The details of how this can be accomplished are discussed in the Pulse-per-second (PPS) Signal Interfacing page. The following paragraphs discuss how the PPS signal is affected by the mitigation rules.
-		First, it should be pointed out that the PPS signal is inherently ambiguous, in that it provides a precise seconds epoch, but does not provide a way to number the seconds. In principle and most commonly, another source of synchronization, either the timecode from an associated radio clock, or even one or more remote NTP servers, is available to perform that function. In all cases, a specific, configured peer or server must be designated as associated with the PPS signal. This is done using the prefer keyword as described previously. The PPS signal can be associated in this way with any peer, but is most commonly used with the radio clock generating the PPS signal.
-		The PPS signal can be used in two ways to discipline the local clock, one using a special PPS driver described in the PPS Clock Discipline page, the other using PPS signal support in the kernel, as described in the A Kernel Model for Precision Timekeeping page. In either case, the signal must be present and within nominal jitter and wander error tolerances. In addition, the associated prefer peer must have survived the sanity checks and intersection algorithms and the dispersion settled below 1 s. This insures that the radio clock hardware is operating correctly and that, presumably, the PPS signal is operating correctly as well. Second, the absolute offset of the local clock from that peer must be less than 128 ms, or well within the 0.5-s unambiguous range of the PPS signal itself. In the case of the PPS driver, the time offsets generated from the PPS signal are propagated via the clock filter to the clock selection procedures just like any other peer. Should these pass the sanity checks and intersection algorithms, they will show up along with the offsets of the prefer peer itself. Note that, unlike the prefer peer, the PPS peer samples are not protected from discard by the clustering algorithm. These complicated procedures insure that the PPS offsets developed in this way are the most accurate, reliable available for synchronization.
-		The PPS peer remains active as long as it survives the intersection algorithm and the prefer peer is reachable; however, like any other clock driver, it runs a reachability algorithm on the PPS signal itself. If for some reason the signal fails or displays gross errors, the PPS peer will either become unreachable or stray out of the survivor population. In this case the clock selection remitigates as described above.
-		When kernel support for the PPS signal is available, the PPS signal is interfaced to the kernel serial driver code via a modem control lead. As the PPS signal is derived from external equipment, cables, etc., which sometimes fail, a good deal of error checking is done in the kernel to detect signal failure and excessive noise. The way in which the mitigation rules affect the kernel discipline is as follows.
-		PPS support requires the PPS driver (type 22) and PPSAPI interface described in the Pulse-per-second (PPS) Signal Interfacing page. In order to operate, the prefer peer must be designated and the kernel support enabled by the enable pps command in the configuration file and the signal must be present and within nominal jitter and wander error tolerances. In the NTP daemon, the PPS discipline is active only when the prefer peer is among the survivors of the clustering algorithm, and its absolute offset is within 128 ms, as determined by the PPS driver. Under these conditions the kernel disregards updates produced by the NTP daemon and uses its internal PPS source instead. The kernel maintains a watchdog timer for the PPS signal; if the signal has not been heard or is out of tolerance for more than some interval, currently two minutes, the kernel discipline is declared inoperable and operation continues as if it were not present.
 		
 		
 	
diff --git a/html/quick.html b/html/quick.html
new file mode 100644
index 0000000000..69939e311b
--- /dev/null
+++ b/html/quick.html
@@ -0,0 +1,33 @@
+
+
+
+
+	
+		
+		
+		Quick Start
+		
+	
+
+	
+		Quick Start
+		FAX test image for SATNET (1979).
+		The baby panda was scanned at University College London and used as a FAX test image for a demonstration of the DARPA Atlantic SATNET Program and the first transatlantic Internet connection in 1978. The computing system used for that demonstration was called the Fuzzball. As it happened, this was also the first Internet multimedia presentation and the first to use NTP in regular operation. The image was widely copied and used for testing purpose throughout much of the 1980s.
+		Last update: 20:02 UTC Monday, December 31, 2007
+		Related Links
+		
+		
+		For the rank amateur the sheer volume of the documentation collection must be intimidating. However, it doesn't take much to fly the ntpd daemon with a simple configuration where a workstation needs to synchronize to some server elsewhere in the Internet. The first thing is to build the distribution for the particular workstation and install in the usual place. The Building and Installing the Distribution page describes how to do this.
+		While it is possible that certain configurations do not need a configuration file, most do. The file, called by default /etc/ntp.conf, need only contain one line specifying a remote server, for instance
+		server foo.bar.com
+		Choosing an appropriate remote server is somewhat of a black art, but a suboptimal choice is seldom a problem. There are about two dozen public time servers operated by the National Institutes of Science and Technology (NIST), US Naval Observatory (USNO),  Canadian Metrology Centre (CMC) and many others available on the Internet. Lists of public primary and secondary NTP servers maintained on the Public NTP Time Servers page, which is updated frequently.The lists are sorted by country and, in the case of the US, by state. Usually, the best choice is the nearest in geographical terms, but the terms of engagement specified in each list entry should be carefully respected.
+		During operation ntpd measures and corrects for incidental clock frequency error and writes the current value to a file specified by the 
+		driftfile /etc/ntp.drift
+		command in the configuration file. If ntpd is stopped and restarted, it initializes the frequency from this file. In this way the potentially lengthy interval to relearn the frequency error is avoided.
+		That's all there is to it, unless some problem in network connectivity or local operating system configuration occurs. The most common problem is some firewall between the workstation and server. System administrators should understand NTP uses UDP port 123 as both the source and destination port and that NTP does not involve any operating system interaction other than to set the system clock. While almost all modern Unix systems have included NTP and UDP port 123 defined in the services file, this should be checked if ntpd fails to come up at all.
+		The best way to confirm NTP is working is using the ntpq utility, although the ntpdc utility may be useful in extreme cases. See the documentation pages for further information. Don't forget to check for  system log messages. In the most extreme cases the -d option on the ntpd command line results in a blow-by-blow trace of the daemon operations. While the trace output can be cryptic, to say the least, it gives a general idea of what the program is doing and, in particular, details the arriving and departing packets and any errors found.
+		
+		
+	
+
+
\ No newline at end of file
diff --git a/html/rate.html b/html/rate.html
new file mode 100644
index 0000000000..6142607d14
--- /dev/null
+++ b/html/rate.html
@@ -0,0 +1,60 @@
+
+
+
+
+	
+		
+		
+		Rate Management and the Kiss-o'-Death
+		
+	
+
+	
+		Rate Management and the Kiss-o'-Death Packet
+		from Alice's Adventures in Wonderland, Lewis Carroll
+		Packet blizzard
+		Last update: 17:55 UTC Monday, December 31, 2007
+		

+		Related Links
+		
+		Table of Contents
+		
+			Introduction
+			
Poll Rate Control
+			
Burst Control
+			
Minimum Average Headway
+			
Minimum Guard Time
+			
The Kiss-o'-Death Packet
+		
+		
+		Introduction
+		Some national time metrology laboratories, including NIST and USNO, use the ntpd reference implementation in their very busy public time servers. They operate multiple servers behind load-balancing devices to support aggregate rates up to several thousand packets per second. The servers need to defend themselves against all manner of broken implementations that can clog the server and and network infrastructure. On the other hand, friendly ntpd clients need to avoid configurations that can result in unfriendly rates.
+		There are several features in ntpd designed to defend the servers, clients and network against accidental or intentional flood attack. On the other hand these features are also used to insure ntpd is a good citizen, even if configured in unfriendly ways. The ground rules are:
+		
+			Send at the lowest rate consistent with the required nominal error regime.
Maintain strict minimum average headway and guard intervals, even if multiple burst options and/or the Autokey protocol are configured.
When the first packet of a burst is sent to a server, do not send further packets until the first packet has been received from the server.
Upon receiving a Kiss-o'-Death packet (see below), immediately reduce the sending rate.
+		
+		Rate management involves four algorithms to control the poll rate control, burst control, minimum average headway and minimum guard time. These are described in following sections.
+		Poll Rate Control
+		In the ntpd design control of the poll interval is an intricate balance between nominal error and network load. As a rule of thumb, if the poll interval increases by 100 percent, nominal error increases by 50 percent. For the default poll interval range from 64 s to 1024 s, this represents an eightfold range in nominal error. Nevertheless and unless the lowest possible nominal error is required, the well mannered NTP client should allow the interval to increase to the maximum when possible.
+		The poll interval is proportional to the time constant of the feedback loop which controls the system clock time and frequency. The optimum time constant depends on the network time jitter and the clock oscillator frequency wander. Errors due to jitter are reduced as the time constant increases, while errors due to wander are decreased as the time constant decreases. The two error characteristics intersect at a point called the Allan intercept. The poll algorithm follows the intercept in response to changing jitter and wander conditions. However, the intercept has a relatively broad characteristic, so the algorithm is biased towards the high side in the interests of reduced network load.
+		The ntpd poll interval algorithms slowly but reliably increases the poll interval when jitter dominates the error budget, but quickly reduces the interval when wander dominates it. In addition it avoids needless changes which can cause additional error, especially when operating at very low jitter in the order of microseconds.
+		In ntpd the poll interval is represented in log₂ s, so the actual values span the range 6-10. The algorithm uses a jiggle counter which operates over the range from -30 to +30 and is initialized at 0. If the measured offset is less than four times the measured average jitter, the counter is increased by the poll interval; if not, it is decreased by twice the poll interval. If the counter reaches +30, the poll interval is incremented by 1; if the counter reaches -30, the poll interval is decremented by 1. In either case the counter is set to 0.
+		Burst Control
+		Occasionally it is necessary to send packets at intervals less than the poll interval. For instance, with the burst and iburst options, the poll algorithm sends a burst of several packets at 2-s intervals. The ntpd poll algorithm avoids sending needless packets if the server is not responding. If a burst is to be sent, the client sends only a single packet. When the first packet is received from the server, the client continues with the remaining packets in the burst. If the first packet is not received within 64 s, it will be sent again for two additional retries before giving up. The result is to minimize network load if the server is not responding.
+		For the iburst option the number of packets in the burst is six, which is the number normally needed to synchronize the clock; for the burst option, the number of packets in the burst is determined by the poll interval so that the headway is never less than 16 s. For instance, if operated at the minimum poll interval of 16 s, only a single packet is sent, while the full number of eight packets is sent at poll intervals of 128 s or more.
+		Minimum Average Headway
+		There are features in ntpd to manage the interval between one packet and the next. These features make use of a set of counters, an output counter for each client association and an input counter for each distinct client address. Each counter increments by a value called the headway when a packet is processed and decrements by one each second. The default headway in ntpd is 16 s, but this can be changed using the discard average command.
+		If the iburst or burst options are present, the poll algorithm sends a burst of packets, instead of a single packet at each poll. The NTPv4 specification requires that bursts contain no more than eight packets; so, starting from an output counter value of zero, the maximum counter value can be no more than 128, called the output ceiling. However, if the burst starts with a counter value other than zero, there is a potential to exceed the ceiling. The poll algorithm avoids this by computing an additional interpacket delay so that the next packet sent will not exceed the ceiling. With this design the long term maximum average headway is never less than 16 s. Designs such as this are often called leaky buckets.
+		The ntpd input packet routine uses a special list of entries for each distinct client found. Each entry includes the IP address, input counter and time of the most recent arrival. The entries are ordered by time of arrival, most recent first. As each packet arrives, the IP source address is compared to the IP address in each entry in turn. If a match is found the entry is removed and inserted first on the list. If the IP address does not match any entry, a new entry is created and inserted first, possibly discarding the last entry on the list if it is full. Observers will note this is the same algorithm used for page replacement in virtual memory systems.
+		In the virtual memory algorithm the entry of interest is the last, whereas here the entry of interest is the first. The input counter is decreased by the time since it was last referenced, but not below zero. If the value of the counter plus the headway is greater than the input ceiling of 128, the packet is discarded. Otherwise, the counter is increased by the headway and the packets processed. The result is, if the client maintains a maximum average headway not less than 16 s and transmits no more than eight packets in a burst, the input counter will not exceed the input ceiling.
+		Minimum Guard Time
+		A review of past client abuse incidence shows the most frequent scenario is a broken client that attempts to send a number of packets at rates of one per second or less. There have been occasions where this abuse has persisted for days at a time. These scenarios are the most damaging, as they can threaten not only the victim server but the network infrastructure as well.
+		In the ntpd server design the minimum headway between the last packet received and the current packet is called the guard time. If the headway is less than the guard time, the packet is discarded. The guard time defaults to 2 s, but this can be changed using the discard minimum command.
+		The Kiss-o'-Death Packet
+		As an optional feature ntpd sends a special packet called the Kiss-o'-Death (KoD) packet, when either the minimum average headway or minimum guard time is violated. The KoD is a packet with leap bits 11, stratum 0 and reference ID field other than 0. In this case the reference ID field is a four-character ASCII string, called the kiss code, showing the reason for the KoD. At present, only one kiss code, RATE, is used to tell the client to slow down. In order to make sure the client notices the KoD, the receive and transmit timestamps are set to the transmit timestamp of the client packet and all other fields left as in the client packet. Thus, even if the client ignores the KoD indication, it cannot do any useful time computations. KoDs themselves are rate limited to no more than two per second in order to deflect a flood attack.
+		There is some controversy about the discard and KoD provisions. The nature of the datagram service supporting NTP provides no way to throttle cleints other than behaving badly. Clients are strongly advised to support the KoD, but there are no legal or societal statutes requiring it. The reference implementation responds to a KoD by permanantly disabling the association, but then it should never ignite a KoD unless the discard commands are abused.
+		
+		
+	
+
+
\ No newline at end of file
diff --git a/html/rdebug.html b/html/rdebug.html
index d49514dfc2..5398338fe8 100644
--- a/html/rdebug.html
+++ b/html/rdebug.html
@@ -12,12 +12,11 @@
 		Debugging Reference Clock Drivers
 		from The Wizard of Oz, L. Frank Baum
 		Call the girls and the'll sweep your bugs.
-		Last update: 18:49 UTC Thursday, July 28, 2005
+		Last update: 01:24 UTC Saturday, November 24, 2007
 		

 		Related Links
-		
-		More Help
-		
+		
+		
 		
 		The ntpq and ntpdc utility programs can be used to debug reference clocks, either on the server itself or from another machine elsewhere in the network. The server is compiled, installed and started using the configuration file described in the ntpd page and its dependencies. If the clock appears in the ntpq utility and pe command, no errors have occurred and the daemon has started, opened the devices specified and waiting for peers and radios to come up. If not, the first thing to look for are error messages on the system log. These are usually due to improper configuration, missing links or multiple instances of the daemon.
 		It normally takes a minute or so for evidence to appear that the clock is running and the driver is operating correctly. The first indication is a nonzero value in the reach column in the pe billboard. If nothing appears after a few minutes, the next step is to be sure the RS232 messages, if used, are getting to and from the clock. The most reliable way to do this is with an RS232 tester and to look for data flashes as the driver polls the clock and/or as data arrive from the clock. Our experience is that the overwhelming fraction of problems occurring during installation are due to problems such as miswired connectors or improperly configured device links at this stage.
diff --git a/html/refclock.html b/html/refclock.html
index 733b7bf56c..51f63ab0d3 100644
--- a/html/refclock.html
+++ b/html/refclock.html
@@ -12,49 +12,36 @@
 	
 		Reference Clock Drivers
 		Master Time Facility at the UDel Internet Research Laboratory
-		Last update: 13:06 UTC Wednesday, August 10, 2005
+		Last update: 20:45 UTC Thursday, January 03, 2008
 		

 		Related Links
-		
-		Pulse-Per-Second Interfacing Links
-		
-			
-		
-		Audio Driver Links
-		
-			
-		
+		
+		
 		Table of Contents
 		
-			Reference Clock Drivers
+			
Introduction
 			
Driver Calibration
-			
Performance Enhancements
 			
Comprehensive List of Clock Drivers
 		
 		
-		Reference Clock Drivers
-		Support for most of the commonly available radio and modem reference clocks is included in the default configuration of the NTP daemon for Unix ntpd. Individual clocks can be activated by configuration file commands, specifically the server and fudge commands described in the ntpd program manual page. The following discussion presents Information on how to select and configure the device drivers in a running Unix system.
-		Many radio reference clocks can be set to display local time as adjusted for timezone and daylight saving mode. For use with NTP the clock must be set for Coordinated Universal Time (UTC) only. Ordinarily, these adjustments are performed by the kernel, so the fact that the clock runs on UTC will be transparent to the user.
-		Radio and modem clocks by convention have addresses in the form 127.127.t.u, where t is the clock type and u is a unit number in the range 0-3 used to distinguish multiple instances of clocks of the same type. Most of these clocks require support in the form of a serial port or special bus peripheral, but some can work directly from the audio codec found in some workstations. The particular device is normally specified by adding a soft link /dev/deviceu to the particular hardware device involved, where u correspond to the unit number above.
-		Most clock drivers communicate with the reference clock using a serial port, usually at 9600 bps. There are several application program interfaces (API) used in the various Unix and NT systems, most of which can be detected at configuration time. Thus, it is important that the NTP daemon and utilities be compiled on the target system or clone. In some cases special features are available, such as timestamping in the kernel or pulse-per-second (PPS) interface. In most cases these features can be detected at configuration time as well; however, the kernel may have to be recompiled in order for them to work.
-		The audio drivers are a special case. These include support for the NIST time/frequency stations WWV and WWVH, the Canadian time/frequency station CHU and generic IRIG signals. Currently, support for the Solaris and SunOS audio API is included in the distribution. It is left to the volunteer corps to extend this support to other systems. Further information on hookup, debugging and monitoring is given in the Audio Drivers page.
-		The local clock driver is also a special case. A server configured with this driver can operate as a primary server to synchronize other clients when no other external synchronization sources are available. If the server is connected directly or indirectly to the public Internet, there is some danger that it can adversely affect the operation of unrelated clients. Carefully read the Undisciplined Local Clock page and respect the stratum limit.
-		The local clock driver also supports an external synchronization source such as a high resolution counter disciplined by a GPS receiver, for example. Further information is on the External Clock Discipline and the Local Clock Driver page.
+		Introduction
+		Drivers for most radio and modem reference clocks is included by default in the NTP distribution. Individual drivers can be activated using server commands as described in the ntpd program manual page. Drivers have addresses in the form 127.127.t.u, where t is the driver type and u is a unit number in the range 0-3 to distinguish multiple instances of the same driver. Most drivers require a serial or parallel port or special bus peripheral, but some can work directly from an audio codec or sound card when availble. The particular device is specified by adding a soft link from the name used by the driver to the device name.
+		All radio clock drivers require that the radio be set for Coordinated Universal Time (UTC) only. Timezone and standard/daylight adjustments are performed by the kernel. There are difference in the various Unix and Windows port interfaces detected at configuration time, so it is important that the NTP daemon and utilities be compiled on the target system or clone.
+		When a pulse-per-second (PPS) signal is available, the  PPS Clock Discipline driver is can be used. It normally works in conjunction with the reference clock that produces the signal, but can work with another driver or remote server. When PPS kernel features are present, the driver can redirect the PPS signal to the kernel.
+		In general, performance can be improved, especially when more than one driver is supported, to use the prefer peer function described in the Mitigation Rules and the prefer Keyword page. The prefer peer is ordinarily designated the remote peer or local clock driver which provides the best quality time. All other things equal, only the prefer peer is used to discipline the system clock and jitter-producing "clockhopping" between sources is avoided. This is especially valuable when the PPS clock discipline driver is available.
+		There are audio drivers for each of the NIST time stations WWV and WWVH, Canadian time station CHU and generic IRIG signals. Currently, support for FreeBSD, Solaris and SunOS is in the distribution. It is left to the volunteer corps to confirm this works in other systems. Further information on hookup, debugging and monitoring is given in the Audio Drivers page.
+		The  Undisciplined Local Clock driver can simulate a reference clock when no external synchronization sources are available. If a server with this driver is connected directly or indirectly to the public Internet, there is some danger that it can destabilize other clients. It is not recommended that the loccal clock driver be used in this way, as the orphan mode descibed on the Association Management page provides a generic backup capability.
+		The local clock driver can also be used when  an external synchronization source such as the IEEE 1588 Precision Time Protocol or NIST Lockclock directly synchronizes the computer time. Further information is on the External Clock Discipline and the Local Clock Driver page.
 		Driver Calibration
-		Some drivers depending on longwave and shortwave radio services need to know the radio propagation time from the transmitter to the receiver, which can amount to some tens of milliseconds. This must be calculated for each specific receiver location and requires the geographic coordinates of both the transmitter and receiver. The transmitter coordinates for various radio services are given in the Time and Frequency Standard Station Information page. Receiver coordinates can be obtained or estimated from various sources. The actual calculations are beyond the scope of this document.
-		When more than one clock driver is supported, it is often the case that each shows small systematic offset differences relative to the rest. To reduce the effects of jitter when switching from one driver to the another, it is useful to calibrate the drivers to a common ensemble offset. The enable calibrate configuration command in the Miscellaneous Options page is useful for this purpose. The calibration function can also be enabled and disabled using the ntpdc program utility.
-		Most clock drivers use the time1 value specified in the fudge configuration command to provide the calibration correction when this cannot be provided by the clock or interface. When the calibration function is enabled, the time1 value is automatically adjusted to match the offset of the remote server or local clock driver selected for synchronization. Ordinarily, the NTP selection algorithm chooses the best from among all sources, usually the best radio clock determined on the basis of stratum, synchronization distance and jitter. The calibration function adjusts the time1 values for all clock drivers except this source so that their indicated offsets tend to zero. If the selected source is the kernel PPS discipline, the fudge time1 values for all clock drivers are adjusted.
-		The adjustment function is an exponential average designed to improve accuracy, so the function takes some time to converge. The recommended procedure is to enable the function, let it run for an hour or so, then edit the configuration file using the time1 values displayed by the ntpq utility and clockvar command. Finally, disable the calibration function to avoid possible future disruptions due to misbehaving clocks or drivers.
-		Performance Enhancements
-		In general, performance can be improved, especially when more than one clock driver is supported, to use the prefer peer function described in the Mitigation Rules and the prefer Keyword page. The prefer peer is ordinarily designated the remote peer or local clock driver which provides the best quality time. All other things equal, only the prefer peer source is used to discipline the system clock and jitter-producing "clockhopping" between sources is avoided. This is valuable when more than one clock driver is present and especially valuable when the PPS clock driver (type 22) is used. Support for PPS signals is summarized in the Pulse-per-second (PPS) Signal Interfacing page.
-		Where the highest performance is required, generally better than one millisecond, additional hardware and/or software functions may be required. Kernel modifications for precision time are described in the A Kernel Model for Precision Timekeeping page. Special line discipline and streams modules for use in capturing precision timestamps are described in the Line Disciplines and Streams Drivers page.
+		Some drivers depending on longwave or shortwave radio services need to know the radio propagation time from the transmitter to the receiver. This must be calculated for each specific receiver location and requires the geographic coordinates of both the transmitter and receiver. The transmitter coordinates for various radio services are given in the Time and Frequency Standard Station Information page. Receiver coordinates can be obtained locally or from Google Earth. The actual calculations are beyond the scope of this document.
+		Depending on interface type, port speed, etc., a reference clock can have a small residual offset relative to another. To reduce the effects of jitter when switching from one driver to the another, it is useful to calibrate the drivers to a common ensemble offset. The enable calibrate configuration command described on the Miscellaneous Options page activates a special feature which automatically calculates a correction factor for each driver relative to an association designated the prefer peer.
 		Comprehensive List of Clock Drivers
-		Following is a list showing the type and title of each driver currently implemented. The compile-time identifier for each is shown in parentheses. Click on a selected type for specific description and configuration documentation, including the clock address, reference ID, driver ID, device name and serial line speed, and features (line disciplines, etc.). For those drivers without specific documentation, please contact the author listed in the Copyright Notice page.
+		Following is a list showing the type and title of each driver currently implemented. The compile-time identifier for each is shown in parentheses. Click on a selected type for specific description and configuration documentation, including the clock address, reference ID, driver ID, device name and serial line speed. For those drivers without specific documentation, please contact the author listed in the Copyright Notice page.
 		
 			Type 1 Undisciplined Local Clock (LOCAL)
 			
Type 2 Trak 8820 GPS Receiver (GPS_TRAK)
 			
Type 3 PSTI/Traconex 1020 WWV/WWVH Receiver (WWV_PST)
-			
Type 4 Spectracom WWVB and GPS Receivers (WWVB_SPEC)
+			
Type 4 Spectracom WWVB/GPS Receivers (WWVB_SPEC)
 			
Type 5 TrueTime GPS/GOES/OMEGA Receivers (TRUETIME)
 			
Type 6 IRIG Audio Decoder (IRIG_AUDIO)
 			
Type 7 Radio CHU Audio Demodulator/Decoder (CHU)
@@ -68,7 +55,7 @@
 			
Type 15 reserved
 			
Type 16 Bancomm GPS/IRIG Receiver (GPS_BANCOMM)
 			
Type 17 Datum Precision Time System (GPS_DATUM)
-			
Type 18 Automated Computer Time Service (ACTS_MODEM)
+			
Type 18 NIST/USNO/PTB Modem Time Services (ACTS_MODEM)
 			
Type 19 Heath WWV/WWVH Receiver (WWV_HEATH)
 			
Type 20 Generic NMEA GPS Receiver (NMEA)
 			
Type 21 TrueTime GPS-VME Interface (GPS_VME)
diff --git a/html/release.html b/html/release.html
index f2358b629c..a10a71abf8 100644
--- a/html/release.html
+++ b/html/release.html
@@ -13,54 +13,44 @@
 		NTP Version 4 Release Notes
 		from Alice's Adventures in Wonderland, Lewis Carroll
 		The rabbit toots to make sure you read this
-		Last update: 15:17 UTC Wednesday, October 31, 2007
+		Last update: 19:47 UTC Tuesday, January 01, 2008
 		.

 		
 		NTP Version 4 Release Notes
-		This release of the NTP Version 4 (NTPv4) daemon for Unix, VMS and Windows incorporates new features and refinements to the NTP Version 3 (NTPv3) algorithms. However, it continues the tradition of retaining backwards compatibility with older versions, including NTPv3 and NTPv2, but not NTPv1. Support for NTPv1 has been discontinued because of certain security vulnerabilities. The NTPv4 version has been under development for quite a while and isn't finished yet.
-		The code compiles and runs properly in all test host configurations available to the developer corps, including Sun Microsystems, Digital/Compaq/Hewlett Packard, FreeBSD and Linux. Other volunteers have verified it works in IRIX and Windows NT and XP. We invite comments and corrections about the various architectures, operating systems and hardware complement that can't be verified by the developer corps. Of particular interest are other Windows versions, VMS and various reference clock drivers. Bugs can be reported here.
+		This release of the NTP Version 4 (NTPv4) daemon for Unix, VMS and Windows incorporates new features and refinements to the NTP Version 3 (NTPv3) algorithms. However, it continues the tradition of retaining backwards compatibility with older versions, including NTPv3 and NTPv2, but not NTPv1. Support for NTPv1 has been discontinued because of certain security vulnerabilities. The NTPv4 version has been under development for 25 years and the paint still isn't dry.
+		The code compiles and runs properly in all test host configurations available to the developer corps, including Sun Microsystems, Digital/Compaq/Hewlett Packard, FreeBSD and Linux. Other volunteers have verified it works in IRIX and Windows NT and XP. We invite comments and corrections about the various architectures, operating systems and hardware complement that can't be verified by the developer corps. Of particular interest are other Windows versions, VMS and various reference clock drivers.
 		This release has been compiled and tested on many systems, including SunOS 4.1.3, Solaris 2.5.1-2.10, Alpha Tru64 4.0-5.1, Ultrix 4.4, Linux 2.4.2, FreeBSD 4.5-6.2 and HP-UX 10.02. It has been compiled and tested by others on Windows NT4, 2000 and XP, but not yet on other Windows versions or for VMS. There are several new features apparently incompatible with Linux systems, including some modes used with the Autokey protocol. The developer corps looks for help elsewhere to resolve these differences.
 		This note summarizes the differences between this software release of NTPv4, called ntp-4.x.x, and the previous NTPv3 version, called xntp3-5.x.x.
 		New Features
 		
-			Support for the IPv6 addressing family is included in this distribution. If the Basic Socket Interface Extensions for IPv6 (RFC-2553) is detected, support for the IPv6 address family is generated in addition to the default support for the IPv4 address family. Combination IPv6 and IPv4 configurations have been successfully tested in all protocol modes supported by NTP and using both symmetric and public key (Autokey) cryptography.
Most calculations are now done using 64-bit floating double format, rather than 64-bit fixed point format. The motivation for this is to reduce size, improve speed and avoid messy bounds checking. Workstations of today are much faster than when the original NTP version was designed in the early 1980s, and it is rare to find a processor architecture that does not support floating double. The fixed point format is still used with raw timestamps, in order to retain the full precision of about 212 picoseconds. However, the algorithms which process raw timestamps all produce fixed point differences before converting to floating double. The differences are ordinarily quite small so can be expressed without loss of accuracy in this format.
-			
-			
The clock discipline algorithm has been redesigned to improve accuracy, reduce the impact of network jitter and allow increased in poll intervals to 36 hours with only moderate sacrifice in accuracy.
-		
-			
-				A new feature called huffpuff maximizes accuracy in cases of highly asymmetric network delays typical of ISDN and modem access circuits.
-				
The NTPv4 design allows clients to increase the poll intervals even when synchronized directly to the server. In NTPv3 the poll interval in such cases was clamped to the minimum, usually 64 s. For those servers with hundreds of clients, the new design can dramatically reduce the network load, especially when large numbers of potential clients, as in national laboratory services.
-				
A scheme designed to reduce "clockhopping" when the choice of servers changes frequently as the result of comparatively insignificant quality changes.
-			
-		
-		
-			This release includes support for the nanokernel precision time kernel support, which is now in stock FreeBSD and optional Linux kernels. If a precision time source such as a GPS timing receiver or cesium clock is available, kernel timekeeping can be improved to the order of one microsecond. The older microtime kernel for Digital/Compaq/HP Tru64, Digital Ultrix, as well as Sun Microsystems SunOS and Solaris, continues to be supported.
-			
This release includes support for Autokey public-key cryptography, which is the preferred scheme for authenticating servers to clients. Autokey Version 2 uses NTP header extension fields and protocols as described on the NTP project page linked from www.ntp.org. This release includes support for additional message digest and digital signature schemes supported by the OpenSSL software library, as well as new identity schemes based on cryptographic challenge/responce algorithms. The new design greatly simplifies key generation and distribution and provides orderly key refreshment. Security procedures and media formats are consistent with industry standard X.509 Version 3 certificates and authority procedures. Specific improvements to the protocol include a reduction in the number of messages required and a method to protect the cookie used in client/server mode against disclosure. Additional information about Autokey cryptography is contained in the Authentication Options page and links from there. See also the new cryptostats monitoring statistics file in the Monitoring Options page.
+			
Support for the IPv6 addressing family is included in this distribution. If the Basic Socket Interface Extensions for IPv6 (RFC-2553) is detected, support for the IPv6 address family is generated in addition to the default support for the IPv4 address family.
Most calculations are now done using 64-bit floating double format, rather than 64-bit fixed point format. The motivation for this is to reduce size, improve speed and avoid messy bounds checking.
The clock discipline algorithm has been redesigned to improve accuracy, reduce the impact of network jitter and allow increased in poll intervals to 36 hours with only moderate sacrifice in accuracy. 
+			
A new feature called "huffpuff" maximizes accuracy in cases of highly asymmetric network delays typical of ISDN and telephone modems.
+			
The clock selection algorithm has been redesigned to reduce "clockhopping" when the choice of servers changes frequently as the result of comparatively insignificant quality changes.
+			
This release includes support for the nanokernel precision time kernel modifications, which are now in stock FreeBSD and optional in Linux kernels. With this support the system clock can be disciplined to the order of one nanosecon. The older microtime kernel modifications in Digital/Compaq/HP Tru64, Digital Ultrix and Sun Microsystems SunOS and Solaris, continue to be supported. In either case the support eliminates sawtooth error, which can be in the hundreds of microseconds.
+			
This release includes support for Autokey public-key cryptography, which is the preferred scheme for authenticating servers to clients. Additional information about Autokey cryptography is on the Authentication Options page and links from there. See also the new cryptostats monitoring statistics file in the Monitoring Options page.
+			
The OpenSSL cryptographic library has replaced the library formerly available from RSA Laboratories. All cryptographic routines except a version of the MD5 message digest routine have been removed from the base distribution.
As the result of the above, the authstuff directory, intended as a development and testing aid for porting cryptographic routines to exotic architectures, has been removed. Testing and conformance validation tools are in the OpenSSL software distrbution.
 			
This release includes support for a discrete event simulator (DES), which allows the NTP algorithms to be tested in an embedded environment with systematic and pseudorandom network delay and oscillator wander distributions. This has been used to verify correct operation under conditions of extreme error and misconfiguration. See the ntpdsim - Network Time Protocol (NTP) simulator page.
-			
NTPv4 includes two new association modes which in most applications can avoid per-host configuration altogether. Both of these are based on IP multicast technology and Autokey cryptography. They provide automatic discovery, configuration and authentication of servers and clients without identifying servers or clients in advance. In multicast mode a server sends a message at fixed intervals using specified multicast group addresses, while clients listen on these addresses.
-				Upon receiving the the first message, a client exchanges several messages with the server in order to calibrate the multicast propagation delay between the client and server and run the authentication protocol. In manycast mode a client sends a message to a specified multicast group address and expects one or more servers to reply. Using engineered algorithms, the client selects an appropriate subset of servers from the messages received and continues an ordinary client/server campaign. The manycast scheme can provide somewhat better accuracy than the multicast scheme at the price of additional network overhead. See the Automatic NTP Configuration Options page for further information.
-			
This release includes support for the orphan mode, which replaces the local clock driver for most configurations. The local clock driver provides a synchronization source for networks not connected to the public Internet or reference clock driver. However, it does not opperate with multiple sources nor multiple failures. The orphan mode provides an automatic, subnet-wide synchronization feature with multiple sources. It can be used in isolated networks or in Internet subnets where the servers or Internet connection have failed. See the Automatic NTP Configuration Options page for further information.
This release includes support for preemptable servers, which are provisionally mobilized in manycast mode or by participants in the pool scheme. Manycast mode is described in these notes. In the pool scheme multiple client associations are mobilized for a designated DNS name such as pool.ntp.org. The DNS resolver randomizes replies over a set of volunteer service providers. The NTP mitigation algorithms select the best three from among the set and demobilizes the excess. See the Automatic NTP Configuration Options page for further information.
There are two burst mode features available where special conditions apply. One of these is enabled by the iburst keyword in the server configuration command. It is intended for cases where it is important to set the clock quickly when an association is first mobilized. The other is enabled by the burst keyword in the server configuration command. It is intended for cases where the network attachment requires an initial calling or training procedure. See the Association Management page for further information.
-			
The reference clock driver interface is smaller, more rational and more accurate. Support for pulse-per-second (PPS) signals has been extended to all drivers as an intrinsic function. Most of the drivers in NTPv3 have been converted to the NTPv4 interface and continue to operate as before. New drivers have been added for several GPS receivers now on the market for a total of 44 drivers. Audio drivers for the Canadian standard time and frequency station CHU, the US standard time and frequency stations WWV/H and for IRIG signals have been updated and capabilities added to allow direct connection of these signals to a Sun or FreeBSD audio port. See the Reference Clock Audio Drivers page for further information.
+			
NTPv4 includes three new server discovery schemes, which in most applications can avoid per-host configuration altogether. Two of these are based on IP multicast technology, while the remaining one is based on crafted DNS lookups. See the Automatic NTP Configuration Schemes page for further information.
+			
This release includes comprehensive packet rate management tools to help reduce the level of spurious network traffic and protect the busiest servers from overload. See the Rate Management and the Kiss-o'-Death Packet page for further information.
+			
This release includes support for the orphan mode, which replaces the local clock driver for most configurations. Orphan mode provides an automatic, subnet-wide synchronization feature with multiple sources. It can be used in isolated networks or in Internet subnets where the servers or Internet connection have failed. See the Automatic NTP Configuration Options page for further information.
+			
+			
There are two new burst mode features available where special conditions apply. One of these is enabled by the iburst keyword in the server configuration command. It is intended for cases where it is important to set the clock quickly when an association is first mobilized. The other is enabled by the burst keyword in the server configuration command. It is intended for cases where the network attachment requires an initial calling or training procedure. See the Association Management page for further information.
+			
+			
The reference clock driver interface is smaller, more rational and more accurate. Support for pulse-per-second (PPS) signals has been extended to all drivers as an intrinsic function. Most of the drivers in NTPv3 have been converted to the NTPv4 interface and continue to operate as before. New drivers have been added for several GPS receivers now on the market for a total of 44 drivers. Audio drivers for the Canadian standard time and frequency station CHU, the US standard time and frequency stations WWV/H and for IRIG signals have been updated and capabilities added to allow direct connection of these signals to an audio port. See the Reference Clock Audio Drivers page for further information.
+			
 			
In all except a very few cases, all timing intervals are randomized, so that the tendency for NTPv3 to self-synchronize and bunch messages, especially with a large number of configured associations, is minimized.
-			
In NTPv3 a large number of weeds and useless code had grown over the years since the original NTPv1 code was implemented almost twenty years ago. Using a powerful weedwacker, much of the shrubbery has been removed, with effect a substantial reduction in size of almost 40 percent.
-			
The entire distribution has been converted to gnu automake, which should greatly ease the task of porting to new and different programming environments, as well as reduce the incidence of bugs due to improper handling of idiosyncratic kernel functions. Version control is provided by Bitkeeper using an online repository at www.ntp.org.
-			
Several new options have been added for the ntpd command line. For the inveterate knob twiddlers several of the more important performance variables can be changed to fit actual or perceived special conditions. In particular, the tos command can be used to limit the accepted stratum range, specify minimum dispersion increment and maximum selection theshold, and activate orphan mode.
+			
In NTPv3 a large number of weeds and useless code had grown over the years since the original NTP code was implemented 25 years ago. Using a powerful weedwacker, much of the shrubbery has been removed, with effect a substantial reduction in size of almost 40 percent.
+			
The entire distribution has been converted to gnu automake, which should greatly ease the task of porting to new and different programming environments, as well as reduce the incidence of bugs due to improper handling of idiosyncratic kernel functions. Version control is provided by Bitkeeper using an online repository at www.ntp.org. Trouble ticket reporting is provided using Bugzilla.
+			
Several new options have been added for the ntpd command line. For the inveterate knob twiddlers several of the more important performance variables can be changed to fit actual or perceived special conditions. In particular, the tos and tos commands can be used to adjust thresholds, throw switches and change limits.
 			
The ntpd daemon can be operated in a one-time mode similar to ntpdate, which program is headed for retirement. See the ntpd - Network Time Protocol (NTP) daemon page for the new features.
 		
 		Nasty Surprises
 		There are a few things different about this release that have changed since the latest NTP Version 3 release. Following are a few things to worry about:
 		
-			When both IPv4 and IPv6 address families are in use, the host's resolver library may not choose the intended address family if a server has an IPv4 and IPv6 address associated with the same DNS name. The solution is to use the IPv4 or IPv6 address directly in such cases or use another DNS name that resolves to the intended address family. Older versions of ntpdc will only show the IPv4 associations with the peers and other simular commands. Older versions of ntpq will show 0.0.0.0 for IPv6 associations with the peers and other simular commands.
-			
There is a minor change to the reference ID field of the NTP packet header when operating with IPv6 associations. In IPv4 associations this field contains the 32-bit IPv4 address of the server, in order to detect and avoid loops. In IPv6 associations this field contains the first 32-bits of a MD5 hash formed from the address (IPv4 or IPv6) each of the configured associations. Normally, this detail would not be of concern; however, the ntptrace program originally depended on that field in order to display a server traceback to the primary reference source. This program has now been replaced by a script that does the same function, but does not depend on the reference ID field. The ntpdc utility now uses a special version number to communicate with the ntpd server. The server uses this version number to select which address family to used in reply packets. The ntpdc program falls back to the older version behavior when communicating with older NTP versions.
-			
As required by Defense Trade Regulations (DTR), the cryptographic routines supporting the Data Encryption Standard (DES) have been removed from the base distribution of NTPv3. For NTPv4 a new interface has been implemented for the OpenSSL cryptographic library, which is widely available on the web at www.openssl.org. This library replaces the library formerly available from RSA Laboratories. Besides being somewhat faster and more widely available, the OpenSSL library supports many additional cryptographic algorithms, which are now selectable at run time. Directions for using OpenSSL are in the Building and Installing the Distribution page.
-			
As the result of the above, the ./authstuff directory, intended as a development and testing aid for porting cryptographic routines to exotic architectures, has been removed. Testing and conformance validation tools are in the OpenSSL software distrbution.
-			
The NTPv4 enable and disable commands have a few changes in the arguments. See the ntpd Miscellaneous Options page for details. Note that the authenticate command has been removed.
-			
To help reduce the level of spurious network traffic due to obsolete configuration files, a special control message called the kiss-o'-death packet has been implemented. If enabled and a packet is denied service or exceeds the client limits, a compliant server will send this message to the client. A compliant client will cease further transmission and send a message to the system log. See the Authentication Options page for further information.
+			
Some configuration commands have been removed, others added and some changed in minor ways. See the Commands and Options collection on the Site Map page.
+			
When both IPv4 and IPv6 address families are in use, the host's resolver library may not choose the intended address family if a server has an IPv4 and IPv6 address associated with the same DNS name. The solution is to use the IPv4 or IPv6 address directly in such cases or use another DNS name that resolves to the intended address family. Older versions of ntpdc will show only the IPv4 associations with the peers and some other commands. Older versions of ntpq will show 0.0.0.0 for IPv6 associations with the peers and some other commands.
There is a minor change to the reference ID field of the NTP packet header when operating with IPv6 associations. In IPv4 associations this field contains the 32-bit IPv4 address of the server, in order to detect and avoid loops. In IPv6 associations this field contains the first 32-bits of a MD5 hash formed from the IPv6 address. All programs in the distribution have been modified to work with both address families.
 			
The tty_clk and ppsclock pulse-per-second (PPS) line discipline/streams modules are no longer supported. The PPS function is now handled by the PPS Clock Discipline driver, which uses the new PPSAPI application program interface adopted by the IETF. Note that the pps configuration file command has been obsoleted by the driver. See the Pulse-per-second (PPS) Signal Interfacing page for further information.
-			
Support for the NTPv1 symmetric mode has been discontinued, since it hasn't worked for years. Support continues for the NTPv1 client mode, which is used in some SNTP clients.
-			
The precision time support in stock Solaris 2.6 has bugs that were fixed in 2.7. A patch is available that fixes the 2.6 bugs. The 2.6 PPS kernel discipline has been disabled by default. For testing, the kernel can be enabled using the enable kernel command either in the configuration file or via ntpdc.
-			
The HTML documentation has been partially updated. However, most of the NTPv3 documentation continues to apply to NTPv4. Until a comprehensive update happens, what you see is what you get. We are always happy to accept comments, corrections and bug reports. However, we are most thrilled upon receipt of patches to fix the dang bugs. Bugs can be reported here..
-		
+			
Support for the NTPv1 symmetric mode has been discontinued, since it hasn't worked for years. Support continues for the NTPv1 client mode, which is used by some SNTP clients.
 		
 		
 	
diff --git a/html/build/scripts/links8.txt b/html/scripts/audio.txt
similarity index 55%
rename from html/build/scripts/links8.txt
rename to html/scripts/audio.txt
index af33dca1cf..b5aca70a4a 100644
--- a/html/build/scripts/links8.txt
+++ b/html/scripts/audio.txt
@@ -1,6 +1,7 @@
-document.write("\
-Reference Clock Drivers
\
+document.write("Reference Clock Audio Drivers
\
+Reference Clock Audio Drivers
\
 
Radio CHU Audio Demodulator/Decoder
\
 
Radio WWV/H Audio Demodulator/Decoder
\
 
IRIG Audio Decoder\
-")
\ No newline at end of file
+Site Map\
+")
\ No newline at end of file
diff --git a/html/scripts/links7.txt b/html/scripts/command.txt
similarity index 79%
rename from html/scripts/links7.txt
rename to html/scripts/command.txt
index de03520bda..8714cf69df 100644
--- a/html/scripts/links7.txt
+++ b/html/scripts/command.txt
@@ -1,10 +1,10 @@
-document.write("\
+document.write("Configuration Commands and Options
\
+Server Options
\
 
Access Control Options
\
-
Authentication Options
\
-
Server Discovery Options
\
-
Miscellaneous Options
\
-
Monitoring Options
\
+
Authentication Options
\
+
Monitoring Options
\
 
Reference Clock Options
\
-
Server Options
\
+
Miscellaneous Options
\
 
Configuration File Definition (Advanced)
\
-")
\ No newline at end of file
+Site Map\
+")
\ No newline at end of file
diff --git a/html/scripts/config.txt b/html/scripts/config.txt
new file mode 100644
index 0000000000..6e823d3d51
--- /dev/null
+++ b/html/scripts/config.txt
@@ -0,0 +1,7 @@
+document.write("Client and Server Configuration
\
+
\
+Association Management
\
+
Rate Management and the Kiss-o'-Death Packet
\
+
Automatic Server Discovery Schemes
\
+
Site Map\
+")
\ No newline at end of file
diff --git a/html/scripts/external.txt b/html/scripts/external.txt
new file mode 100644
index 0000000000..016538e732
--- /dev/null
+++ b/html/scripts/external.txt
@@ -0,0 +1,13 @@
+document.write("External Links
\
+Computer Network Time Synchronization - The Network Time Protocol (book)
\
+
NTP: The Network Time Protocol (home page)
\
+
Network Time Protocol Research Project (home page)
\
+
Executive Summary: Computer Network Time Synchronization
\
+
NTP Timestamp Calculations
\
+
The NTP Era and Era Numbering
\
+
Autonomous Configuration
\
+
Autonomous Authentication
\
+
Autokey Protocol
\
+
Autokey Identity Schemes
\
+
Site Map<\p>\
+")
\ No newline at end of file
diff --git a/html/scripts/install.txt b/html/scripts/install.txt
new file mode 100644
index 0000000000..2f55cfff38
--- /dev/null
+++ b/html/scripts/install.txt
@@ -0,0 +1,11 @@
+document.write("Build and Install
\
+Building and Installing the Distribution
\
+
Quick Start
\
+
Release Notess
\
+
Configuration Options
\
+
NTP Debugging Techniques
\
+
Debugging Reference Clock Drivers
\
+
ntpd System Log Messages
\
+
NTP Bug Reporting Procedures
\
+
Site Map\
+")
\ No newline at end of file
diff --git a/html/scripts/links10.txt b/html/scripts/links10.txt
deleted file mode 100644
index 880e379fdb..0000000000
--- a/html/scripts/links10.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-document.write("\
-Reference Clock Drivers
\
-
Mitigation Rules and the prefer Keyword
\
-
How to Write a Reference Clock Driver
\
-")
\ No newline at end of file
diff --git a/html/scripts/links11.txt b/html/scripts/links11.txt
deleted file mode 100644
index 59e701746a..0000000000
--- a/html/scripts/links11.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-document.write("\
-Reference Clock Drivers
\
-
Pulse-per-second (PPS) Signal Interfacing
\
-
Line Disciplines and Streams Modules
\
-
PPSAPI Interface for Precision Time Signals
\
-
Gadget Box PPS Level Converter and CHU Modem
\
-")
\ No newline at end of file
diff --git a/html/scripts/links12.txt b/html/scripts/links12.txt
deleted file mode 100644
index 7ca9249b91..0000000000
--- a/html/scripts/links12.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-document.write("\
-NTP Debugging Techniques
\
-
Debugging Reference Clock Drivers
\
-
ntpd System Log Messages
\
-")
\ No newline at end of file
diff --git a/html/scripts/links8.txt b/html/scripts/links8.txt
deleted file mode 100644
index 135310c8c4..0000000000
--- a/html/scripts/links8.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-document.write("\
-Reference Clock Drivers
\
-
Radio CHU Audio Demodulator/Decoder
\
-
Radio WWV/H Audio Demodulator/Decoder
\
-
IRIG Audio Decoder\
-")
\ No newline at end of file
diff --git a/html/scripts/links9.txt b/html/scripts/links9.txt
deleted file mode 100644
index 6ea32f06da..0000000000
--- a/html/scripts/links9.txt
+++ /dev/null
@@ -1,8 +0,0 @@
-document.write("\
-Authentication Options
\
-
Automatic NTP Configuration Options
\
-
Server Options
\
-
Trusted Hosts and Groups
\
-
ntp-keygen - generate public and private keys\
-
Autonomous Authentication\
-")
\ No newline at end of file
diff --git a/html/scripts/manual.txt b/html/scripts/manual.txt
new file mode 100644
index 0000000000..f2a5e21ea4
--- /dev/null
+++ b/html/scripts/manual.txt
@@ -0,0 +1,13 @@
+document.write("Program Manual Pages
\
+ntpd - Network Time Protocol (NTP) daemon
\
+
ntpq - standard NTP query program
\
+
ntpdc - special NTP query program
\
+
ntpdate - set the date and time via NTP
\
+
ntptrace - trace a chain of NTP servers back to the primary source
\
+
tickadj - set time-related kernel variables
\
+
ntptime - read kernel time variables
\
+
ntp-keygen - generate public and private keys
\
+
ntpdsim - Network Time Protocol (NTP) simulator
\
+
sntp - Simple Network Time Protocol (SNTP) Client
\
+
Site Map\
+")
\ No newline at end of file
diff --git a/html/scripts/misc.txt b/html/scripts/misc.txt
new file mode 100644
index 0000000000..b88cf79771
--- /dev/null
+++ b/html/scripts/misc.txt
@@ -0,0 +1,9 @@
+document.write("Miscellaneous
\
+Copyright Notice
\
+
Mitigation Rules and the prefer Keyword
\
+
Kernel Model for Precision Timekeeping
\
+
PPSAPI Interface for Precision Time Signals
\
+
Pulse-per-second (PPS) Signal Interfacing
\
+
Gadget Box PPS Level Converter and CHU Modem
\
+
Site Map\
+")
\ No newline at end of file
diff --git a/html/scripts/refclock.txt b/html/scripts/refclock.txt
new file mode 100644
index 0000000000..4f1a6471ac
--- /dev/null
+++ b/html/scripts/refclock.txt
@@ -0,0 +1,7 @@
+document.write("Reference Clock Support
\
+Reference Clock Drivers
\
+
External Clock Discipline and the Local Clock Driver
\
+
How to Write a Reference Clock Driver
\
+
How to build new PARSE clocks
\
+
Site Map\
+")
\ No newline at end of file
diff --git a/html/sitemap.html b/html/sitemap.html
new file mode 100644
index 0000000000..303c03ece1
--- /dev/null
+++ b/html/sitemap.html
@@ -0,0 +1,34 @@
+
+
+
+
+	
+		
+		
+		Site Map
+		
+	
+
+	
+		Site Map
+		P.T. Bridgeport Bear; from Pogo, Walt Kelly
+		Pleased to meet you.
+		Last update: 20:40 UTC Monday, December 31, 2007
+		

+		Related Links
+		
+		
+		
+		
+		
+		
+		
+		
+		
+		
+			
+		

+		
+	
+
+
\ No newline at end of file
diff --git a/html/sntp.html b/html/sntp.html
index 839271e5b7..16099ba3d7 100644
--- a/html/sntp.html
+++ b/html/sntp.html
@@ -12,14 +12,13 @@
 		Simple Network Time Protocol (SNTP) Client
 		from Alice's Adventures in Wonderland, Lewis Carroll
 		S is for snakeoil
-		Last update: 18:50 UTC Thursday, July 28, 2005
+		Last update: 19:21 UTC Monday, November 26, 2007
 		

 		
 		Synopsis
 		sntp [{-h --help -?}][{ -v -V -W }][{-r -a}][-P prompt][-e minerr][-E maxerr][-c count][-d delay][address(es)]
 		Description
-		This program is a Simple Network Time Protocol (SNTP) client that can be used to query a Network TIme Protocol (NTP) server and display the time offset of the system clock relative to the server clock. Run as root it can correct the system clock to this offset as well. It can be run as an interactive command or from a script by a cron job. The program implements the SNTP protocol defined in RFC-2030, which is a subset of the NTP protocol defined in RFC-1305, but does not provide the sanity checks, access controls, security functions and mitigation algorithms as in the full NTP implementation.
-		While this program can do other things, including operation as a primitive server, some of these things are truly dangerous in a ubiquitous public time server network. A full disclosure is in the man page in the ./sntp directory, but be truly advised RFC-2030 specifically forbids a SNTP client to operate as a server for other NTP or SNTP clients. If such operation is contemplated, do not allow access by clients on the public Internet.
+		This program is a Simple Network Time Protocol (SNTP) client that can be used to query a Network Time Protocol (NTP) server and display the time offset of the system clock relative to the server clock. Run as root it can correct the system clock to this offset as well. It can be run as an interactive command or from a script by a cron job. The program implements the SNTP protocol defined in RFC-4330, which is a subset of the NTP protocol defined in RFC-1305, but does not provide the sanity checks, access controls, security functions and mitigation algorithms as in the full NTP implementation.
 		By default, sntp writes the local date and time (i.e., not UTC) to the standard output in the format
 		1996 Oct 15 20:17:25.123 + 4.567 +/- 0.089 secs,
 		where the + 4.567 +/- 0.089 secs indicates the time offset and error bound of the system clock relative to the server clock.
diff --git a/html/tickadj.html b/html/tickadj.html
index 14559eda41..a19f5e5d02 100644
--- a/html/tickadj.html
+++ b/html/tickadj.html
@@ -11,12 +11,13 @@
 
 	
 		tickadj - set time-related kernel variables
-		Last update: 18:50 UTC Thursday, July 28, 2005
+		Last update: 18:53 UTC Wednesday, January 16, 2008
 		
 		Synopsis
 		tickadj [ -Aqs ] [ -a tickadj ] [ -t tick ]
 		Description
-		The tickadj program reads, and optionally modifies, several timekeeping-related variables in older kernels that do not have support for precision ttimekeeping, including HP-UX, SunOS, Ultrix, SGI and probably others. Those machines provide means to patch the kernel /dev/kmem. Newer machines with precision time support, including Solaris, Tru64, FreeBSD and Linux (with PPSkit patch) should NOT use the program. The particular variables that can be changed with tickadj include tick, which is the number of microseconds added to the system time for a clock interrupt, tickadj, which sets the slew rate and resolution used by the adjtime system call, and dosynctodr, which indicates to the kernels on some machines whether they should internally adjust the system clock to keep it in line with time-of-day clock or not.
+		The tickadj program reads, and optionally modifies, several timekeeping-related variables in older kernels that do not have support for precision ttimekeeping, including HP-UX, SunOS, Ultrix, SGI and probably others. Those machines provide means to patch the kernel /dev/kmem. Newer machines with kernel time support, including Solaris, Tru64, FreeBSD and Linux, should NOT use the program, even if it appears to work, as it will destabilize the kernel time support. Use the ntptime program instead.
+		The particular variables that can be changed with tickadj include tick, which is the number of microseconds added to the system time for a clock interrupt, tickadj, which sets the slew rate and resolution used by the adjtime system call, and dosynctodr, which indicates to the kernels on some machines whether they should internally adjust the system clock to keep it in line with time-of-day clock or not.
 		By default, with no arguments, tickadj reads the variables of interest in the kernel and displays them. At the same time, it determines an "optimal" value for the value of the tickadj variable if the intent is to run the ntpd Network Time Protocol (NTP) daemon, and prints this as well. Since the operation of tickadj when reading the kernel mimics the operation of similar parts of the ntpd program fairly closely, this can be useful when debugging problems with ntpd.
 		Note that tickadj should be run with some caution when being used for the first time on different types of machines. The operations which tickadj tries to perform are not guaranteed to work on all Unix machines and may in rare cases cause the kernel to crash.
 		Command Line Options
@@ -28,18 +29,14 @@
 			-t tick
 			
Set the kernel variable tick to the value tick specified.
 			
-s
-			
Set the kernel variable dosynctodr to zero, which disables the hardware time-of-year clock, a prerequisite for running the ntpd daemon under SunOS4.
-			
-q
+			
Set the kernel variable dosynctodr to zero, which disables the hardware time-of-year clock, a prerequisite for running the ntpd daemon under SunOS 4.x.
-q
 			
Normally, tickadj is quite verbose about what it is doing. The -q flag tells it to shut up about everything except errors.
 		
 		Files
-		-/vmunix
-
-/unix
-
-/dev/kmem
-
+		/vmunix

+			/unix

+			/dev/kmem

+		
 		Bugs
 		Fiddling with kernel variables at run time as a part of ordinary operations is a hideous practice which is only necessary to make up for deficiencies in the implementation of adjtime in many kernels and/or brokenness of the system clock in some vendors' kernels. It would be much better if the kernels were fixed and the tickadj program went away.