4798ffa9e1
Approved by: roberto, delphij Security: VuXML: 0d0f3050-1f69-11e5-9ba9-d050996490d0 Security: http://bugs.ntp.org/show_bug.cgi?id=2853 Security: https://www.kb.cert.org/vuls/id/668167 Security: http://support.ntp.org/bin/view/Main/SecurityNotice#June_2015_NTP_Security_Vulnerabi
949 lines
26 KiB
Plaintext
949 lines
26 KiB
Plaintext
/* -*- Mode: Text -*- */
|
|
|
|
autogen definitions options;
|
|
|
|
#include copyright.def
|
|
#include homerc.def
|
|
#include autogen-version.def
|
|
|
|
prog-name = "ntpq";
|
|
prog-title = "standard NTP query program";
|
|
argument = '[ host ...]';
|
|
|
|
flag = {
|
|
name = ipv4;
|
|
flags-cant = ipv6;
|
|
value = 4;
|
|
descrip = "Force IPv4 DNS name resolution";
|
|
doc = <<- _EndOfDoc_
|
|
Force DNS resolution of following host names on the command line
|
|
to the IPv4 namespace.
|
|
_EndOfDoc_;
|
|
};
|
|
|
|
flag = {
|
|
name = ipv6;
|
|
flags-cant = ipv4;
|
|
value = 6;
|
|
descrip = "Force IPv6 DNS name resolution";
|
|
doc = <<- _EndOfDoc_
|
|
Force DNS resolution of following host names on the command line
|
|
to the IPv6 namespace.
|
|
_EndOfDoc_;
|
|
};
|
|
|
|
flag = {
|
|
name = command;
|
|
value = c;
|
|
arg-type = string;
|
|
descrip = "run a command and exit";
|
|
max = NOLIMIT;
|
|
arg-name = cmd;
|
|
call-proc = ntpq_custom_opt_handler;
|
|
doc = <<- _EndOfDoc_
|
|
The following argument is interpreted as an interactive format command
|
|
and is added to the list of commands to be executed on the specified
|
|
host(s).
|
|
_EndOfDoc_;
|
|
};
|
|
|
|
#include debug-opt.def
|
|
|
|
flag = {
|
|
name = interactive;
|
|
value = i;
|
|
flags-cant = command, peers;
|
|
descrip = "Force ntpq to operate in interactive mode";
|
|
doc = <<- _EndOfDoc_
|
|
Force @code{ntpq} to operate in interactive mode.
|
|
Prompts will be written to the standard output and
|
|
commands read from the standard input.
|
|
_EndOfDoc_;
|
|
};
|
|
|
|
flag = {
|
|
name = numeric;
|
|
value = n;
|
|
descrip = "numeric host addresses";
|
|
doc = <<- _EndOfDoc_
|
|
Output all host addresses in dotted-quad numeric format rather than
|
|
converting to the canonical host names.
|
|
_EndOfDoc_;
|
|
};
|
|
|
|
flag = {
|
|
name = old-rv;
|
|
descrip = "Always output status line with readvar";
|
|
doc = <<- _EndOfDoc_
|
|
By default, @code{ntpq} now suppresses the @code{associd=...}
|
|
line that precedes the output of @code{readvar}
|
|
(alias @code{rv}) when a single variable is requested, such as
|
|
@code{ntpq -c "rv 0 offset"}.
|
|
This option causes @code{ntpq} to include both lines of output
|
|
for a single-variable @code{readvar}.
|
|
Using an environment variable to
|
|
preset this option in a script will enable both older and
|
|
newer @code{ntpq} to behave identically in this regard.
|
|
_EndOfDoc_;
|
|
};
|
|
|
|
flag = {
|
|
name = peers;
|
|
value = p;
|
|
descrip = "Print a list of the peers";
|
|
flags-cant = interactive;
|
|
call-proc = ntpq_custom_opt_handler;
|
|
doc = <<- _EndOfDoc_
|
|
Print a list of the peers known to the server as well as a summary
|
|
of their state. This is equivalent to the 'peers' interactive command.
|
|
_EndOfDoc_;
|
|
};
|
|
|
|
flag = {
|
|
name = wide;
|
|
value = w;
|
|
descrip = "Display the full 'remote' value";
|
|
doc = <<- _EndOfDoc_
|
|
Display the full value of the 'remote' value. If this requires
|
|
more than 15 characters, display the full value, emit a newline,
|
|
and continue the data display properly indented on the next line.
|
|
_EndOfDoc_;
|
|
};
|
|
|
|
doc-section = {
|
|
ds-type = 'DESCRIPTION';
|
|
ds-format = 'mdoc';
|
|
ds-text = <<- _END_PROG_MDOC_DESCRIP
|
|
|
|
The
|
|
.Nm
|
|
utility program is used to query NTP servers which
|
|
implement the standard NTP mode 6 control message formats defined
|
|
in Appendix B of the NTPv3 specification RFC1305, requesting
|
|
information about current state and/or changes in that state.
|
|
The same formats are used in NTPv4, although some of the
|
|
variables have changed and new ones added. The description on this
|
|
page is for the NTPv4 variables.
|
|
The program may be run either in interactive mode or controlled using
|
|
command line arguments.
|
|
Requests to read and write arbitrary
|
|
variables can be assembled, with raw and pretty-printed output
|
|
options being available.
|
|
The
|
|
.Nm
|
|
utility can also obtain and print a
|
|
list of peers in a common format by sending multiple queries to the
|
|
server.
|
|
|
|
If one or more request options is included on the command line
|
|
when
|
|
.Nm
|
|
is executed, each of the requests will be sent
|
|
to the NTP servers running on each of the hosts given as command
|
|
line arguments, or on localhost by default.
|
|
If no request options
|
|
are given,
|
|
.Nm
|
|
will attempt to read commands from the
|
|
standard input and execute these on the NTP server running on the
|
|
first host given on the command line, again defaulting to localhost
|
|
when no other host is specified.
|
|
The
|
|
.Nm
|
|
utility will prompt for
|
|
commands if the standard input is a terminal device.
|
|
|
|
.Nm
|
|
uses NTP mode 6 packets to communicate with the
|
|
NTP server, and hence can be used to query any compatible server on
|
|
the network which permits it.
|
|
Note that since NTP is a UDP protocol
|
|
this communication will be somewhat unreliable, especially over
|
|
large distances in terms of network topology.
|
|
The
|
|
.Nm
|
|
utility makes
|
|
one attempt to retransmit requests, and will time requests out if
|
|
the remote host is not heard from within a suitable timeout
|
|
time.
|
|
|
|
Specifying a
|
|
command line option other than
|
|
.Fl i
|
|
or
|
|
.Fl n
|
|
will
|
|
cause the specified query (queries) to be sent to the indicated
|
|
host(s) immediately.
|
|
Otherwise,
|
|
.Nm
|
|
will attempt to read
|
|
interactive format commands from the standard input.
|
|
.Ss "Internal Commands"
|
|
Interactive format commands consist of a keyword followed by zero
|
|
to four arguments.
|
|
Only enough characters of the full keyword to
|
|
uniquely identify the command need be typed.
|
|
|
|
A
|
|
number of interactive format commands are executed entirely within
|
|
the
|
|
.Nm
|
|
utility itself and do not result in NTP mode 6
|
|
requests being sent to a server.
|
|
These are described following.
|
|
.Bl -tag -width "? [command_keyword]" -compact -offset indent
|
|
.It Ic ? Op Ar command_keyword
|
|
.It Ic help Op Ar command_keyword
|
|
A
|
|
.Ql \&?
|
|
by itself will print a list of all the command
|
|
keywords known to this incarnation of
|
|
.Nm .
|
|
A
|
|
.Ql \&?
|
|
followed by a command keyword will print function and usage
|
|
information about the command.
|
|
This command is probably a better
|
|
source of information about
|
|
.Nm
|
|
than this manual
|
|
page.
|
|
.It Ic addvars Ar variable_name Ns Xo Op Ic =value
|
|
.Ic ...
|
|
.Xc
|
|
.It Ic rmvars Ar variable_name Ic ...
|
|
.It Ic clearvars
|
|
.It Ic showvars
|
|
The data carried by NTP mode 6 messages consists of a list of
|
|
items of the form
|
|
.Ql variable_name=value ,
|
|
where the
|
|
.Ql =value
|
|
is ignored, and can be omitted,
|
|
in requests to the server to read variables.
|
|
The
|
|
.Nm
|
|
utility maintains an internal list in which data to be included in control
|
|
messages can be assembled, and sent using the
|
|
.Ic readlist
|
|
and
|
|
.Ic writelist
|
|
commands described below.
|
|
The
|
|
.Ic addvars
|
|
command allows variables and their optional values to be added to
|
|
the list.
|
|
If more than one variable is to be added, the list should
|
|
be comma-separated and not contain white space.
|
|
The
|
|
.Ic rmvars
|
|
command can be used to remove individual variables from the list,
|
|
while the
|
|
.Ic clearlist
|
|
command removes all variables from the
|
|
list.
|
|
The
|
|
.Ic showvars
|
|
command displays the current list of optional variables.
|
|
.It Ic authenticate Op yes | no
|
|
Normally
|
|
.Nm
|
|
does not authenticate requests unless
|
|
they are write requests.
|
|
The command
|
|
.Ql authenticate yes
|
|
causes
|
|
.Nm
|
|
to send authentication with all requests it
|
|
makes.
|
|
Authenticated requests causes some servers to handle
|
|
requests slightly differently, and can occasionally melt the CPU in
|
|
fuzzballs if you turn authentication on before doing a
|
|
.Ic peer
|
|
display.
|
|
The command
|
|
.Ql authenticate
|
|
causes
|
|
.Nm
|
|
to display whether or not
|
|
.Nm
|
|
is currently autheinticating requests.
|
|
.It Ic cooked
|
|
Causes output from query commands to be "cooked", so that
|
|
variables which are recognized by
|
|
.Nm
|
|
will have their
|
|
values reformatted for human consumption.
|
|
Variables which
|
|
.Nm
|
|
thinks should have a decodable value but didn't are
|
|
marked with a trailing
|
|
.Ql \&? .
|
|
.It Xo
|
|
.Ic debug
|
|
.Oo
|
|
.Cm more |
|
|
.Cm less |
|
|
.Cm off
|
|
.Oc
|
|
.Xc
|
|
With no argument, displays the current debug level.
|
|
Otherwise, the debug level is changed to the indicated level.
|
|
.It Ic delay Ar milliseconds
|
|
Specify a time interval to be added to timestamps included in
|
|
requests which require authentication.
|
|
This is used to enable
|
|
(unreliable) server reconfiguration over long delay network paths
|
|
or between machines whose clocks are unsynchronized.
|
|
Actually the
|
|
server does not now require timestamps in authenticated requests,
|
|
so this command may be obsolete.
|
|
.It Ic exit
|
|
Exit
|
|
.Nm .
|
|
.It Ic host Ar hostname
|
|
Set the host to which future queries will be sent.
|
|
.Ar hostname
|
|
may be either a host name or a numeric address.
|
|
.It Ic hostnames Op Cm yes | Cm no
|
|
If
|
|
.Cm yes
|
|
is specified, host names are printed in
|
|
information displays.
|
|
If
|
|
.Cm no
|
|
is specified, numeric
|
|
addresses are printed instead.
|
|
The default is
|
|
.Cm yes ,
|
|
unless
|
|
modified using the command line
|
|
.Fl n
|
|
switch.
|
|
.It Ic keyid Ar keyid
|
|
This command allows the specification of a key number to be
|
|
used to authenticate configuration requests.
|
|
This must correspond
|
|
to the
|
|
.Cm controlkey
|
|
key number the server has been configured to use for this
|
|
purpose.
|
|
.It Ic keytype Xo Oo
|
|
.Cm md5 |
|
|
.Cm OpenSSLDigestType
|
|
.Oc
|
|
.Xc
|
|
Specify the type of key to use for authenticating requests.
|
|
.Cm md5
|
|
is alway supported.
|
|
If
|
|
.Nm
|
|
was built with OpenSSL support,
|
|
any digest type supported by OpenSSL can also be provided.
|
|
If no argument is given, the current
|
|
.Ic keytype
|
|
is displayed.
|
|
.It Ic ntpversion Xo Oo
|
|
.Cm 1 |
|
|
.Cm 2 |
|
|
.Cm 3 |
|
|
.Cm 4
|
|
.Oc
|
|
.Xc
|
|
Sets the NTP version number which
|
|
.Nm
|
|
claims in
|
|
packets.
|
|
Defaults to 3, and note that mode 6 control messages (and
|
|
modes, for that matter) didn't exist in NTP version 1.
|
|
There appear
|
|
to be no servers left which demand version 1.
|
|
With no argument, displays the current NTP version that will be used
|
|
when communicating with servers.
|
|
.It Ic passwd
|
|
This command prompts you to type in a password (which will not
|
|
be echoed) which will be used to authenticate configuration
|
|
requests.
|
|
The password must correspond to the key configured for
|
|
use by the NTP server for this purpose if such requests are to be
|
|
successful.
|
|
.\" Not yet implemented.
|
|
.\" .It Ic poll
|
|
.\" .Op Ar n
|
|
.\" .Op Ic verbose
|
|
.\" Poll an NTP server in client mode
|
|
.\" .Ar n
|
|
.\" times.
|
|
.It Ic quit
|
|
Exit
|
|
.Nm .
|
|
.It Ic raw
|
|
Causes all output from query commands is printed as received
|
|
from the remote server.
|
|
The only formating/interpretation done on
|
|
the data is to transform nonascii data into a printable (but barely
|
|
understandable) form.
|
|
.It Ic timeout Ar milliseconds
|
|
Specify a timeout period for responses to server queries.
|
|
The
|
|
default is about 5000 milliseconds.
|
|
Note that since
|
|
.Nm
|
|
retries each query once after a timeout, the total waiting time for
|
|
a timeout will be twice the timeout value set.
|
|
.It Ic version
|
|
Print the version of the
|
|
.Nm
|
|
program.
|
|
.El
|
|
|
|
.Ss "Control Message Commands"
|
|
Association IDs are used to identify system, peer and clock variables.
|
|
System variables are assigned an association ID of zero and system name space, while each association is assigned a nonzero association ID and peer namespace.
|
|
Most control commands send a single mode-6 message to the server and expect a single response message.
|
|
The exceptions are the
|
|
.Li peers
|
|
command, which sends a series of messages,
|
|
and the
|
|
.Li mreadlist
|
|
and
|
|
.Li mreadvar
|
|
commands, which iterate over a range of associations.
|
|
.Bl -tag -width "something" -compact -offset indent
|
|
.It Cm associations
|
|
Display a list of mobilized associations in the form:
|
|
.Dl ind assid status conf reach auth condition last_event cnt
|
|
.Bl -column -offset indent ".Sy Variable" ".Sy Description"
|
|
.It Sy String Ta Sy Description
|
|
.It Li ind Ta index on this list
|
|
.It Li assid Ta association ID
|
|
.It Li status Ta peer status word
|
|
.It Li conf Ta Li yes : persistent, Li no : ephemeral
|
|
.It Li reach Ta Li yes : reachable, Li no : unreachable
|
|
.It Li auth Ta Li ok , Li yes , Li bad and Li none
|
|
.It Li condition Ta selection status (see the Li select field of the peer status word)
|
|
.It Li last_event Ta event report (see the Li event field of the peer status word)
|
|
.It Li cnt Ta event count (see the Li count field of the peer status word)
|
|
.El
|
|
.It Cm authinfo
|
|
Display the authentication statistics.
|
|
.It Cm clockvar Ar assocID Oo Ar name Ns Oo Cm = Ns Ar value Oc Oc Op ...
|
|
.It Cm cv Ar assocID Oo Ar name Ns Oo Cm = Ns Ar value Oc Oc Op ...
|
|
Display a list of clock variables for those associations supporting a reference clock.
|
|
.It Cm :config Op ...
|
|
Send the remainder of the command line, including whitespace, to the server as a run-time configuration command in the same format as a line in the configuration file. This command is experimental until further notice and clarification. Authentication is of course required.
|
|
.It Cm config-from-file Ar filename
|
|
Send the each line of
|
|
.Ar filename
|
|
to the server as run-time configuration commands in the same format as a line in the configuration file. This command is experimental until further notice and clarification. Authentication is required.
|
|
.It Ic ifstats
|
|
Display statistics for each local network address. Authentication is required.
|
|
.It Ic iostats
|
|
Display network and reference clock I/O statistics.
|
|
.It Ic kerninfo
|
|
Display kernel loop and PPS statistics. As with other ntpq output, times are in milliseconds. The precision value displayed is in milliseconds as well, unlike the precision system variable.
|
|
.It Ic lassociations
|
|
Perform the same function as the associations command, except display mobilized and unmobilized associations.
|
|
.It Ic lopeers Xo
|
|
.Oo Ic -4 |
|
|
.Ic -6
|
|
.Oc
|
|
.Xc
|
|
Obtain and print a list of all peers and clients showing
|
|
.Ar dstadr
|
|
(associated with any given IP version).
|
|
.It Ic lpeers Xo
|
|
.Oo Ic -4 |
|
|
.Ic -6
|
|
.Oc
|
|
.Xc
|
|
Print a peer spreadsheet for the appropriate IP version(s).
|
|
.Ar dstadr
|
|
(associated with any given IP version).
|
|
.It Ic monstats
|
|
Display monitor facility statistics.
|
|
.It Ic mrulist Oo Ic limited | Ic kod | Ic mincount Ns = Ns Ar count | Ic laddr Ns = Ns Ar localaddr | Ic sort Ns = Ns Ar sortorder | Ic resany Ns = Ns Ar hexmask | Ic resall Ns = Ns Ar hexmask Oc
|
|
Obtain and print traffic counts collected and maintained by the monitor facility.
|
|
With the exception of
|
|
.Cm sort Ns = Ns Ar sortorder ,
|
|
the options filter the list returned by
|
|
.Cm ntpd.
|
|
The
|
|
.Cm limited
|
|
and
|
|
.Cm kod
|
|
options return only entries representing client addresses from which the last packet received triggered either discarding or a KoD response.
|
|
The
|
|
.Cm mincount Ns = Ns Ar count
|
|
option filters entries representing less than
|
|
.Ar count
|
|
packets.
|
|
The
|
|
.Cm laddr Ns = Ns Ar localaddr
|
|
option filters entries for packets received on any local address other than
|
|
.Ar localaddr .
|
|
.Cm resany Ns = Ns Ar hexmask
|
|
and
|
|
.Cm resall Ns = Ns Ar hexmask
|
|
filter entries containing none or less than all, respectively, of the bits in
|
|
.Ar hexmask ,
|
|
which must begin with
|
|
.Cm 0x .
|
|
The
|
|
.Ar sortorder
|
|
defaults to
|
|
.Cm lstint
|
|
and may be any of
|
|
.Cm addr ,
|
|
.Cm count ,
|
|
.Cm avgint ,
|
|
.Cm lstint ,
|
|
or any of those preceded by a minus sign (hyphen) to reverse the sort order.
|
|
The output columns are:
|
|
.Bl -tag -width "something" -compact -offset indent
|
|
.It Column
|
|
Description
|
|
.It Ic lstint
|
|
Interval in s between the receipt of the most recent packet from this address and the completion of the retrieval of the MRU list by
|
|
.Nm .
|
|
.It Ic avgint
|
|
Average interval in s between packets from this address.
|
|
.It Ic rstr
|
|
Restriction flags associated with this address.
|
|
Most are copied unchanged from the matching
|
|
.Ic restrict
|
|
command, however 0x400 (kod) and 0x20 (limited) flags are cleared unless the last packet from this address triggered a rate control response.
|
|
.It Ic r
|
|
Rate control indicator, either
|
|
a period,
|
|
.Ic L
|
|
or
|
|
.Ic K
|
|
for no rate control response,
|
|
rate limiting by discarding, or rate limiting with a KoD response, respectively.
|
|
.It Ic m
|
|
Packet mode.
|
|
.It Ic v
|
|
Packet version number.
|
|
.It Ic count
|
|
Packets received from this address.
|
|
.It Ic rport
|
|
Source port of last packet from this address.
|
|
.It Ic remote address
|
|
DNS name, numeric address, or address followed by
|
|
claimed DNS name which could not be verified in parentheses.
|
|
.El
|
|
.It Ic mreadvar assocID assocID Oo Ar variable_name Ns Oo = Ns Ar value Oc Oc ...
|
|
.It Ic mrv assocID assocID Oo Ar variable_name Ns Oo = Ns Ar value Oc Oc ...
|
|
Perform the same function as the
|
|
.Ic readvar
|
|
command, except for a range of association IDs.
|
|
This range is determined from the association list cached by the most recent
|
|
.Ic associations
|
|
command.
|
|
.It Ic opeers Xo
|
|
.Oo Ic -4 |
|
|
.Ic -6
|
|
.Oc
|
|
.Xc
|
|
Obtain and print the old-style list of all peers and clients showing
|
|
.Ar dstadr
|
|
(associated with any given IP version),
|
|
rather than the
|
|
.Ar refid .
|
|
.It Ic passociations
|
|
Perform the same function as the
|
|
.Ic associations
|
|
command,
|
|
except that it uses previously stored data rather than making a new query.
|
|
.It Ic peers
|
|
Display a list of peers in the form:
|
|
.Dl [tally]remote refid st t when pool reach delay offset jitter
|
|
.Bl -tag -width "something" -compact -offset indent
|
|
.It Variable
|
|
Description
|
|
.It Ic [tally]
|
|
single-character code indicating current value of the
|
|
.Ic select
|
|
field of the
|
|
.Lk decode.html#peer "peer status word"
|
|
.It Ic remote
|
|
host name (or IP number) of peer.
|
|
The value displayed will be truncated to 15 characters unless the
|
|
.Fl w
|
|
flag is given, in which case the full value will be displayed
|
|
on the first line,
|
|
and the remaining data is displayed on the next line.
|
|
.It Ic refid
|
|
association ID or
|
|
.Lk decode.html#kiss "'kiss code"
|
|
.It Ic st
|
|
stratum
|
|
.It Ic t
|
|
.Ic u :
|
|
unicast or manycast client,
|
|
.Ic b :
|
|
broadcast or multicast client,
|
|
.Ic l :
|
|
local (reference clock),
|
|
.Ic s :
|
|
symmetric (peer),
|
|
.Ic A :
|
|
manycast server,
|
|
.Ic B :
|
|
broadcast server,
|
|
.Ic M :
|
|
multicast server
|
|
.It Ic when
|
|
sec/min/hr since last received packet
|
|
.It Ic poll
|
|
poll interval (log2 s)
|
|
.It Ic reach
|
|
reach shift register (octal)
|
|
.It Ic delay
|
|
roundtrip delay
|
|
.It Ic offset
|
|
offset of server relative to this host
|
|
.It Ic jitter
|
|
jitter
|
|
.El
|
|
.It Ic apeers
|
|
Display a list of peers in the form:
|
|
.Dl [tally]remote refid assid st t when pool reach delay offset jitter
|
|
where the output is just like the
|
|
.Ic peers
|
|
command except that the
|
|
.Ic refid
|
|
is displayed in hex format and the association number is also displayed.
|
|
.It Ic pstats Ar assocID
|
|
Show the statistics for the peer with the given
|
|
.Ar assocID .
|
|
.It Ic readlist Ar assocID
|
|
.It Ic rl Ar assocID
|
|
Read the system or peer variables included in the variable list.
|
|
.It Ic readvar Ar assocID Ar name Ns Oo Ns = Ns Ar value Oc Oo , ... Oc
|
|
.It Ic rv Ar assocID Ar name Ns Oo Ns = Ns Ar value Oc Oo , ... Oc
|
|
Display the specified variables.
|
|
If
|
|
.Ar assocID
|
|
is zero, the variables are from the
|
|
.Sx System Variables
|
|
name space, otherwise they are from the
|
|
.Sx Peer Variables
|
|
name space.
|
|
The
|
|
.Ar assocID
|
|
is required, as the same name can occur in both spaces.
|
|
If no
|
|
.Ar name
|
|
is included, all operative variables in the name space are displayed.
|
|
|
|
In this case only, if the
|
|
.Ar assocID
|
|
is omitted, it is assumed zero.
|
|
Multiple names are specified with comma separators and without whitespace.
|
|
Note that time values are represented in milliseconds
|
|
and frequency values in parts-per-million (PPM).
|
|
Some NTP timestamps are represented in the format
|
|
YYYYMMDDTTTT ,
|
|
where YYYY is the year,
|
|
MM the month of year,
|
|
DD the day of month and
|
|
TTTT the time of day.
|
|
.It Ic reslist
|
|
Show the access control (restrict) list for
|
|
.Nm .
|
|
|
|
.It Ic saveconfig Ar filename
|
|
Write the current configuration,
|
|
including any runtime modifications given with
|
|
.Ic :config
|
|
or
|
|
.Ic config-from-file ,
|
|
to the ntpd host's file
|
|
.Ar filename .
|
|
This command will be rejected by the server unless
|
|
.Lk miscopt.html#saveconfigdir "saveconfigdir"
|
|
appears in the
|
|
.Ic ntpd
|
|
configuration file.
|
|
.Ar filename
|
|
can use
|
|
.Xr strftime
|
|
format specifies to substitute the current date and time, for example,
|
|
.Ic q]saveconfig ntp-%Y%m%d-%H%M%S.confq] .
|
|
The filename used is stored in system variable
|
|
.Ic savedconfig .
|
|
Authentication is required.
|
|
.It Ic timerstats
|
|
Display interval timer counters.
|
|
.It Ic writelist Ar assocID
|
|
Write the system or peer variables included in the variable list.
|
|
.It Ic writevar Ar assocID Ar name Ns = Ns Ar value Op , ...
|
|
Write the specified variables.
|
|
If the
|
|
.Ar assocID
|
|
is zero, the variables are from the
|
|
.Sx System Variables
|
|
name space, otherwise they are from the
|
|
.Sx Peer Variables
|
|
name space.
|
|
The
|
|
.Ar assocID
|
|
is required, as the same name can occur in both spaces.
|
|
.It Ic sysinfo
|
|
Display operational summary.
|
|
.It Ic sysstats
|
|
Print statistics counters maintained in the protocol module.
|
|
.El
|
|
|
|
.Ss Status Words and Kiss Codes
|
|
|
|
The current state of the operating program is shown
|
|
in a set of status words
|
|
maintained by the system.
|
|
Status information is also available on a per-association basis.
|
|
These words are displayed in the
|
|
.Ic rv
|
|
and
|
|
.Ic as
|
|
commands both in hexadecimal and in decoded short tip strings.
|
|
The codes, tips and short explanations are documented on the
|
|
.Lk decode.html "Event Messages and Status Words"
|
|
page.
|
|
The page also includes a list of system and peer messages,
|
|
the code for the latest of which is included in the status word.
|
|
.Pp
|
|
Information resulting from protocol machine state transitions
|
|
is displayed using an informal set of ASCII strings called
|
|
.Lk decode.html#kiss "kiss codes" .
|
|
The original purpose was for kiss-o'-death (KoD) packets
|
|
sent by the server to advise the client of an unusual condition.
|
|
They are now displayed, when appropriate,
|
|
in the reference identifier field in various billboards.
|
|
|
|
.Ss System Variables
|
|
The following system variables appear in the
|
|
.Ic rv
|
|
billboard.
|
|
Not all variables are displayed in some configurations.
|
|
.Bl -tag -width "something" -compact -offset indent
|
|
.It Variable
|
|
Description
|
|
.It Ic status
|
|
.Lk decode.html#sys "system status word"
|
|
.It Ic version
|
|
NTP software version and build time
|
|
.It Ic processor
|
|
hardware platform and version
|
|
.It Ic system
|
|
operating system and version
|
|
.It Ic leap
|
|
leap warning indicator (0-3)
|
|
.It Ic stratum
|
|
stratum (1-15)
|
|
.It Ic precision
|
|
precision (log2 s)
|
|
.It Ic rootdelay
|
|
total roundtrip delay to the primary reference clock
|
|
.It Ic rootdisp
|
|
total dispersion to the primary reference clock
|
|
.It Ic peer
|
|
system peer association ID
|
|
.It Ic tc
|
|
time constant and poll exponent (log2 s) (3-17)
|
|
.It Ic mintc
|
|
minimum time constant (log2 s) (3-10)
|
|
.It Ic clock
|
|
date and time of day
|
|
.It Ic refid
|
|
reference ID or
|
|
.Lk decode.html#kiss "kiss code"
|
|
.It Ic reftime
|
|
reference time
|
|
.It Ic offset
|
|
combined offset of server relative to this host
|
|
.It Ic sys_jitter
|
|
combined system jitter
|
|
.It Ic frequency
|
|
frequency offset (PPM) relative to hardware clock
|
|
.It Ic clk_wander
|
|
clock frequency wander (PPM)
|
|
.It Ic clk_jitter
|
|
clock jitter
|
|
.It Ic tai
|
|
TAI-UTC offset (s)
|
|
.It Ic leapsec
|
|
NTP seconds when the next leap second is/was inserted
|
|
.It Ic expire
|
|
NTP seconds when the NIST leapseconds file expires
|
|
.El
|
|
The jitter and wander statistics are exponentially-weighted RMS averages.
|
|
The system jitter is defined in the NTPv4 specification;
|
|
the clock jitter statistic is computed by the clock discipline module.
|
|
.Pp
|
|
When the NTPv4 daemon is compiled with the OpenSSL software library,
|
|
additional system variables are displayed,
|
|
including some or all of the following,
|
|
depending on the particular Autokey dance:
|
|
|
|
.Bl -tag -width "something" -compact -offset indent
|
|
.It Variable
|
|
Description
|
|
.It Ic host
|
|
Autokey host name for this host
|
|
.It Ic ident
|
|
Autokey group name for this host
|
|
.It Ic flags
|
|
host flags (see Autokey specification)
|
|
.It Ic digest
|
|
OpenSSL message digest algorithm
|
|
.It Ic signature
|
|
OpenSSL digest/signature scheme
|
|
.It Ic update
|
|
NTP seconds at last signature update
|
|
.It Ic cert
|
|
certificate subject, issuer and certificate flags
|
|
.It Ic until
|
|
NTP seconds when the certificate expires
|
|
.El
|
|
.Ss Peer Variables
|
|
The following peer variables appear in the
|
|
.Ic rv
|
|
billboard for each association.
|
|
Not all variables are displayed in some configurations.
|
|
|
|
.Bl -tag -width "something" -compact -offset indent
|
|
.It Variable
|
|
Description
|
|
.It Ic associd
|
|
association ID
|
|
.It Ic status
|
|
.Lk decode.html#peer "peer status word"
|
|
.It Ic srcadr
|
|
source (remote) IP address
|
|
.It Ic srcport
|
|
source (remote) port
|
|
.It Ic dstadr
|
|
destination (local) IP address
|
|
.It Ic dstport
|
|
destination (local) port
|
|
.It Ic leap
|
|
leap indicator (0-3)
|
|
.It Ic stratum
|
|
stratum (0-15)
|
|
.It Ic precision
|
|
precision (log2 s)
|
|
.It Ic rootdelay
|
|
total roundtrip delay to the primary reference clock
|
|
.It Ic rootdisp
|
|
total root dispersion to the primary reference clock
|
|
.It Ic refid
|
|
reference ID or
|
|
.Lk decode.html#kiss "kiss code"
|
|
.It Ic reftime
|
|
reference time
|
|
.It Ic reach
|
|
reach register (octal)
|
|
.It Ic unreach
|
|
unreach counter
|
|
.It Ic hmode
|
|
host mode (1-6)
|
|
.It Ic pmode
|
|
peer mode (1-5)
|
|
.It Ic hpoll
|
|
host poll exponent (log2 s) (3-17)
|
|
.It Ic ppoll
|
|
peer poll exponent (log2 s) (3-17)
|
|
.It Ic headway
|
|
headway (see
|
|
.Lk rate.html "Rate Management and the Kiss-o'-Death Packet" )
|
|
.It Ic flash
|
|
.Lk decode.html#flash "flash status word"
|
|
.It Ic offset
|
|
filter offset
|
|
.It Ic delay
|
|
filter delay
|
|
.It Ic dispersion
|
|
filter dispersion
|
|
.It Ic jitter
|
|
filter jitter
|
|
.It Ic ident
|
|
Autokey group name for this association
|
|
.It Ic bias
|
|
unicast/broadcast bias
|
|
.It Ic xleave
|
|
interleave delay (see
|
|
.Lk xleave.html "NTP Interleaved Modes" )
|
|
.El
|
|
The
|
|
.Ic bias
|
|
variable is calculated when the first broadcast packet is received
|
|
after the calibration volley.
|
|
It represents the offset of the broadcast subgraph relative to the unicast subgraph.
|
|
The
|
|
.Ic xleave
|
|
variable appears only for the interleaved symmetric and interleaved modes.
|
|
It represents the internal queuing, buffering and transmission delays
|
|
for the preceding packet.
|
|
.Pp
|
|
When the NTPv4 daemon is compiled with the OpenSSL software library,
|
|
additional peer variables are displayed, including the following:
|
|
.Bl -tag -width "something" -compact -offset indent
|
|
.It Variable
|
|
Description
|
|
.It Ic flags
|
|
peer flags (see Autokey specification)
|
|
.It Ic host
|
|
Autokey server name
|
|
.It Ic flags
|
|
peer flags (see Autokey specification)
|
|
.It Ic signature
|
|
OpenSSL digest/signature scheme
|
|
.It Ic initsequence
|
|
initial key ID
|
|
.It Ic initkey
|
|
initial key index
|
|
.It Ic timestamp
|
|
Autokey signature timestamp
|
|
.El
|
|
|
|
.Ss Clock Variables
|
|
The following clock variables appear in the
|
|
.Ic cv
|
|
billboard for each association with a reference clock.
|
|
Not all variables are displayed in some configurations.
|
|
.Bl -tag -width "something" -compact -offset indent
|
|
.It Variable
|
|
Description
|
|
.It Ic associd
|
|
association ID
|
|
.It Ic status
|
|
.Lk decode.html#clock "clock status word"
|
|
.It Ic device
|
|
device description
|
|
.It Ic timecode
|
|
ASCII time code string (specific to device)
|
|
.It Ic poll
|
|
poll messages sent
|
|
.It Ic noreply
|
|
no reply
|
|
.It Ic badformat
|
|
bad format
|
|
.It Ic baddata
|
|
bad date or time
|
|
.It Ic fudgetime1
|
|
fudge time 1
|
|
.It Ic fudgetime2
|
|
fudge time 2
|
|
.It Ic stratum
|
|
driver stratum
|
|
.It Ic refid
|
|
driver reference ID
|
|
.It Ic flags
|
|
driver flags
|
|
.El
|
|
_END_PROG_MDOC_DESCRIP;
|
|
};
|