+* Documentation updates from Dave Mills.
* [Bug 1037] Use all 16 of the MD5 passwords generated by ntp-keygen.
* Fixed the incorrect edge parameter being passed to time_pps_kcbind in
NMEA refclock driver.
<h3>Server Options</h3>
<img src="pic/boom3a.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/~mills/pictures.html">from <i>Pogo</i>, Walt Kelly</a>
<p>The chicken is getting configuration advice.</p>
- <p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">02:18</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="250">Sunday, March 02, 2008</csobj></p>
+ <p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61"></csobj><csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="250"> July 5, 2008</csobj></p>
<br clear="left">
<h4>Related Links</h4>
<script type="text/javascript" language="javascript" src="scripts/command.txt"></script>
<dt><tt>autokey</tt>
<dd>Send and receive packets authenticated by the Aautokey scheme described in the <a href="authopt.html">Authentication Options</a> page. This option is valid only with <tt>server</tt> and <tt>peer</tt> commands and type s addresses. It is incompatible with the <tt>key</tt> option.<dt><tt>burst</tt>
<dd>When the server is reachable, send a burst of eight packets instead of the usual one. The packet spacing is normally 2 s; however, the spacing between the first and second packets can be changed with the <a href="miscopt.html"><tt>calldelay</tt></a> command to allow additional time for a modem or ISDN call to complete. This option is valid only with only the <tt>server</tt> command and type s addressesa. It is a recommended option when the <tt>maxpoll</tt> option is greater than 10 (1024 s).
- <dt><tt>iburst</tt>
- <dd>When the server is unreachable, send a burst of eight packets instead of the usual one. The packet spacing is normally 2 s; however, the spacing between the first and second packets can be changed with the <a href="miscopt.html"><tt>calldelay</tt></a> command to allow additional time for a modem or ISDN call to complete. This option is valid only with the <tt>server</tt> command and type s addresses. It is a recommended option with this command.<dt><tt>key</tt> <i><tt>key</tt></i>
- <dd>Send and receive packets authenticated by the symmetric key scheme described in the <a href="authopt.html">Authentication Options</a> page. This option is valid only with <tt>server</tt> and <tt>peer</tt> commands and type s addresses. The <i><tt>key</tt></i> specifies the key identifier with values from 1 to 65534, inclusive. This option is incompatible with the <tt>autokey</tt> option.
- <dt><tt>minpoll <i>minpoll<br>
- </i></tt><tt>maxpoll <i>maxpoll</i></tt>
- <dd>These options specify the minimum and maximum poll intervals for NTP messages, in seconds as a power of two. The maximum poll interval defaults to 10 (1024 s), but can be increased by the <tt>maxpoll</tt> option to an upper limit of 17 (36 h). The minimum poll interval defaults to 6 (64 s), but can be decreased by the <tt>minpoll</tt> option to a lower limit of 4 (16 s). These option are valid only with the <tt>server</tt> and <tt>peer</tt> commands and type s addresses.
- <dt><tt>mode <i>option</i></tt>
- <dd>Pass the <tt><i>option</i></tt> to a reference clock driver, where <tt><i>option</i></tt> is an integer in the range from 0 to 255, inclusive. This option is valid only with the <tt>server</tt> command and type r addresses.<dt><tt>noselect</tt>
- <dd>Marks the server or peer to be ignored by the selection algorithm but visible to the monitoring program. This option is ignored with the <tt>broadcast</tt> command.<dt><tt>preempt</tt>
- <dd>Specifies the association as preemptable rather than the default persistent. This option is ignored with the <tt>broadcast</tt> command and is most useful with the <tt>manycastclient</tt> and <tt>pool</tt> commands.<dt><tt>prefer</tt>
- <dd>Mark the server as preferred. All other things being equal, this host will be chosen for synchronization among a set of correctly operating hosts. See the <a href="prefer.html">Mitigation Rules and the <tt>prefer</tt> Keyword</a> page for further information. This option is valid only with the <tt>server</tt> and <tt>peer</tt> commands.
- <dt><tt>true</tt>
- <dd>Mark the association to assume truechimer status; that is, always survive the selection and clustering algorithms. This option can be used with any association, but is most useful for reference clocks with large jitter on the serial port and precision pulse-per-second (PPS) signals. Caution: this option defeats the algorithms designed to cast out falsetickers and can allow these sources to set the system clock. This option is valid only with the <tt>server</tt> and <tt>peer</tt> commands.
- <dt><tt>ttl <i>ttl</i></tt>
- <dd>This option specifies the time-to-live <i><tt>ttl</tt></i> for the <tt>broadcast</tt> commmand and the maximum <i><tt>ttl</tt></i> for the expanding ring search used by the <tt>manycastclient</tt> command. Selection of the proper value, which defaults to 127, is something of a black art and should be coordinated with the network administrator.<dt><tt>version <i>version</i></tt>
- <dd>Specifies the version number to be used for outgoing NTP packets. Versions 1-4 are the choices, with version 4 the default.<dt><tt>dynamic</tt>
- <dd>Allows a server/peer to be configured even if it is not reachable at configuration time. It is assumed that at some point in the future the network environment changes so that this server/peer can be reached. This option is useful to configure servers/peers on mobile systems with intermittent network access (e.g. wlan clients). Note: the current implemenation does not support this option.</dl>
- <h4 id="aux">Auxilliary Commands</h4>
+ <dt><tt>dynamic</tt>
+ <dd>Allows a server/peer to be configured even if it is not reachable at configuration time. It is assumed that at some point in the future the network environment changes so that this server/peer can be reached. This option is useful to configure servers/peers on mobile systems with intermittent network access (e.g. wlan clients). Note: the current implemenation does not support this option.
+ <dt><tt>iburst</tt>
+ <dd>When the server is unreachable, send a burst of eight packets instead of the usual one. The packet spacing is normally 2 s; however, the spacing between the first and second packets can be changed with the <a href="miscopt.html"><tt>calldelay</tt></a> command to allow additional time for a modem or ISDN call to complete. This option is valid only with the <tt>server</tt> command and type s addresses. It is a recommended option with this command.
+ <dt><tt>key</tt> <i><tt>key</tt></i>
+ <dd>Send and receive packets authenticated by the symmetric key scheme described in the <a href="authopt.html">Authentication Options</a> page. This option is valid only with <tt>server</tt> and <tt>peer</tt> commands and type s addresses. The <i><tt>key</tt></i> specifies the key identifier with values from 1 to 65534, inclusive. This option is incompatible with the <tt>autokey</tt> option.
+ <dt><tt>minpoll <i>minpoll<br>
+ </i></tt><tt>maxpoll <i>maxpoll</i></tt>
+ <dd>These options specify the minimum and maximum poll intervals for NTP messages, in seconds as a power of two. The maximum poll interval defaults to 10 (1024 s), but can be increased by the <tt>maxpoll</tt> option to an upper limit of 17 (36 h). The minimum poll interval defaults to 6 (64 s), but can be decreased by the <tt>minpoll</tt> option to a lower limit of 4 (16 s). These option are valid only with the <tt>server</tt> and <tt>peer</tt> commands and type s addresses.
+ <dt><tt>mode <i>option</i></tt>
+ <dd>Pass the <tt><i>option</i></tt> to a reference clock driver, where <tt><i>option</i></tt> is an integer in the range from 0 to 255, inclusive. This option is valid only with the <tt>server</tt> command and type r addresses.
+ <dt><tt>noselect</tt>
+ <dd>Marks the server or peer to be ignored by the selection algorithm but visible to the monitoring program. This option is ignored with the <tt>broadcast</tt> command.
+ <dt><tt>preempt</tt>
+ <dd>Specifies the association as preemptable rather than the default persistent. This option is ignored with the <tt>broadcast</tt> command and is most useful with the <tt>manycastclient</tt> and <tt>pool</tt> commands.
+ <dt><tt>prefer</tt>
+ <dd>Mark the server as preferred. All other things being equal, this host will be chosen for synchronization among a set of correctly operating hosts. See the <a href="prefer.html">Mitigation Rules and the <tt>prefer</tt> Keyword</a> page for further information. This option is valid only with the <tt>server</tt> and <tt>peer</tt> commands.
+ <dt><tt>true</tt>
+ <dd>Mark the association to assume truechimer status; that is, always survive the selection and clustering algorithms. This option can be used with any association, but is most useful for reference clocks with large jitter on the serial port and precision pulse-per-second (PPS) signals. Caution: this option defeats the algorithms designed to cast out falsetickers and can allow these sources to set the system clock. This option is valid only with the <tt>server</tt> and <tt>peer</tt> commands.
+ <dt><tt>ttl <i>ttl</i></tt>
+ <dd>This option specifies the time-to-live <i><tt>ttl</tt></i> for the <tt>broadcast</tt> commmand and the maximum <i><tt>ttl</tt></i> for the expanding ring search used by the <tt>manycastclient</tt> command. Selection of the proper value, which defaults to 127, is something of a black art and should be coordinated with the network administrator.
+ <dt><tt>version <i>version</i></tt>
+ <dd>Specifies the version number to be used for outgoing NTP packets. Versions 1-4 are the choices, with version 4 the default.
+ <dt><tt>xleave</tt>
+ <dd>Operate in interleaved mode (symmetric and broadcast modes only). (see <a href="x;eave.html">NTP Interleaved Modes</a>)
+ </dl>
+ <h4 id="aux">Auxilliary Commands</h4>
<dl>
<dt id="broadcastclient"><tt>broadcastclient [novolley]</tt>
<dd>Enable reception of broadcast server messages to any local interface (type b address). Ordinarily, upon receiving a message for the first time, the broadcast client measures the nominal server propagation delay using a brief client/server exchange, after which it continues in listen-only mode. If the <tt>novolley</tt> keyword is present, the exchange is not used and the value specified in the <tt>broadcastdelay</tt> command is used or, if the <tt>broadcastdelay</tt> command is not used, the default 4.0 ms. Note that, in order to avoid accidental or malicious disruption in this mode, both the server and client should operate using symmetric key or public key authentication as described in the <a href="authopt.html">Authentication Options</a> page. Note that the <tt>novolley</tt> keyword is incompatible with public key authentication.
<pre>
***********************************************************************
* *
-* Copyright (c) David L. Mills 1992-2008 *
+* Copyright (c) University of Delaware 1992-2008 *
* *
* Permission to use, copy, modify, and distribute this software and *
* its documentation for any purpose with or without fee is hereby *
<h3>Event Messages and Status Words</h3>
<img src="pic/alice47.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/%7emills/pictures.html">from <i>Alice's Adventures in Wonderland</i>, Lewis Carroll</a>
<p>Caterpillar knows all the error codes, which is more than most of us do.</p>
- <p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">04:18</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="237">Tuesday, May 06, 2008</csobj></p>
+ <p>Last update:<csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="237"> July 5, 2008</csobj></p>
<br clear="left">
<h4>Related Links</h4>
<p><script type="text/javascript" language="javascript" src="scripts/install.txt"></script></p>
<hr>
<h4 id="intro">Introduction</h4>
<p>This page lists the status and event messages and error codes used for status reporting and monitoring. Status words are used to display the current status of the running program. There is one system status word and a peer status word for each association. There is a clock status word for each association that supports a reference clock driver. There is a flash code for each association which shows errors found in the last packet received (pkt) and during protocol processing (peer). These are commonly viewed using the <tt>ntpq</tt> program.</p>
- <p>Sinificant changes in program state are reported as events. There is one set of system events and a set of peer events for each association. In adition, there is a set of clock events for each association that supports a reference clock driver. Events are normally reported to the <tt>protostats</tt> file and optionally to the system log. In addition, if the trap facility is configured, traps can be reported to a remote program that can page an administrator.</p>
+ <p>Significant changes in program state are reported as events. There is one set of system events and a set of peer events for each association. In adition, there is a set of clock events for each association that supports a reference clock driver. Events are normally reported to the <tt>protostats</tt> file and optionally to the system log. In addition, if the trap facility is configured, traps can be reported to a remote program that can page an administrator.</p>
<p>This page also includes a description of the error messages produced by the Autokey protocol. These messages are normally sent to the <tt>cryptostats</tt> file.</p>
<p>In the following tables the Code Field is the status or event code assigned and the Message Field a short string used for display and event reporting. The Description field contains a longer explanation of the status or event. Some messages include additional information useful for error diagnosis and performance assessment.</p>
<h4 id="sys">System Status Word</h4>
<h3><tt>ntp-keygen</tt> - generate public and private keys</h3>
<img src="pic/alice23.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/%7emills/pictures.html">from <i>Alice's Adventures in Wonderland</i>, Lewis Carroll</a>
<p>Alice holds the key.</p>
- <p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">02:47</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="269">Sunday, January 20, 2008</csobj></p>
+ <p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61"></csobj><csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="269">July 5, 2008</csobj></p>
<br clear="left">
<h4>Related Links</h4>
<script type="text/javascript" language="javascript" src="scripts/manual.txt"></script>
<h4 id="synop">Synopsis</h4>
<p id="intro"><tt>ntp-keygen [ -cdeMPT ] [ -c [RSA-MD2 | RSA-MD5 | RSA-SHA | RSA-SHA1 | RSA-MDC2 | RSA-RIPEMD160 | DSA-SHA | DSA-SHA1 ] ] [ -H } [ -i <i>issuername</i> ] [ -p <i>passwd2</i> ] [ -q <i>passwd1</i> ] [ -S [ RSA | DSA ] ] [ -s <i>subjectame</i> ] [ -V <i>nkeys</i> ]</tt></p>
<h4 id="descrip">Description</h4>
- <p>This program generates cryptographic data files used by the NTPv4 authentication and identity schemes. It generates MD5 keys used in symmetric key cryptography and, if the OpenSSL software library has been installed, it generates host keys, certificates and identity keys used in the Autokey public key cryptography. All files are in PEM-encoded printable ASCII format so they can be embedded as MIME attachments in mail to other sites and certificate authorities.</p>
+ <p>This program generates cryptographic data files used by the NTPv4 authentication and identity schemes. It generates MD5 keys used in symmetric key cryptography and, if the OpenSSL software library has been installed, it generates host keys, certificates and identity keys used in the Autokey public key cryptography. The symmetric keys file is generated in a format compatable with NTPv3 and also used with NTPv4. All other files are in PEM-encoded printable ASCII format so they can be embedded as MIME attachments in mail to other sites and certificate authorities.</p>
+ <p>When used to generate symmetric keys, the program produces a file containing 16 random keys. If this is the only need, run <tt>ntp-keygen</tt> with the <tt>-M</tt> option and disregard the remainder of this page. The file can be edited later with purpose-chosen passwords. Each line of the file contains three fields, first an integer between 1 and 65534, inclusive, representing the key identifier used in the <tt>server</tt> and <tt>peer</tt> configuration command. Next is the single character <tt>M</tt> to designate the key as MD5. Finally is the key itself from 1 to 31 characters chosen from the printable ASCII set with the exclusion of space and #. As is custom, # and the remaining chacters on the line are ignored. </p>
<p>Generated files are compatible with other OpenSSL applications and other Public Key Infrastructure (PKI) resources. Certificates generated by this program should be compatible with extant industry practice, although some users might find the interpretation of X509v3 extension fields somewhat liberal. However, the identity keys are probably not compatible with anything other than Autokey.</p>
<p>Most files used by this program are encrypted using a private password. The <tt>-p</tt> option specifies the password for local files and the <tt>-q</tt> option the password for files to be sent to remote sites. If no local password is specified, the string returned by the Unix <tt>gethostname()</tt> function is used. If no remote password is specified, the local password is used.</p>
<p>The <tt>ntpd</tt> command <tt>crypto pw</tt> specifies the read password for previously encrypted files. This must match the local password used by this program. If not specified, the host name is used. Thus, if files are generated by this program without password, they can be read back by <tt>ntpd</tt> without password, but only on the same host.</p>
<dd>The status field is encoded in hex format as described in Appendix B of the NTP specification RFC 1305.
<dt><tt>protostats</tt>
- <dd>Record significant peer, system and clock events. Each significant event appends one line to the <tt>cryptostats</tt> file set:
+ <dd>Record significant peer, system and [rptpcp; events. Each significant event appends one line to the <tt>protostats</tt> file set:
<dd><tt>49213 525.624 128.4.1.1 <i>message</i></tt>
<dd>
<table width="100%" border="1" cellspacing="2" cellpadding="0">
<h3><tt>ntpd</tt> - Network Time Protocol (NTP) daemon</h3>
<img src="pic/wingdorothy.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/~mills/pictures.html">from <i>The Wizard of Oz</i>, L. Frank Baum</a>
<p>You need help from the monkeys.</p>
- <p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">19:34</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="266">Saturday, March 22, 2008</csobj></p>
+ <p>Last update: July 5, 2008</p>
<br clear="left">
<h4>Related Links</h4>
<script type="text/javascript" language="javascript" src="scripts/command.txt"></script>
<p>If the latest leap is in the past, nothing further is done other than to install the TAI offset. If the leap is in the future less than 28 days, the leap warning bits are set. If in the future less than 23 hours, the kernel is armed to insert one second at the end of the current day. If the kernel is enabled, the leap is done automatically at that time; otherwise, the clock is effectively stopped for one second at the leap. Additional details are in the <a href='http://www.eecis.udel.edu/~mills/leap.html'>The NTP Timescale and Leap Seconds</a> white paper</p>
<p>Dependent servers and clients tally the leap warning bits of surviving servers and reference clocks. When a majority of the survivors show warning, a leap is programmed at the end of the current month. During the month and day of insertion, they operate as above. In this way the leap is propagated at all dependent servers and clients.</p>
<h4 id="notes">Additional Features</h4>
+ <p>A new experimental feature called interleaved modes can be used in NTP symmetric or broadcast modes. It is designed to improve accuracy by avoiding kernel latency and queueing delay, as described on the <a href="xleave.html">NTP Interleaved Modes</a> page. It is activated by the <tt>xleave</tt> option with the <tt>peer</tt> or <tt>broadcast</tt> configuration commands. The NTP protocol automatically reconfigures in normal or interleaved mode as required. Ordinary broadcast clients can use the same servers as interleaved clients at the same time. Further details are in the white paper <a href="http://www.eecis.udel.edu/~mills/onwire.html">NTP Interleaved On-Wire Protocol</a> and the <a href="http://www.eecis.udel.edu/~mills/database/brief/onwire/onwire.ppt">briefing</a> of the same name. </p>
<p>If <tt>ntpd</tt>, is configured with NetInfo support, it will attempt to read its configuration from the NetInfo service if the default <tt>ntp.conf</tt> file cannot be read and no file is specified by the <tt>-c</tt> option.</p>
<p>In contexts where a host name is expected, a <tt>-4</tt> qualifier preceding the host name forces DNS resolution to the IPv4 namespace, while a <tt>-6</tt> qualifier forces DNS resolution to the IPv6 namespace.</p>
<p>Various internal <tt>ntpd</tt> variables can be displayed and configuration options altered while the <tt>ntpd</tt> is running using the <tt><a href="ntpq.html">ntpq</a></tt> and <tt><a href="ntpdc.html">ntpdc</a></tt> utility programs.</p>
<h3><tt>ntpq</tt> - standard NTP query program</h3>
<img src="pic/bustardfly.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/~mills/pictures.html">from <i>Pogo</i>, Walt Kelly</a>
<p>A typical NTP monitoring packet</p>
- <p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">23:58</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="223">Friday, April 04, 2008</csobj></p>
+ <p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61"></csobj><csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="223">July 5, 2008</csobj></p>
<br clear="left">
<h4>More Help</h4>
<script type="text/javascript" language="javascript" src="scripts/manual.txt"></script>
</tr>
<tr>
<td><tt>headway</tt></td>
- <td>headway (s)</td>
+ <td>headway (see <a href="rate.html">Rate Management and the Kiss-o'-Death Packet)</a></td>
</tr>
<tr>
<td><tt>flash</tt></td>
<td><tt>jitter</tt></td>
<td>filter jitter</td>
</tr>
+<tr>
+ <td><tt>xleave</tt></td>
+ <td>interleave delay (see <a href="xleave.html">NTP Interleaved Modes </a>)</td>
+ </tr>
</table>
<p>When the NTPv4 daemon is compiled with the OpenSSL software library, additional peer variables are displayed, including the following:</p>
<table width="100%" border="1" cellspacing="2" cellpadding="2">
projects / thirdparty / ntp.git / commitdiff
