xref: /freebsd/contrib/ntp/ntpd/ntp.conf.def (revision 1f4bcc459a76b7aa664f3fd557684cd0ba6da352)
1/* -*- Mode: Text -*- */
2
3autogen definitions options;
4
5#include copyright.def
6
7// We want the synopsis to be "/etc/ntp.conf" but we need the prog-name
8// to be ntp.conf - the latter is also how autogen produces the output
9// file name.
10prog-name	= "ntp.conf";
11file-path	= "/etc/ntp.conf";
12prog-title	= "Network Time Protocol (NTP) daemon configuration file format";
13
14/* explain: Additional information whenever the usage routine is invoked */
15explain = <<- _END_EXPLAIN
16	_END_EXPLAIN;
17
18doc-section	= {
19  ds-type	= 'DESCRIPTION';
20  ds-format	= 'mdoc';
21  ds-text	= <<- _END_PROG_MDOC_DESCRIP
22The
23.Nm
24configuration file is read at initial startup by the
25.Xr ntpd 1ntpdmdoc
26daemon in order to specify the synchronization sources,
27modes and other related information.
28Usually, it is installed in the
29.Pa /etc
30directory,
31but could be installed elsewhere
32(see the daemon's
33.Fl c
34command line option).
35.Pp
36The file format is similar to other
37.Ux
38configuration files.
39Comments begin with a
40.Ql #
41character and extend to the end of the line;
42blank lines are ignored.
43Configuration commands consist of an initial keyword
44followed by a list of arguments,
45some of which may be optional, separated by whitespace.
46Commands may not be continued over multiple lines.
47Arguments may be host names,
48host addresses written in numeric, dotted-quad form,
49integers, floating point numbers (when specifying times in seconds)
50and text strings.
51.Pp
52The rest of this page describes the configuration and control options.
53The
54.Qq Notes on Configuring NTP and Setting up an NTP Subnet
55page
56(available as part of the HTML documentation
57provided in
58.Pa /usr/share/doc/ntp )
59contains an extended discussion of these options.
60In addition to the discussion of general
61.Sx Configuration Options ,
62there are sections describing the following supported functionality
63and the options used to control it:
64.Bl -bullet -offset indent
65.It
66.Sx Authentication Support
67.It
68.Sx Monitoring Support
69.It
70.Sx Access Control Support
71.It
72.Sx Automatic NTP Configuration Options
73.It
74.Sx Reference Clock Support
75.It
76.Sx Miscellaneous Options
77.El
78.Pp
79Following these is a section describing
80.Sx Miscellaneous Options .
81While there is a rich set of options available,
82the only required option is one or more
83.Ic pool ,
84.Ic server ,
85.Ic peer ,
86.Ic broadcast
87or
88.Ic manycastclient
89commands.
90.Sh Configuration Support
91Following is a description of the configuration commands in
92NTPv4.
93These commands have the same basic functions as in NTPv3 and
94in some cases new functions and new arguments.
95There are two
96classes of commands, configuration commands that configure a
97persistent association with a remote server or peer or reference
98clock, and auxiliary commands that specify environmental variables
99that control various related operations.
100.Ss Configuration Commands
101The various modes are determined by the command keyword and the
102type of the required IP address.
103Addresses are classed by type as
104(s) a remote server or peer (IPv4 class A, B and C), (b) the
105broadcast address of a local interface, (m) a multicast address (IPv4
106class D), or (r) a reference clock address (127.127.x.x).
107Note that
108only those options applicable to each command are listed below.
109Use
110of options not listed may not be caught as an error, but may result
111in some weird and even destructive behavior.
112.Pp
113If the Basic Socket Interface Extensions for IPv6 (RFC-2553)
114is detected, support for the IPv6 address family is generated
115in addition to the default support of the IPv4 address family.
116In a few cases, including the reslist billboard generated
117by ntpdc, IPv6 addresses are automatically generated.
118IPv6 addresses can be identified by the presence of colons
119.Dq \&:
120in the address field.
121IPv6 addresses can be used almost everywhere where
122IPv4 addresses can be used,
123with the exception of reference clock addresses,
124which are always IPv4.
125.Pp
126Note that in contexts where a host name is expected, a
127.Fl 4
128qualifier preceding
129the host name forces DNS resolution to the IPv4 namespace,
130while a
131.Fl 6
132qualifier forces DNS resolution to the IPv6 namespace.
133See IPv6 references for the
134equivalent classes for that address family.
135.Bl -tag -width indent
136.It Xo Ic pool Ar address
137.Op Cm burst
138.Op Cm iburst
139.Op Cm version Ar version
140.Op Cm prefer
141.Op Cm minpoll Ar minpoll
142.Op Cm maxpoll Ar maxpoll
143.Xc
144.It Xo Ic server Ar address
145.Op Cm key Ar key \&| Cm autokey
146.Op Cm burst
147.Op Cm iburst
148.Op Cm version Ar version
149.Op Cm prefer
150.Op Cm minpoll Ar minpoll
151.Op Cm maxpoll Ar maxpoll
152.Xc
153.It Xo Ic peer Ar address
154.Op Cm key Ar key \&| Cm autokey
155.Op Cm version Ar version
156.Op Cm prefer
157.Op Cm minpoll Ar minpoll
158.Op Cm maxpoll Ar maxpoll
159.Xc
160.It Xo Ic broadcast Ar address
161.Op Cm key Ar key \&| Cm autokey
162.Op Cm version Ar version
163.Op Cm prefer
164.Op Cm minpoll Ar minpoll
165.Op Cm ttl Ar ttl
166.Xc
167.It Xo Ic manycastclient Ar address
168.Op Cm key Ar key \&| Cm autokey
169.Op Cm version Ar version
170.Op Cm prefer
171.Op Cm minpoll Ar minpoll
172.Op Cm maxpoll Ar maxpoll
173.Op Cm ttl Ar ttl
174.Xc
175.El
176.Pp
177These five commands specify the time server name or address to
178be used and the mode in which to operate.
179The
180.Ar address
181can be
182either a DNS name or an IP address in dotted-quad notation.
183Additional information on association behavior can be found in the
184.Qq Association Management
185page
186(available as part of the HTML documentation
187provided in
188.Pa /usr/share/doc/ntp ) .
189.Bl -tag -width indent
190.It Ic pool
191For type s addresses, this command mobilizes a persistent
192client mode association with a number of remote servers.
193In this mode the local clock can synchronized to the
194remote server, but the remote server can never be synchronized to
195the local clock.
196.It Ic server
197For type s and r addresses, this command mobilizes a persistent
198client mode association with the specified remote server or local
199radio clock.
200In this mode the local clock can synchronized to the
201remote server, but the remote server can never be synchronized to
202the local clock.
203This command should
204.Em not
205be used for type
206b or m addresses.
207.It Ic peer
208For type s addresses (only), this command mobilizes a
209persistent symmetric-active mode association with the specified
210remote peer.
211In this mode the local clock can be synchronized to
212the remote peer or the remote peer can be synchronized to the local
213clock.
214This is useful in a network of servers where, depending on
215various failure scenarios, either the local or remote peer may be
216the better source of time.
217This command should NOT be used for type
218b, m or r addresses.
219.It Ic broadcast
220For type b and m addresses (only), this
221command mobilizes a persistent broadcast mode association.
222Multiple
223commands can be used to specify multiple local broadcast interfaces
224(subnets) and/or multiple multicast groups.
225Note that local
226broadcast messages go only to the interface associated with the
227subnet specified, but multicast messages go to all interfaces.
228In broadcast mode the local server sends periodic broadcast
229messages to a client population at the
230.Ar address
231specified, which is usually the broadcast address on (one of) the
232local network(s) or a multicast address assigned to NTP.
233The IANA
234has assigned the multicast group address IPv4 224.0.1.1 and
235IPv6 ff05::101 (site local) exclusively to
236NTP, but other nonconflicting addresses can be used to contain the
237messages within administrative boundaries.
238Ordinarily, this
239specification applies only to the local server operating as a
240sender; for operation as a broadcast client, see the
241.Ic broadcastclient
242or
243.Ic multicastclient
244commands
245below.
246.It Ic manycastclient
247For type m addresses (only), this command mobilizes a
248manycast client mode association for the multicast address
249specified.
250In this case a specific address must be supplied which
251matches the address used on the
252.Ic manycastserver
253command for
254the designated manycast servers.
255The NTP multicast address
256224.0.1.1 assigned by the IANA should NOT be used, unless specific
257means are taken to avoid spraying large areas of the Internet with
258these messages and causing a possibly massive implosion of replies
259at the sender.
260The
261.Ic manycastserver
262command specifies that the local server
263is to operate in client mode with the remote servers that are
264discovered as the result of broadcast/multicast messages.
265The
266client broadcasts a request message to the group address associated
267with the specified
268.Ar address
269and specifically enabled
270servers respond to these messages.
271The client selects the servers
272providing the best time and continues as with the
273.Ic server
274command.
275The remaining servers are discarded as if never
276heard.
277.El
278.Pp
279Options:
280.Bl -tag -width indent
281.It Cm autokey
282All packets sent to and received from the server or peer are to
283include authentication fields encrypted using the autokey scheme
284described in
285.Sx Authentication Options .
286.It Cm burst
287when the server is reachable, send a burst of eight packets
288instead of the usual one.
289The packet spacing is normally 2 s;
290however, the spacing between the first and second packets
291can be changed with the calldelay command to allow
292additional time for a modem or ISDN call to complete.
293This is designed to improve timekeeping quality
294with the
295.Ic server
296command and s addresses.
297.It Cm iburst
298When the server is unreachable, send a burst of eight packets
299instead of the usual one.
300The packet spacing is normally 2 s;
301however, the spacing between the first two packets can be
302changed with the calldelay command to allow
303additional time for a modem or ISDN call to complete.
304This is designed to speed the initial synchronization
305acquisition with the
306.Ic server
307command and s addresses and when
308.Xr ntpd 1ntpdmdoc
309is started with the
310.Fl q
311option.
312.It Cm key Ar key
313All packets sent to and received from the server or peer are to
314include authentication fields encrypted using the specified
315.Ar key
316identifier with values from 1 to 65534, inclusive.
317The
318default is to include no encryption field.
319.It Cm minpoll Ar minpoll
320.It Cm maxpoll Ar maxpoll
321These options specify the minimum and maximum poll intervals
322for NTP messages, as a power of 2 in seconds
323The maximum poll
324interval defaults to 10 (1,024 s), but can be increased by the
325.Cm maxpoll
326option to an upper limit of 17 (36.4 h).
327The
328minimum poll interval defaults to 6 (64 s), but can be decreased by
329the
330.Cm minpoll
331option to a lower limit of 4 (16 s).
332.It Cm noselect
333Marks the server as unused, except for display purposes.
334The server is discarded by the selection algroithm.
335.It Cm prefer
336Marks the server as preferred.
337All other things being equal,
338this host will be chosen for synchronization among a set of
339correctly operating hosts.
340See the
341.Qq Mitigation Rules and the prefer Keyword
342page
343(available as part of the HTML documentation
344provided in
345.Pa /usr/share/doc/ntp )
346for further information.
347.It Cm ttl Ar ttl
348This option is used only with broadcast server and manycast
349client modes.
350It specifies the time-to-live
351.Ar ttl
352to
353use on broadcast server and multicast server and the maximum
354.Ar ttl
355for the expanding ring search with manycast
356client packets.
357Selection of the proper value, which defaults to
358127, is something of a black art and should be coordinated with the
359network administrator.
360.It Cm version Ar version
361Specifies the version number to be used for outgoing NTP
362packets.
363Versions 1-4 are the choices, with version 4 the
364default.
365.El
366.Ss Auxiliary Commands
367.Bl -tag -width indent
368.It Ic broadcastclient
369This command enables reception of broadcast server messages to
370any local interface (type b) address.
371Upon receiving a message for
372the first time, the broadcast client measures the nominal server
373propagation delay using a brief client/server exchange with the
374server, then enters the broadcast client mode, in which it
375synchronizes to succeeding broadcast messages.
376Note that, in order
377to avoid accidental or malicious disruption in this mode, both the
378server and client should operate using symmetric-key or public-key
379authentication as described in
380.Sx Authentication Options .
381.It Ic manycastserver Ar address ...
382This command enables reception of manycast client messages to
383the multicast group address(es) (type m) specified.
384At least one
385address is required, but the NTP multicast address 224.0.1.1
386assigned by the IANA should NOT be used, unless specific means are
387taken to limit the span of the reply and avoid a possibly massive
388implosion at the original sender.
389Note that, in order to avoid
390accidental or malicious disruption in this mode, both the server
391and client should operate using symmetric-key or public-key
392authentication as described in
393.Sx Authentication Options .
394.It Ic multicastclient Ar address ...
395This command enables reception of multicast server messages to
396the multicast group address(es) (type m) specified.
397Upon receiving
398a message for the first time, the multicast client measures the
399nominal server propagation delay using a brief client/server
400exchange with the server, then enters the broadcast client mode, in
401which it synchronizes to succeeding multicast messages.
402Note that,
403in order to avoid accidental or malicious disruption in this mode,
404both the server and client should operate using symmetric-key or
405public-key authentication as described in
406.Sx Authentication Options .
407.It Ic mdnstries Ar number
408If we are participating in mDNS,
409after we have synched for the first time
410we attempt to register with the mDNS system.
411If that registration attempt fails,
412we try again at one minute intervals for up to
413.Ic mdnstries
414times.
415After all,
416.Ic ntpd
417may be starting before mDNS.
418The default value for
419.Ic mdnstries
420is 5.
421.El
422.Sh Authentication Support
423Authentication support allows the NTP client to verify that the
424server is in fact known and trusted and not an intruder intending
425accidentally or on purpose to masquerade as that server.
426The NTPv3
427specification RFC-1305 defines a scheme which provides
428cryptographic authentication of received NTP packets.
429Originally,
430this was done using the Data Encryption Standard (DES) algorithm
431operating in Cipher Block Chaining (CBC) mode, commonly called
432DES-CBC.
433Subsequently, this was replaced by the RSA Message Digest
4345 (MD5) algorithm using a private key, commonly called keyed-MD5.
435Either algorithm computes a message digest, or one-way hash, which
436can be used to verify the server has the correct private key and
437key identifier.
438.Pp
439NTPv4 retains the NTPv3 scheme, properly described as symmetric key
440cryptography and, in addition, provides a new Autokey scheme
441based on public key cryptography.
442Public key cryptography is generally considered more secure
443than symmetric key cryptography, since the security is based
444on a private value which is generated by each server and
445never revealed.
446With Autokey all key distribution and
447management functions involve only public values, which
448considerably simplifies key distribution and storage.
449Public key management is based on X.509 certificates,
450which can be provided by commercial services or
451produced by utility programs in the OpenSSL software library
452or the NTPv4 distribution.
453.Pp
454While the algorithms for symmetric key cryptography are
455included in the NTPv4 distribution, public key cryptography
456requires the OpenSSL software library to be installed
457before building the NTP distribution.
458Directions for doing that
459are on the Building and Installing the Distribution page.
460.Pp
461Authentication is configured separately for each association
462using the
463.Cm key
464or
465.Cm autokey
466subcommand on the
467.Ic peer ,
468.Ic server ,
469.Ic broadcast
470and
471.Ic manycastclient
472configuration commands as described in
473.Sx Configuration Options
474page.
475The authentication
476options described below specify the locations of the key files,
477if other than default, which symmetric keys are trusted
478and the interval between various operations, if other than default.
479.Pp
480Authentication is always enabled,
481although ineffective if not configured as
482described below.
483If a NTP packet arrives
484including a message authentication
485code (MAC), it is accepted only if it
486passes all cryptographic checks.
487The
488checks require correct key ID, key value
489and message digest.
490If the packet has
491been modified in any way or replayed
492by an intruder, it will fail one or more
493of these checks and be discarded.
494Furthermore, the Autokey scheme requires a
495preliminary protocol exchange to obtain
496the server certificate, verify its
497credentials and initialize the protocol
498.Pp
499The
500.Cm auth
501flag controls whether new associations or
502remote configuration commands require cryptographic authentication.
503This flag can be set or reset by the
504.Ic enable
505and
506.Ic disable
507commands and also by remote
508configuration commands sent by a
509.Xr ntpdc 1ntpdcmdoc
510program running in
511another machine.
512If this flag is enabled, which is the default
513case, new broadcast client and symmetric passive associations and
514remote configuration commands must be cryptographically
515authenticated using either symmetric key or public key cryptography.
516If this
517flag is disabled, these operations are effective
518even if not cryptographic
519authenticated.
520It should be understood
521that operating with the
522.Ic auth
523flag disabled invites a significant vulnerability
524where a rogue hacker can
525masquerade as a falseticker and seriously
526disrupt system timekeeping.
527It is
528important to note that this flag has no purpose
529other than to allow or disallow
530a new association in response to new broadcast
531and symmetric active messages
532and remote configuration commands and, in particular,
533the flag has no effect on
534the authentication process itself.
535.Pp
536An attractive alternative where multicast support is available
537is manycast mode, in which clients periodically troll
538for servers as described in the
539.Sx Automatic NTP Configuration Options
540page.
541Either symmetric key or public key
542cryptographic authentication can be used in this mode.
543The principle advantage
544of manycast mode is that potential servers need not be
545configured in advance,
546since the client finds them during regular operation,
547and the configuration
548files for all clients can be identical.
549.Pp
550The security model and protocol schemes for
551both symmetric key and public key
552cryptography are summarized below;
553further details are in the briefings, papers
554and reports at the NTP project page linked from
555.Li http://www.ntp.org/ .
556.Ss Symmetric-Key Cryptography
557The original RFC-1305 specification allows any one of possibly
55865,534 keys, each distinguished by a 32-bit key identifier, to
559authenticate an association.
560The servers and clients involved must
561agree on the key and key identifier to
562authenticate NTP packets.
563Keys and
564related information are specified in a key
565file, usually called
566.Pa ntp.keys ,
567which must be distributed and stored using
568secure means beyond the scope of the NTP protocol itself.
569Besides the keys used
570for ordinary NTP associations,
571additional keys can be used as passwords for the
572.Xr ntpq 1ntpqmdoc
573and
574.Xr ntpdc 1ntpdcmdoc
575utility programs.
576.Pp
577When
578.Xr ntpd 1ntpdmdoc
579is first started, it reads the key file specified in the
580.Ic keys
581configuration command and installs the keys
582in the key cache.
583However,
584individual keys must be activated with the
585.Ic trusted
586command before use.
587This
588allows, for instance, the installation of possibly
589several batches of keys and
590then activating or deactivating each batch
591remotely using
592.Xr ntpdc 1ntpdcmdoc .
593This also provides a revocation capability that can be used
594if a key becomes compromised.
595The
596.Ic requestkey
597command selects the key used as the password for the
598.Xr ntpdc 1ntpdcmdoc
599utility, while the
600.Ic controlkey
601command selects the key used as the password for the
602.Xr ntpq 1ntpqmdoc
603utility.
604.Ss Public Key Cryptography
605NTPv4 supports the original NTPv3 symmetric key scheme
606described in RFC-1305 and in addition the Autokey protocol,
607which is based on public key cryptography.
608The Autokey Version 2 protocol described on the Autokey Protocol
609page verifies packet integrity using MD5 message digests
610and verifies the source with digital signatures and any of several
611digest/signature schemes.
612Optional identity schemes described on the Identity Schemes
613page and based on cryptographic challenge/response algorithms
614are also available.
615Using all of these schemes provides strong security against
616replay with or without modification, spoofing, masquerade
617and most forms of clogging attacks.
618.\" .Pp
619.\" The cryptographic means necessary for all Autokey operations
620.\" is provided by the OpenSSL software library.
621.\" This library is available from http://www.openssl.org/
622.\" and can be installed using the procedures outlined
623.\" in the Building and Installing the Distribution page.
624.\" Once installed,
625.\" the configure and build
626.\" process automatically detects the library and links
627.\" the library routines required.
628.Pp
629The Autokey protocol has several modes of operation
630corresponding to the various NTP modes supported.
631Most modes use a special cookie which can be
632computed independently by the client and server,
633but encrypted in transmission.
634All modes use in addition a variant of the S-KEY scheme,
635in which a pseudo-random key list is generated and used
636in reverse order.
637These schemes are described along with an executive summary,
638current status, briefing slides and reading list on the
639.Sx Autonomous Authentication
640page.
641.Pp
642The specific cryptographic environment used by Autokey servers
643and clients is determined by a set of files
644and soft links generated by the
645.Xr ntp-keygen 1ntpkeygenmdoc
646program.
647This includes a required host key file,
648required certificate file and optional sign key file,
649leapsecond file and identity scheme files.
650The
651digest/signature scheme is specified in the X.509 certificate
652along with the matching sign key.
653There are several schemes
654available in the OpenSSL software library, each identified
655by a specific string such as
656.Cm md5WithRSAEncryption ,
657which stands for the MD5 message digest with RSA
658encryption scheme.
659The current NTP distribution supports
660all the schemes in the OpenSSL library, including
661those based on RSA and DSA digital signatures.
662.Pp
663NTP secure groups can be used to define cryptographic compartments
664and security hierarchies.
665It is important that every host
666in the group be able to construct a certificate trail to one
667or more trusted hosts in the same group.
668Each group
669host runs the Autokey protocol to obtain the certificates
670for all hosts along the trail to one or more trusted hosts.
671This requires the configuration file in all hosts to be
672engineered so that, even under anticipated failure conditions,
673the NTP subnet will form such that every group host can find
674a trail to at least one trusted host.
675.Ss Naming and Addressing
676It is important to note that Autokey does not use DNS to
677resolve addresses, since DNS can't be completely trusted
678until the name servers have synchronized clocks.
679The cryptographic name used by Autokey to bind the host identity
680credentials and cryptographic values must be independent
681of interface, network and any other naming convention.
682The name appears in the host certificate in either or both
683the subject and issuer fields, so protection against
684DNS compromise is essential.
685.Pp
686By convention, the name of an Autokey host is the name returned
687by the Unix
688.Xr gethostname 2
689system call or equivalent in other systems.
690By the system design
691model, there are no provisions to allow alternate names or aliases.
692However, this is not to say that DNS aliases, different names
693for each interface, etc., are constrained in any way.
694.Pp
695It is also important to note that Autokey verifies authenticity
696using the host name, network address and public keys,
697all of which are bound together by the protocol specifically
698to deflect masquerade attacks.
699For this reason Autokey
700includes the source and destinatino IP addresses in message digest
701computations and so the same addresses must be available
702at both the server and client.
703For this reason operation
704with network address translation schemes is not possible.
705This reflects the intended robust security model where government
706and corporate NTP servers are operated outside firewall perimeters.
707.Ss Operation
708A specific combination of authentication scheme (none,
709symmetric key, public key) and identity scheme is called
710a cryptotype, although not all combinations are compatible.
711There may be management configurations where the clients,
712servers and peers may not all support the same cryptotypes.
713A secure NTPv4 subnet can be configured in many ways while
714keeping in mind the principles explained above and
715in this section.
716Note however that some cryptotype
717combinations may successfully interoperate with each other,
718but may not represent good security practice.
719.Pp
720The cryptotype of an association is determined at the time
721of mobilization, either at configuration time or some time
722later when a message of appropriate cryptotype arrives.
723When mobilized by a
724.Ic server
725or
726.Ic peer
727configuration command and no
728.Ic key
729or
730.Ic autokey
731subcommands are present, the association is not
732authenticated; if the
733.Ic key
734subcommand is present, the association is authenticated
735using the symmetric key ID specified; if the
736.Ic autokey
737subcommand is present, the association is authenticated
738using Autokey.
739.Pp
740When multiple identity schemes are supported in the Autokey
741protocol, the first message exchange determines which one is used.
742The client request message contains bits corresponding
743to which schemes it has available.
744The server response message
745contains bits corresponding to which schemes it has available.
746Both server and client match the received bits with their own
747and select a common scheme.
748.Pp
749Following the principle that time is a public value,
750a server responds to any client packet that matches
751its cryptotype capabilities.
752Thus, a server receiving
753an unauthenticated packet will respond with an unauthenticated
754packet, while the same server receiving a packet of a cryptotype
755it supports will respond with packets of that cryptotype.
756However, unconfigured broadcast or manycast client
757associations or symmetric passive associations will not be
758mobilized unless the server supports a cryptotype compatible
759with the first packet received.
760By default, unauthenticated associations will not be mobilized
761unless overridden in a decidedly dangerous way.
762.Pp
763Some examples may help to reduce confusion.
764Client Alice has no specific cryptotype selected.
765Server Bob has both a symmetric key file and minimal Autokey files.
766Alice's unauthenticated messages arrive at Bob, who replies with
767unauthenticated messages.
768Cathy has a copy of Bob's symmetric
769key file and has selected key ID 4 in messages to Bob.
770Bob verifies the message with his key ID 4.
771If it's the
772same key and the message is verified, Bob sends Cathy a reply
773authenticated with that key.
774If verification fails,
775Bob sends Cathy a thing called a crypto-NAK, which tells her
776something broke.
777She can see the evidence using the
778.Xr ntpq 1ntpqmdoc
779program.
780.Pp
781Denise has rolled her own host key and certificate.
782She also uses one of the identity schemes as Bob.
783She sends the first Autokey message to Bob and they
784both dance the protocol authentication and identity steps.
785If all comes out okay, Denise and Bob continue as described above.
786.Pp
787It should be clear from the above that Bob can support
788all the girls at the same time, as long as he has compatible
789authentication and identity credentials.
790Now, Bob can act just like the girls in his own choice of servers;
791he can run multiple configured associations with multiple different
792servers (or the same server, although that might not be useful).
793But, wise security policy might preclude some cryptotype
794combinations; for instance, running an identity scheme
795with one server and no authentication with another might not be wise.
796.Ss Key Management
797The cryptographic values used by the Autokey protocol are
798incorporated as a set of files generated by the
799.Xr ntp-keygen 1ntpkeygenmdoc
800utility program, including symmetric key, host key and
801public certificate files, as well as sign key, identity parameters
802and leapseconds files.
803Alternatively, host and sign keys and
804certificate files can be generated by the OpenSSL utilities
805and certificates can be imported from public certificate
806authorities.
807Note that symmetric keys are necessary for the
808.Xr ntpq 1ntpqmdoc
809and
810.Xr ntpdc 1ntpdcmdoc
811utility programs.
812The remaining files are necessary only for the
813Autokey protocol.
814.Pp
815Certificates imported from OpenSSL or public certificate
816authorities have certian limitations.
817The certificate should be in ASN.1 syntax, X.509 Version 3
818format and encoded in PEM, which is the same format
819used by OpenSSL.
820The overall length of the certificate encoded
821in ASN.1 must not exceed 1024 bytes.
822The subject distinguished
823name field (CN) is the fully qualified name of the host
824on which it is used; the remaining subject fields are ignored.
825The certificate extension fields must not contain either
826a subject key identifier or a issuer key identifier field;
827however, an extended key usage field for a trusted host must
828contain the value
829.Cm trustRoot ; .
830Other extension fields are ignored.
831.Ss Authentication Commands
832.Bl -tag -width indent
833.It Ic autokey Op Ar logsec
834Specifies the interval between regenerations of the session key
835list used with the Autokey protocol.
836Note that the size of the key
837list for each association depends on this interval and the current
838poll interval.
839The default value is 12 (4096 s or about 1.1 hours).
840For poll intervals above the specified interval, a session key list
841with a single entry will be regenerated for every message
842sent.
843.It Ic controlkey Ar key
844Specifies the key identifier to use with the
845.Xr ntpq 1ntpqmdoc
846utility, which uses the standard
847protocol defined in RFC-1305.
848The
849.Ar key
850argument is
851the key identifier for a trusted key, where the value can be in the
852range 1 to 65,534, inclusive.
853.It Xo Ic crypto
854.Op Cm cert Ar file
855.Op Cm leap Ar file
856.Op Cm randfile Ar file
857.Op Cm host Ar file
858.Op Cm sign Ar file
859.Op Cm gq Ar file
860.Op Cm gqpar Ar file
861.Op Cm iffpar Ar file
862.Op Cm mvpar Ar file
863.Op Cm pw Ar password
864.Xc
865This command requires the OpenSSL library.
866It activates public key
867cryptography, selects the message digest and signature
868encryption scheme and loads the required private and public
869values described above.
870If one or more files are left unspecified,
871the default names are used as described above.
872Unless the complete path and name of the file are specified, the
873location of a file is relative to the keys directory specified
874in the
875.Ic keysdir
876command or default
877.Pa /usr/local/etc .
878Following are the subcommands:
879.Bl -tag -width indent
880.It Cm cert Ar file
881Specifies the location of the required host public certificate file.
882This overrides the link
883.Pa ntpkey_cert_ Ns Ar hostname
884in the keys directory.
885.It Cm gqpar Ar file
886Specifies the location of the optional GQ parameters file.
887This
888overrides the link
889.Pa ntpkey_gq_ Ns Ar hostname
890in the keys directory.
891.It Cm host Ar file
892Specifies the location of the required host key file.
893This overrides
894the link
895.Pa ntpkey_key_ Ns Ar hostname
896in the keys directory.
897.It Cm iffpar Ar file
898Specifies the location of the optional IFF parameters file.This
899overrides the link
900.Pa ntpkey_iff_ Ns Ar hostname
901in the keys directory.
902.It Cm leap Ar file
903Specifies the location of the optional leapsecond file.
904This overrides the link
905.Pa ntpkey_leap
906in the keys directory.
907.It Cm mvpar Ar file
908Specifies the location of the optional MV parameters file.
909This
910overrides the link
911.Pa ntpkey_mv_ Ns Ar hostname
912in the keys directory.
913.It Cm pw Ar password
914Specifies the password to decrypt files containing private keys and
915identity parameters.
916This is required only if these files have been
917encrypted.
918.It Cm randfile Ar file
919Specifies the location of the random seed file used by the OpenSSL
920library.
921The defaults are described in the main text above.
922.It Cm sign Ar file
923Specifies the location of the optional sign key file.
924This overrides
925the link
926.Pa ntpkey_sign_ Ns Ar hostname
927in the keys directory.
928If this file is
929not found, the host key is also the sign key.
930.El
931.It Ic keys Ar keyfile
932Specifies the complete path and location of the MD5 key file
933containing the keys and key identifiers used by
934.Xr ntpd 1ntpdmdoc ,
935.Xr ntpq 1ntpqmdoc
936and
937.Xr ntpdc 1ntpdcmdoc
938when operating with symmetric key cryptography.
939This is the same operation as the
940.Fl k
941command line option.
942.It Ic keysdir Ar path
943This command specifies the default directory path for
944cryptographic keys, parameters and certificates.
945The default is
946.Pa /usr/local/etc/ .
947.It Ic requestkey Ar key
948Specifies the key identifier to use with the
949.Xr ntpdc 1ntpdcmdoc
950utility program, which uses a
951proprietary protocol specific to this implementation of
952.Xr ntpd 1ntpdmdoc .
953The
954.Ar key
955argument is a key identifier
956for the trusted key, where the value can be in the range 1 to
95765,534, inclusive.
958.It Ic revoke Ar logsec
959Specifies the interval between re-randomization of certain
960cryptographic values used by the Autokey scheme, as a power of 2 in
961seconds.
962These values need to be updated frequently in order to
963deflect brute-force attacks on the algorithms of the scheme;
964however, updating some values is a relatively expensive operation.
965The default interval is 16 (65,536 s or about 18 hours).
966For poll
967intervals above the specified interval, the values will be updated
968for every message sent.
969.It Ic trustedkey Ar key ...
970Specifies the key identifiers which are trusted for the
971purposes of authenticating peers with symmetric key cryptography,
972as well as keys used by the
973.Xr ntpq 1ntpqmdoc
974and
975.Xr ntpdc 1ntpdcmdoc
976programs.
977The authentication procedures require that both the local
978and remote servers share the same key and key identifier for this
979purpose, although different keys can be used with different
980servers.
981The
982.Ar key
983arguments are 32-bit unsigned
984integers with values from 1 to 65,534.
985.El
986.Ss Error Codes
987The following error codes are reported via the NTP control
988and monitoring protocol trap mechanism.
989.Bl -tag -width indent
990.It 101
991.Pq bad field format or length
992The packet has invalid version, length or format.
993.It 102
994.Pq bad timestamp
995The packet timestamp is the same or older than the most recent received.
996This could be due to a replay or a server clock time step.
997.It 103
998.Pq bad filestamp
999The packet filestamp is the same or older than the most recent received.
1000This could be due to a replay or a key file generation error.
1001.It 104
1002.Pq bad or missing public key
1003The public key is missing, has incorrect format or is an unsupported type.
1004.It 105
1005.Pq unsupported digest type
1006The server requires an unsupported digest/signature scheme.
1007.It 106
1008.Pq mismatched digest types
1009Not used.
1010.It 107
1011.Pq bad signature length
1012The signature length does not match the current public key.
1013.It 108
1014.Pq signature not verified
1015The message fails the signature check.
1016It could be bogus or signed by a
1017different private key.
1018.It 109
1019.Pq certificate not verified
1020The certificate is invalid or signed with the wrong key.
1021.It 110
1022.Pq certificate not verified
1023The certificate is not yet valid or has expired or the signature could not
1024be verified.
1025.It 111
1026.Pq bad or missing cookie
1027The cookie is missing, corrupted or bogus.
1028.It 112
1029.Pq bad or missing leapseconds table
1030The leapseconds table is missing, corrupted or bogus.
1031.It 113
1032.Pq bad or missing certificate
1033The certificate is missing, corrupted or bogus.
1034.It 114
1035.Pq bad or missing identity
1036The identity key is missing, corrupt or bogus.
1037.El
1038.Sh Monitoring Support
1039.Xr ntpd 1ntpdmdoc
1040includes a comprehensive monitoring facility suitable
1041for continuous, long term recording of server and client
1042timekeeping performance.
1043See the
1044.Ic statistics
1045command below
1046for a listing and example of each type of statistics currently
1047supported.
1048Statistic files are managed using file generation sets
1049and scripts in the
1050.Pa ./scripts
1051directory of this distribution.
1052Using
1053these facilities and
1054.Ux
1055.Xr cron 8
1056jobs, the data can be
1057automatically summarized and archived for retrospective analysis.
1058.Ss Monitoring Commands
1059.Bl -tag -width indent
1060.It Ic statistics Ar name ...
1061Enables writing of statistics records.
1062Currently, eight kinds of
1063.Ar name
1064statistics are supported.
1065.Bl -tag -width indent
1066.It Cm clockstats
1067Enables recording of clock driver statistics information.
1068Each update
1069received from a clock driver appends a line of the following form to
1070the file generation set named
1071.Cm clockstats :
1072.Bd -literal
107349213 525.624 127.127.4.1 93 226 00:08:29.606 D
1074.Ed
1075.Pp
1076The first two fields show the date (Modified Julian Day) and time
1077(seconds and fraction past UTC midnight).
1078The next field shows the
1079clock address in dotted-quad notation.
1080The final field shows the last
1081timecode received from the clock in decoded ASCII format, where
1082meaningful.
1083In some clock drivers a good deal of additional information
1084can be gathered and displayed as well.
1085See information specific to each
1086clock for further details.
1087.It Cm cryptostats
1088This option requires the OpenSSL cryptographic software library.
1089It
1090enables recording of cryptographic public key protocol information.
1091Each message received by the protocol module appends a line of the
1092following form to the file generation set named
1093.Cm cryptostats :
1094.Bd -literal
109549213 525.624 127.127.4.1 message
1096.Ed
1097.Pp
1098The first two fields show the date (Modified Julian Day) and time
1099(seconds and fraction past UTC midnight).
1100The next field shows the peer
1101address in dotted-quad notation, The final message field includes the
1102message type and certain ancillary information.
1103See the
1104.Sx Authentication Options
1105section for further information.
1106.It Cm loopstats
1107Enables recording of loop filter statistics information.
1108Each
1109update of the local clock outputs a line of the following form to
1110the file generation set named
1111.Cm loopstats :
1112.Bd -literal
111350935 75440.031 0.000006019 13.778190 0.000351733 0.0133806
1114.Ed
1115.Pp
1116The first two fields show the date (Modified Julian Day) and
1117time (seconds and fraction past UTC midnight).
1118The next five fields
1119show time offset (seconds), frequency offset (parts per million -
1120PPM), RMS jitter (seconds), Allan deviation (PPM) and clock
1121discipline time constant.
1122.It Cm peerstats
1123Enables recording of peer statistics information.
1124This includes
1125statistics records of all peers of a NTP server and of special
1126signals, where present and configured.
1127Each valid update appends a
1128line of the following form to the current element of a file
1129generation set named
1130.Cm peerstats :
1131.Bd -literal
113248773 10847.650 127.127.4.1 9714 -0.001605376 0.000000000 0.001424877 0.000958674
1133.Ed
1134.Pp
1135The first two fields show the date (Modified Julian Day) and
1136time (seconds and fraction past UTC midnight).
1137The next two fields
1138show the peer address in dotted-quad notation and status,
1139respectively.
1140The status field is encoded in hex in the format
1141described in Appendix A of the NTP specification RFC 1305.
1142The final four fields show the offset,
1143delay, dispersion and RMS jitter, all in seconds.
1144.It Cm rawstats
1145Enables recording of raw-timestamp statistics information.
1146This
1147includes statistics records of all peers of a NTP server and of
1148special signals, where present and configured.
1149Each NTP message
1150received from a peer or clock driver appends a line of the
1151following form to the file generation set named
1152.Cm rawstats :
1153.Bd -literal
115450928 2132.543 128.4.1.1 128.4.1.20 3102453281.584327000 3102453281.58622800031 02453332.540806000 3102453332.541458000
1155.Ed
1156.Pp
1157The first two fields show the date (Modified Julian Day) and
1158time (seconds and fraction past UTC midnight).
1159The next two fields
1160show the remote peer or clock address followed by the local address
1161in dotted-quad notation.
1162The final four fields show the originate,
1163receive, transmit and final NTP timestamps in order.
1164The timestamp
1165values are as received and before processing by the various data
1166smoothing and mitigation algorithms.
1167.It Cm sysstats
1168Enables recording of ntpd statistics counters on a periodic basis.
1169Each
1170hour a line of the following form is appended to the file generation
1171set named
1172.Cm sysstats :
1173.Bd -literal
117450928 2132.543 36000 81965 0 9546 56 71793 512 540 10 147
1175.Ed
1176.Pp
1177The first two fields show the date (Modified Julian Day) and time
1178(seconds and fraction past UTC midnight).
1179The remaining ten fields show
1180the statistics counter values accumulated since the last generated
1181line.
1182.Bl -tag -width indent
1183.It Time since restart Cm 36000
1184Time in hours since the system was last rebooted.
1185.It Packets received Cm 81965
1186Total number of packets received.
1187.It Packets processed Cm 0
1188Number of packets received in response to previous packets sent
1189.It Current version Cm 9546
1190Number of packets matching the current NTP version.
1191.It Previous version Cm 56
1192Number of packets matching the previous NTP version.
1193.It Bad version Cm 71793
1194Number of packets matching neither NTP version.
1195.It Access denied Cm 512
1196Number of packets denied access for any reason.
1197.It Bad length or format Cm 540
1198Number of packets with invalid length, format or port number.
1199.It Bad authentication Cm 10
1200Number of packets not verified as authentic.
1201.It Rate exceeded Cm 147
1202Number of packets discarded due to rate limitation.
1203.El
1204.It Cm statsdir Ar directory_path
1205Indicates the full path of a directory where statistics files
1206should be created (see below).
1207This keyword allows
1208the (otherwise constant)
1209.Cm filegen
1210filename prefix to be modified for file generation sets, which
1211is useful for handling statistics logs.
1212.It Cm filegen Ar name Xo
1213.Op Cm file Ar filename
1214.Op Cm type Ar typename
1215.Op Cm link | nolink
1216.Op Cm enable | disable
1217.Xc
1218Configures setting of generation file set name.
1219Generation
1220file sets provide a means for handling files that are
1221continuously growing during the lifetime of a server.
1222Server statistics are a typical example for such files.
1223Generation file sets provide access to a set of files used
1224to store the actual data.
1225At any time at most one element
1226of the set is being written to.
1227The type given specifies
1228when and how data will be directed to a new element of the set.
1229This way, information stored in elements of a file set
1230that are currently unused are available for administrational
1231operations without the risk of disturbing the operation of ntpd.
1232(Most important: they can be removed to free space for new data
1233produced.)
1234.Pp
1235Note that this command can be sent from the
1236.Xr ntpdc 1ntpdcmdoc
1237program running at a remote location.
1238.Bl -tag -width indent
1239.It Cm name
1240This is the type of the statistics records, as shown in the
1241.Cm statistics
1242command.
1243.It Cm file Ar filename
1244This is the file name for the statistics records.
1245Filenames of set
1246members are built from three concatenated elements
1247.Ar Cm prefix ,
1248.Ar Cm filename
1249and
1250.Ar Cm suffix :
1251.Bl -tag -width indent
1252.It Cm prefix
1253This is a constant filename path.
1254It is not subject to
1255modifications via the
1256.Ar filegen
1257option.
1258It is defined by the
1259server, usually specified as a compile-time constant.
1260It may,
1261however, be configurable for individual file generation sets
1262via other commands.
1263For example, the prefix used with
1264.Ar loopstats
1265and
1266.Ar peerstats
1267generation can be configured using the
1268.Ar statsdir
1269option explained above.
1270.It Cm filename
1271This string is directly concatenated to the prefix mentioned
1272above (no intervening
1273.Ql / ) .
1274This can be modified using
1275the file argument to the
1276.Ar filegen
1277statement.
1278No
1279.Pa ..
1280elements are
1281allowed in this component to prevent filenames referring to
1282parts outside the filesystem hierarchy denoted by
1283.Ar prefix .
1284.It Cm suffix
1285This part is reflects individual elements of a file set.
1286It is
1287generated according to the type of a file set.
1288.El
1289.It Cm type Ar typename
1290A file generation set is characterized by its type.
1291The following
1292types are supported:
1293.Bl -tag -width indent
1294.It Cm none
1295The file set is actually a single plain file.
1296.It Cm pid
1297One element of file set is used per incarnation of a ntpd
1298server.
1299This type does not perform any changes to file set
1300members during runtime, however it provides an easy way of
1301separating files belonging to different
1302.Xr ntpd 1ntpdmdoc
1303server incarnations.
1304The set member filename is built by appending a
1305.Ql \&.
1306to concatenated
1307.Ar prefix
1308and
1309.Ar filename
1310strings, and
1311appending the decimal representation of the process ID of the
1312.Xr ntpd 1ntpdmdoc
1313server process.
1314.It Cm day
1315One file generation set element is created per day.
1316A day is
1317defined as the period between 00:00 and 24:00 UTC.
1318The file set
1319member suffix consists of a
1320.Ql \&.
1321and a day specification in
1322the form
1323.Cm YYYYMMdd .
1324.Cm YYYY
1325is a 4-digit year number (e.g., 1992).
1326.Cm MM
1327is a two digit month number.
1328.Cm dd
1329is a two digit day number.
1330Thus, all information written at 10 December 1992 would end up
1331in a file named
1332.Ar prefix
1333.Ar filename Ns .19921210 .
1334.It Cm week
1335Any file set member contains data related to a certain week of
1336a year.
1337The term week is defined by computing day-of-year
1338modulo 7.
1339Elements of such a file generation set are
1340distinguished by appending the following suffix to the file set
1341filename base: A dot, a 4-digit year number, the letter
1342.Cm W ,
1343and a 2-digit week number.
1344For example, information from January,
134510th 1992 would end up in a file with suffix
1346.No . Ns Ar 1992W1 .
1347.It Cm month
1348One generation file set element is generated per month.
1349The
1350file name suffix consists of a dot, a 4-digit year number, and
1351a 2-digit month.
1352.It Cm year
1353One generation file element is generated per year.
1354The filename
1355suffix consists of a dot and a 4 digit year number.
1356.It Cm age
1357This type of file generation sets changes to a new element of
1358the file set every 24 hours of server operation.
1359The filename
1360suffix consists of a dot, the letter
1361.Cm a ,
1362and an 8-digit number.
1363This number is taken to be the number of seconds the server is
1364running at the start of the corresponding 24-hour period.
1365Information is only written to a file generation by specifying
1366.Cm enable ;
1367output is prevented by specifying
1368.Cm disable .
1369.El
1370.It Cm link | nolink
1371It is convenient to be able to access the current element of a file
1372generation set by a fixed name.
1373This feature is enabled by
1374specifying
1375.Cm link
1376and disabled using
1377.Cm nolink .
1378If link is specified, a
1379hard link from the current file set element to a file without
1380suffix is created.
1381When there is already a file with this name and
1382the number of links of this file is one, it is renamed appending a
1383dot, the letter
1384.Cm C ,
1385and the pid of the ntpd server process.
1386When the
1387number of links is greater than one, the file is unlinked.
1388This
1389allows the current file to be accessed by a constant name.
1390.It Cm enable \&| Cm disable
1391Enables or disables the recording function.
1392.El
1393.El
1394.El
1395.Sh Access Control Support
1396The
1397.Xr ntpd 1ntpdmdoc
1398daemon implements a general purpose address/mask based restriction
1399list.
1400The list contains address/match entries sorted first
1401by increasing address values and and then by increasing mask values.
1402A match occurs when the bitwise AND of the mask and the packet
1403source address is equal to the bitwise AND of the mask and
1404address in the list.
1405The list is searched in order with the
1406last match found defining the restriction flags associated
1407with the entry.
1408Additional information and examples can be found in the
1409.Qq Notes on Configuring NTP and Setting up a NTP Subnet
1410page
1411(available as part of the HTML documentation
1412provided in
1413.Pa /usr/share/doc/ntp ) .
1414.Pp
1415The restriction facility was implemented in conformance
1416with the access policies for the original NSFnet backbone
1417time servers.
1418Later the facility was expanded to deflect
1419cryptographic and clogging attacks.
1420While this facility may
1421be useful for keeping unwanted or broken or malicious clients
1422from congesting innocent servers, it should not be considered
1423an alternative to the NTP authentication facilities.
1424Source address based restrictions are easily circumvented
1425by a determined cracker.
1426.Pp
1427Clients can be denied service because they are explicitly
1428included in the restrict list created by the restrict command
1429or implicitly as the result of cryptographic or rate limit
1430violations.
1431Cryptographic violations include certificate
1432or identity verification failure; rate limit violations generally
1433result from defective NTP implementations that send packets
1434at abusive rates.
1435Some violations cause denied service
1436only for the offending packet, others cause denied service
1437for a timed period and others cause the denied service for
1438an indefinate period.
1439When a client or network is denied access
1440for an indefinate period, the only way at present to remove
1441the restrictions is by restarting the server.
1442.Ss The Kiss-of-Death Packet
1443Ordinarily, packets denied service are simply dropped with no
1444further action except incrementing statistics counters.
1445Sometimes a
1446more proactive response is needed, such as a server message that
1447explicitly requests the client to stop sending and leave a message
1448for the system operator.
1449A special packet format has been created
1450for this purpose called the "kiss-of-death" (KoD) packet.
1451KoD packets have the leap bits set unsynchronized and stratum set
1452to zero and the reference identifier field set to a four-byte
1453ASCII code.
1454If the
1455.Cm noserve
1456or
1457.Cm notrust
1458flag of the matching restrict list entry is set,
1459the code is "DENY"; if the
1460.Cm limited
1461flag is set and the rate limit
1462is exceeded, the code is "RATE".
1463Finally, if a cryptographic violation occurs, the code is "CRYP".
1464.Pp
1465A client receiving a KoD performs a set of sanity checks to
1466minimize security exposure, then updates the stratum and
1467reference identifier peer variables, sets the access
1468denied (TEST4) bit in the peer flash variable and sends
1469a message to the log.
1470As long as the TEST4 bit is set,
1471the client will send no further packets to the server.
1472The only way at present to recover from this condition is
1473to restart the protocol at both the client and server.
1474This
1475happens automatically at the client when the association times out.
1476It will happen at the server only if the server operator cooperates.
1477.Ss Access Control Commands
1478.Bl -tag -width indent
1479.It Xo Ic discard
1480.Op Cm average Ar avg
1481.Op Cm minimum Ar min
1482.Op Cm monitor Ar prob
1483.Xc
1484Set the parameters of the
1485.Cm limited
1486facility which protects the server from
1487client abuse.
1488The
1489.Cm average
1490subcommand specifies the minimum average packet
1491spacing, while the
1492.Cm minimum
1493subcommand specifies the minimum packet spacing.
1494Packets that violate these minima are discarded
1495and a kiss-o'-death packet returned if enabled.
1496The default
1497minimum average and minimum are 5 and 2, respectively.
1498The monitor subcommand specifies the probability of discard
1499for packets that overflow the rate-control window.
1500.It Xo Ic restrict address
1501.Op Cm mask Ar mask
1502.Op Ar flag ...
1503.Xc
1504The
1505.Ar address
1506argument expressed in
1507dotted-quad form is the address of a host or network.
1508Alternatively, the
1509.Ar address
1510argument can be a valid host DNS name.
1511The
1512.Ar mask
1513argument expressed in dotted-quad form defaults to
1514.Cm 255.255.255.255 ,
1515meaning that the
1516.Ar address
1517is treated as the address of an individual host.
1518A default entry (address
1519.Cm 0.0.0.0 ,
1520mask
1521.Cm 0.0.0.0 )
1522is always included and is always the first entry in the list.
1523Note that text string
1524.Cm default ,
1525with no mask option, may
1526be used to indicate the default entry.
1527In the current implementation,
1528.Cm flag
1529always
1530restricts access, i.e., an entry with no flags indicates that free
1531access to the server is to be given.
1532The flags are not orthogonal,
1533in that more restrictive flags will often make less restrictive
1534ones redundant.
1535The flags can generally be classed into two
1536categories, those which restrict time service and those which
1537restrict informational queries and attempts to do run-time
1538reconfiguration of the server.
1539One or more of the following flags
1540may be specified:
1541.Bl -tag -width indent
1542.It Cm ignore
1543Deny packets of all kinds, including
1544.Xr ntpq 1ntpqmdoc
1545and
1546.Xr ntpdc 1ntpdcmdoc
1547queries.
1548.It Cm kod
1549If this flag is set when an access violation occurs, a kiss-o'-death
1550(KoD) packet is sent.
1551KoD packets are rate limited to no more than one
1552per second.
1553If another KoD packet occurs within one second after the
1554last one, the packet is dropped.
1555.It Cm limited
1556Deny service if the packet spacing violates the lower limits specified
1557in the discard command.
1558A history of clients is kept using the
1559monitoring capability of
1560.Xr ntpd 1ntpdmdoc .
1561Thus, monitoring is always active as
1562long as there is a restriction entry with the
1563.Cm limited
1564flag.
1565.It Cm lowpriotrap
1566Declare traps set by matching hosts to be low priority.
1567The
1568number of traps a server can maintain is limited (the current limit
1569is 3).
1570Traps are usually assigned on a first come, first served
1571basis, with later trap requestors being denied service.
1572This flag
1573modifies the assignment algorithm by allowing low priority traps to
1574be overridden by later requests for normal priority traps.
1575.It Cm nomodify
1576Deny
1577.Xr ntpq 1ntpqmdoc
1578and
1579.Xr ntpdc 1ntpdcmdoc
1580queries which attempt to modify the state of the
1581server (i.e., run time reconfiguration).
1582Queries which return
1583information are permitted.
1584.It Cm noquery
1585Deny
1586.Xr ntpq 1ntpqmdoc
1587and
1588.Xr ntpdc 1ntpdcmdoc
1589queries.
1590Time service is not affected.
1591.It Cm nopeer
1592Deny packets which would result in mobilizing a new association.
1593This
1594includes broadcast and symmetric active packets when a configured
1595association does not exist.
1596It also includes
1597.Cm pool
1598associations, so if you want to use servers from a
1599.Cm pool
1600directive and also want to use
1601.Cm nopeer
1602by default, you'll want a
1603.Cm "restrict source ..." line as well that does
1604.It not
1605include the
1606.Cm nopeer
1607directive.
1608.It Cm noserve
1609Deny all packets except
1610.Xr ntpq 1ntpqmdoc
1611and
1612.Xr ntpdc 1ntpdcmdoc
1613queries.
1614.It Cm notrap
1615Decline to provide mode 6 control message trap service to matching
1616hosts.
1617The trap service is a subsystem of the ntpdq control message
1618protocol which is intended for use by remote event logging programs.
1619.It Cm notrust
1620Deny service unless the packet is cryptographically authenticated.
1621.It Cm ntpport
1622This is actually a match algorithm modifier, rather than a
1623restriction flag.
1624Its presence causes the restriction entry to be
1625matched only if the source port in the packet is the standard NTP
1626UDP port (123).
1627Both
1628.Cm ntpport
1629and
1630.Cm non-ntpport
1631may
1632be specified.
1633The
1634.Cm ntpport
1635is considered more specific and
1636is sorted later in the list.
1637.It Cm version
1638Deny packets that do not match the current NTP version.
1639.El
1640.Pp
1641Default restriction list entries with the flags ignore, interface,
1642ntpport, for each of the local host's interface addresses are
1643inserted into the table at startup to prevent the server
1644from attempting to synchronize to its own time.
1645A default entry is also always present, though if it is
1646otherwise unconfigured; no flags are associated
1647with the default entry (i.e., everything besides your own
1648NTP server is unrestricted).
1649.El
1650.Sh Automatic NTP Configuration Options
1651.Ss Manycasting
1652Manycasting is a automatic discovery and configuration paradigm
1653new to NTPv4.
1654It is intended as a means for a multicast client
1655to troll the nearby network neighborhood to find cooperating
1656manycast servers, validate them using cryptographic means
1657and evaluate their time values with respect to other servers
1658that might be lurking in the vicinity.
1659The intended result is that each manycast client mobilizes
1660client associations with some number of the "best"
1661of the nearby manycast servers, yet automatically reconfigures
1662to sustain this number of servers should one or another fail.
1663.Pp
1664Note that the manycasting paradigm does not coincide
1665with the anycast paradigm described in RFC-1546,
1666which is designed to find a single server from a clique
1667of servers providing the same service.
1668The manycast paradigm is designed to find a plurality
1669of redundant servers satisfying defined optimality criteria.
1670.Pp
1671Manycasting can be used with either symmetric key
1672or public key cryptography.
1673The public key infrastructure (PKI)
1674offers the best protection against compromised keys
1675and is generally considered stronger, at least with relatively
1676large key sizes.
1677It is implemented using the Autokey protocol and
1678the OpenSSL cryptographic library available from
1679.Li http://www.openssl.org/ .
1680The library can also be used with other NTPv4 modes
1681as well and is highly recommended, especially for broadcast modes.
1682.Pp
1683A persistent manycast client association is configured
1684using the manycastclient command, which is similar to the
1685server command but with a multicast (IPv4 class
1686.Cm D
1687or IPv6 prefix
1688.Cm FF )
1689group address.
1690The IANA has designated IPv4 address 224.1.1.1
1691and IPv6 address FF05::101 (site local) for NTP.
1692When more servers are needed, it broadcasts manycast
1693client messages to this address at the minimum feasible rate
1694and minimum feasible time-to-live (TTL) hops, depending
1695on how many servers have already been found.
1696There can be as many manycast client associations
1697as different group address, each one serving as a template
1698for a future ephemeral unicast client/server association.
1699.Pp
1700Manycast servers configured with the
1701.Ic manycastserver
1702command listen on the specified group address for manycast
1703client messages.
1704Note the distinction between manycast client,
1705which actively broadcasts messages, and manycast server,
1706which passively responds to them.
1707If a manycast server is
1708in scope of the current TTL and is itself synchronized
1709to a valid source and operating at a stratum level equal
1710to or lower than the manycast client, it replies to the
1711manycast client message with an ordinary unicast server message.
1712.Pp
1713The manycast client receiving this message mobilizes
1714an ephemeral client/server association according to the
1715matching manycast client template, but only if cryptographically
1716authenticated and the server stratum is less than or equal
1717to the client stratum.
1718Authentication is explicitly required
1719and either symmetric key or public key (Autokey) can be used.
1720Then, the client polls the server at its unicast address
1721in burst mode in order to reliably set the host clock
1722and validate the source.
1723This normally results
1724in a volley of eight client/server at 2-s intervals
1725during which both the synchronization and cryptographic
1726protocols run concurrently.
1727Following the volley,
1728the client runs the NTP intersection and clustering
1729algorithms, which act to discard all but the "best"
1730associations according to stratum and synchronization
1731distance.
1732The surviving associations then continue
1733in ordinary client/server mode.
1734.Pp
1735The manycast client polling strategy is designed to reduce
1736as much as possible the volume of manycast client messages
1737and the effects of implosion due to near-simultaneous
1738arrival of manycast server messages.
1739The strategy is determined by the
1740.Ic manycastclient ,
1741.Ic tos
1742and
1743.Ic ttl
1744configuration commands.
1745The manycast poll interval is
1746normally eight times the system poll interval,
1747which starts out at the
1748.Cm minpoll
1749value specified in the
1750.Ic manycastclient ,
1751command and, under normal circumstances, increments to the
1752.Cm maxpolll
1753value specified in this command.
1754Initially, the TTL is
1755set at the minimum hops specified by the ttl command.
1756At each retransmission the TTL is increased until reaching
1757the maximum hops specified by this command or a sufficient
1758number client associations have been found.
1759Further retransmissions use the same TTL.
1760.Pp
1761The quality and reliability of the suite of associations
1762discovered by the manycast client is determined by the NTP
1763mitigation algorithms and the
1764.Cm minclock
1765and
1766.Cm minsane
1767values specified in the
1768.Ic tos
1769configuration command.
1770At least
1771.Cm minsane
1772candidate servers must be available and the mitigation
1773algorithms produce at least
1774.Cm minclock
1775survivors in order to synchronize the clock.
1776Byzantine agreement principles require at least four
1777candidates in order to correctly discard a single falseticker.
1778For legacy purposes,
1779.Cm minsane
1780defaults to 1 and
1781.Cm minclock
1782defaults to 3.
1783For manycast service
1784.Cm minsane
1785should be explicitly set to 4, assuming at least that
1786number of servers are available.
1787.Pp
1788If at least
1789.Cm minclock
1790servers are found, the manycast poll interval is immediately
1791set to eight times
1792.Cm maxpoll .
1793If less than
1794.Cm minclock
1795servers are found when the TTL has reached the maximum hops,
1796the manycast poll interval is doubled.
1797For each transmission
1798after that, the poll interval is doubled again until
1799reaching the maximum of eight times
1800.Cm maxpoll .
1801Further transmissions use the same poll interval and
1802TTL values.
1803Note that while all this is going on,
1804each client/server association found is operating normally
1805it the system poll interval.
1806.Pp
1807Administratively scoped multicast boundaries are normally
1808specified by the network router configuration and,
1809in the case of IPv6, the link/site scope prefix.
1810By default, the increment for TTL hops is 32 starting
1811from 31; however, the
1812.Ic ttl
1813configuration command can be
1814used to modify the values to match the scope rules.
1815.Pp
1816It is often useful to narrow the range of acceptable
1817servers which can be found by manycast client associations.
1818Because manycast servers respond only when the client
1819stratum is equal to or greater than the server stratum,
1820primary (stratum 1) servers fill find only primary servers
1821in TTL range, which is probably the most common objective.
1822However, unless configured otherwise, all manycast clients
1823in TTL range will eventually find all primary servers
1824in TTL range, which is probably not the most common
1825objective in large networks.
1826The
1827.Ic tos
1828command can be used to modify this behavior.
1829Servers with stratum below
1830.Cm floor
1831or above
1832.Cm ceiling
1833specified in the
1834.Ic tos
1835command are strongly discouraged during the selection
1836process; however, these servers may be temporally
1837accepted if the number of servers within TTL range is
1838less than
1839.Cm minclock .
1840.Pp
1841The above actions occur for each manycast client message,
1842which repeats at the designated poll interval.
1843However, once the ephemeral client association is mobilized,
1844subsequent manycast server replies are discarded,
1845since that would result in a duplicate association.
1846If during a poll interval the number of client associations
1847falls below
1848.Cm minclock ,
1849all manycast client prototype associations are reset
1850to the initial poll interval and TTL hops and operation
1851resumes from the beginning.
1852It is important to avoid
1853frequent manycast client messages, since each one requires
1854all manycast servers in TTL range to respond.
1855The result could well be an implosion, either minor or major,
1856depending on the number of servers in range.
1857The recommended value for
1858.Cm maxpoll
1859is 12 (4,096 s).
1860.Pp
1861It is possible and frequently useful to configure a host
1862as both manycast client and manycast server.
1863A number of hosts configured this way and sharing a common
1864group address will automatically organize themselves
1865in an optimum configuration based on stratum and
1866synchronization distance.
1867For example, consider an NTP
1868subnet of two primary servers and a hundred or more
1869dependent clients.
1870With two exceptions, all servers
1871and clients have identical configuration files including both
1872.Ic multicastclient
1873and
1874.Ic multicastserver
1875commands using, for instance, multicast group address
1876239.1.1.1.
1877The only exception is that each primary server
1878configuration file must include commands for the primary
1879reference source such as a GPS receiver.
1880.Pp
1881The remaining configuration files for all secondary
1882servers and clients have the same contents, except for the
1883.Ic tos
1884command, which is specific for each stratum level.
1885For stratum 1 and stratum 2 servers, that command is
1886not necessary.
1887For stratum 3 and above servers the
1888.Cm floor
1889value is set to the intended stratum number.
1890Thus, all stratum 3 configuration files are identical,
1891all stratum 4 files are identical and so forth.
1892.Pp
1893Once operations have stabilized in this scenario,
1894the primary servers will find the primary reference source
1895and each other, since they both operate at the same
1896stratum (1), but not with any secondary server or client,
1897since these operate at a higher stratum.
1898The secondary
1899servers will find the servers at the same stratum level.
1900If one of the primary servers loses its GPS receiver,
1901it will continue to operate as a client and other clients
1902will time out the corresponding association and
1903re-associate accordingly.
1904.Pp
1905Some administrators prefer to avoid running
1906.Xr ntpd 1ntpdmdoc
1907continuously and run either
1908.Xr sntp 1sntpmdoc
1909or
1910.Xr ntpd 1ntpdmdoc
1911.Fl q
1912as a cron job.
1913In either case the servers must be
1914configured in advance and the program fails if none are
1915available when the cron job runs.
1916A really slick
1917application of manycast is with
1918.Xr ntpd 1ntpdmdoc
1919.Fl q .
1920The program wakes up, scans the local landscape looking
1921for the usual suspects, selects the best from among
1922the rascals, sets the clock and then departs.
1923Servers do not have to be configured in advance and
1924all clients throughout the network can have the same
1925configuration file.
1926.Ss Manycast Interactions with Autokey
1927Each time a manycast client sends a client mode packet
1928to a multicast group address, all manycast servers
1929in scope generate a reply including the host name
1930and status word.
1931The manycast clients then run
1932the Autokey protocol, which collects and verifies
1933all certificates involved.
1934Following the burst interval
1935all but three survivors are cast off,
1936but the certificates remain in the local cache.
1937It often happens that several complete signing trails
1938from the client to the primary servers are collected in this way.
1939.Pp
1940About once an hour or less often if the poll interval
1941exceeds this, the client regenerates the Autokey key list.
1942This is in general transparent in client/server mode.
1943However, about once per day the server private value
1944used to generate cookies is refreshed along with all
1945manycast client associations.
1946In this case all
1947cryptographic values including certificates is refreshed.
1948If a new certificate has been generated since
1949the last refresh epoch, it will automatically revoke
1950all prior certificates that happen to be in the
1951certificate cache.
1952At the same time, the manycast
1953scheme starts all over from the beginning and
1954the expanding ring shrinks to the minimum and increments
1955from there while collecting all servers in scope.
1956.Ss Manycast Options
1957.Bl -tag -width indent
1958.It Xo Ic tos
1959.Oo
1960.Cm ceiling Ar ceiling |
1961.Cm cohort { 0 | 1 } |
1962.Cm floor Ar floor |
1963.Cm minclock Ar minclock |
1964.Cm minsane Ar minsane
1965.Oc
1966.Xc
1967This command affects the clock selection and clustering
1968algorithms.
1969It can be used to select the quality and
1970quantity of peers used to synchronize the system clock
1971and is most useful in manycast mode.
1972The variables operate
1973as follows:
1974.Bl -tag -width indent
1975.It Cm ceiling Ar ceiling
1976Peers with strata above
1977.Cm ceiling
1978will be discarded if there are at least
1979.Cm minclock
1980peers remaining.
1981This value defaults to 15, but can be changed
1982to any number from 1 to 15.
1983.It Cm cohort Bro 0 | 1 Brc
1984This is a binary flag which enables (0) or disables (1)
1985manycast server replies to manycast clients with the same
1986stratum level.
1987This is useful to reduce implosions where
1988large numbers of clients with the same stratum level
1989are present.
1990The default is to enable these replies.
1991.It Cm floor Ar floor
1992Peers with strata below
1993.Cm floor
1994will be discarded if there are at least
1995.Cm minclock
1996peers remaining.
1997This value defaults to 1, but can be changed
1998to any number from 1 to 15.
1999.It Cm minclock Ar minclock
2000The clustering algorithm repeatedly casts out outlier
2001associations until no more than
2002.Cm minclock
2003associations remain.
2004This value defaults to 3,
2005but can be changed to any number from 1 to the number of
2006configured sources.
2007.It Cm minsane Ar minsane
2008This is the minimum number of candidates available
2009to the clock selection algorithm in order to produce
2010one or more truechimers for the clustering algorithm.
2011If fewer than this number are available, the clock is
2012undisciplined and allowed to run free.
2013The default is 1
2014for legacy purposes.
2015However, according to principles of
2016Byzantine agreement,
2017.Cm minsane
2018should be at least 4 in order to detect and discard
2019a single falseticker.
2020.El
2021.It Cm ttl Ar hop ...
2022This command specifies a list of TTL values in increasing
2023order, up to 8 values can be specified.
2024In manycast mode these values are used in turn
2025in an expanding-ring search.
2026The default is eight
2027multiples of 32 starting at 31.
2028.El
2029.Sh Reference Clock Support
2030The NTP Version 4 daemon supports some three dozen different radio,
2031satellite and modem reference clocks plus a special pseudo-clock
2032used for backup or when no other clock source is available.
2033Detailed descriptions of individual device drivers and options can
2034be found in the
2035.Qq Reference Clock Drivers
2036page
2037(available as part of the HTML documentation
2038provided in
2039.Pa /usr/share/doc/ntp ) .
2040Additional information can be found in the pages linked
2041there, including the
2042.Qq Debugging Hints for Reference Clock Drivers
2043and
2044.Qq How To Write a Reference Clock Driver
2045pages
2046(available as part of the HTML documentation
2047provided in
2048.Pa /usr/share/doc/ntp ) .
2049In addition, support for a PPS
2050signal is available as described in the
2051.Qq Pulse-per-second (PPS) Signal Interfacing
2052page
2053(available as part of the HTML documentation
2054provided in
2055.Pa /usr/share/doc/ntp ) .
2056Many
2057drivers support special line discipline/streams modules which can
2058significantly improve the accuracy using the driver.
2059These are
2060described in the
2061.Qq Line Disciplines and Streams Drivers
2062page
2063(available as part of the HTML documentation
2064provided in
2065.Pa /usr/share/doc/ntp ) .
2066.Pp
2067A reference clock will generally (though not always) be a radio
2068timecode receiver which is synchronized to a source of standard
2069time such as the services offered by the NRC in Canada and NIST and
2070USNO in the US.
2071The interface between the computer and the timecode
2072receiver is device dependent, but is usually a serial port.
2073A
2074device driver specific to each reference clock must be selected and
2075compiled in the distribution; however, most common radio, satellite
2076and modem clocks are included by default.
2077Note that an attempt to
2078configure a reference clock when the driver has not been compiled
2079or the hardware port has not been appropriately configured results
2080in a scalding remark to the system log file, but is otherwise non
2081hazardous.
2082.Pp
2083For the purposes of configuration,
2084.Xr ntpd 1ntpdmdoc
2085treats
2086reference clocks in a manner analogous to normal NTP peers as much
2087as possible.
2088Reference clocks are identified by a syntactically
2089correct but invalid IP address, in order to distinguish them from
2090normal NTP peers.
2091Reference clock addresses are of the form
2092.Sm off
2093.Li 127.127. Ar t . Ar u ,
2094.Sm on
2095where
2096.Ar t
2097is an integer
2098denoting the clock type and
2099.Ar u
2100indicates the unit
2101number in the range 0-3.
2102While it may seem overkill, it is in fact
2103sometimes useful to configure multiple reference clocks of the same
2104type, in which case the unit numbers must be unique.
2105.Pp
2106The
2107.Ic server
2108command is used to configure a reference
2109clock, where the
2110.Ar address
2111argument in that command
2112is the clock address.
2113The
2114.Cm key ,
2115.Cm version
2116and
2117.Cm ttl
2118options are not used for reference clock support.
2119The
2120.Cm mode
2121option is added for reference clock support, as
2122described below.
2123The
2124.Cm prefer
2125option can be useful to
2126persuade the server to cherish a reference clock with somewhat more
2127enthusiasm than other reference clocks or peers.
2128Further
2129information on this option can be found in the
2130.Qq Mitigation Rules and the prefer Keyword
2131(available as part of the HTML documentation
2132provided in
2133.Pa /usr/share/doc/ntp )
2134page.
2135The
2136.Cm minpoll
2137and
2138.Cm maxpoll
2139options have
2140meaning only for selected clock drivers.
2141See the individual clock
2142driver document pages for additional information.
2143.Pp
2144The
2145.Ic fudge
2146command is used to provide additional
2147information for individual clock drivers and normally follows
2148immediately after the
2149.Ic server
2150command.
2151The
2152.Ar address
2153argument specifies the clock address.
2154The
2155.Cm refid
2156and
2157.Cm stratum
2158options can be used to
2159override the defaults for the device.
2160There are two optional
2161device-dependent time offsets and four flags that can be included
2162in the
2163.Ic fudge
2164command as well.
2165.Pp
2166The stratum number of a reference clock is by default zero.
2167Since the
2168.Xr ntpd 1ntpdmdoc
2169daemon adds one to the stratum of each
2170peer, a primary server ordinarily displays an external stratum of
2171one.
2172In order to provide engineered backups, it is often useful to
2173specify the reference clock stratum as greater than zero.
2174The
2175.Cm stratum
2176option is used for this purpose.
2177Also, in cases
2178involving both a reference clock and a pulse-per-second (PPS)
2179discipline signal, it is useful to specify the reference clock
2180identifier as other than the default, depending on the driver.
2181The
2182.Cm refid
2183option is used for this purpose.
2184Except where noted,
2185these options apply to all clock drivers.
2186.Ss Reference Clock Commands
2187.Bl -tag -width indent
2188.It Xo Ic server
2189.Sm off
2190.Li 127.127. Ar t . Ar u
2191.Sm on
2192.Op Cm prefer
2193.Op Cm mode Ar int
2194.Op Cm minpoll Ar int
2195.Op Cm maxpoll Ar int
2196.Xc
2197This command can be used to configure reference clocks in
2198special ways.
2199The options are interpreted as follows:
2200.Bl -tag -width indent
2201.It Cm prefer
2202Marks the reference clock as preferred.
2203All other things being
2204equal, this host will be chosen for synchronization among a set of
2205correctly operating hosts.
2206See the
2207.Qq Mitigation Rules and the prefer Keyword
2208page
2209(available as part of the HTML documentation
2210provided in
2211.Pa /usr/share/doc/ntp )
2212for further information.
2213.It Cm mode Ar int
2214Specifies a mode number which is interpreted in a
2215device-specific fashion.
2216For instance, it selects a dialing
2217protocol in the ACTS driver and a device subtype in the
2218parse
2219drivers.
2220.It Cm minpoll Ar int
2221.It Cm maxpoll Ar int
2222These options specify the minimum and maximum polling interval
2223for reference clock messages, as a power of 2 in seconds
2224For
2225most directly connected reference clocks, both
2226.Cm minpoll
2227and
2228.Cm maxpoll
2229default to 6 (64 s).
2230For modem reference clocks,
2231.Cm minpoll
2232defaults to 10 (17.1 m) and
2233.Cm maxpoll
2234defaults to 14 (4.5 h).
2235The allowable range is 4 (16 s) to 17 (36.4 h) inclusive.
2236.El
2237.It Xo Ic fudge
2238.Sm off
2239.Li 127.127. Ar t . Ar u
2240.Sm on
2241.Op Cm time1 Ar sec
2242.Op Cm time2 Ar sec
2243.Op Cm stratum Ar int
2244.Op Cm refid Ar string
2245.Op Cm mode Ar int
2246.Op Cm flag1 Cm 0 \&| Cm 1
2247.Op Cm flag2 Cm 0 \&| Cm 1
2248.Op Cm flag3 Cm 0 \&| Cm 1
2249.Op Cm flag4 Cm 0 \&| Cm 1
2250.Xc
2251This command can be used to configure reference clocks in
2252special ways.
2253It must immediately follow the
2254.Ic server
2255command which configures the driver.
2256Note that the same capability
2257is possible at run time using the
2258.Xr ntpdc 1ntpdcmdoc
2259program.
2260The options are interpreted as
2261follows:
2262.Bl -tag -width indent
2263.It Cm time1 Ar sec
2264Specifies a constant to be added to the time offset produced by
2265the driver, a fixed-point decimal number in seconds.
2266This is used
2267as a calibration constant to adjust the nominal time offset of a
2268particular clock to agree with an external standard, such as a
2269precision PPS signal.
2270It also provides a way to correct a
2271systematic error or bias due to serial port or operating system
2272latencies, different cable lengths or receiver internal delay.
2273The
2274specified offset is in addition to the propagation delay provided
2275by other means, such as internal DIPswitches.
2276Where a calibration
2277for an individual system and driver is available, an approximate
2278correction is noted in the driver documentation pages.
2279Note: in order to facilitate calibration when more than one
2280radio clock or PPS signal is supported, a special calibration
2281feature is available.
2282It takes the form of an argument to the
2283.Ic enable
2284command described in
2285.Sx Miscellaneous Options
2286page and operates as described in the
2287.Qq Reference Clock Drivers
2288page
2289(available as part of the HTML documentation
2290provided in
2291.Pa /usr/share/doc/ntp ) .
2292.It Cm time2 Ar secs
2293Specifies a fixed-point decimal number in seconds, which is
2294interpreted in a driver-dependent way.
2295See the descriptions of
2296specific drivers in the
2297.Qq Reference Clock Drivers
2298page
2299(available as part of the HTML documentation
2300provided in
2301.Pa /usr/share/doc/ntp ) .
2302.It Cm stratum Ar int
2303Specifies the stratum number assigned to the driver, an integer
2304between 0 and 15.
2305This number overrides the default stratum number
2306ordinarily assigned by the driver itself, usually zero.
2307.It Cm refid Ar string
2308Specifies an ASCII string of from one to four characters which
2309defines the reference identifier used by the driver.
2310This string
2311overrides the default identifier ordinarily assigned by the driver
2312itself.
2313.It Cm mode Ar int
2314Specifies a mode number which is interpreted in a
2315device-specific fashion.
2316For instance, it selects a dialing
2317protocol in the ACTS driver and a device subtype in the
2318parse
2319drivers.
2320.It Cm flag1 Cm 0 \&| Cm 1
2321.It Cm flag2 Cm 0 \&| Cm 1
2322.It Cm flag3 Cm 0 \&| Cm 1
2323.It Cm flag4 Cm 0 \&| Cm 1
2324These four flags are used for customizing the clock driver.
2325The
2326interpretation of these values, and whether they are used at all,
2327is a function of the particular clock driver.
2328However, by
2329convention
2330.Cm flag4
2331is used to enable recording monitoring
2332data to the
2333.Cm clockstats
2334file configured with the
2335.Ic filegen
2336command.
2337Further information on the
2338.Ic filegen
2339command can be found in
2340.Sx Monitoring Options .
2341.El
2342.El
2343.Sh Miscellaneous Options
2344.Bl -tag -width indent
2345.It Ic broadcastdelay Ar seconds
2346The broadcast and multicast modes require a special calibration
2347to determine the network delay between the local and remote
2348servers.
2349Ordinarily, this is done automatically by the initial
2350protocol exchanges between the client and server.
2351In some cases,
2352the calibration procedure may fail due to network or server access
2353controls, for example.
2354This command specifies the default delay to
2355be used under these circumstances.
2356Typically (for Ethernet), a
2357number between 0.003 and 0.007 seconds is appropriate.
2358The default
2359when this command is not used is 0.004 seconds.
2360.It Ic calldelay Ar delay
2361This option controls the delay in seconds between the first and second
2362packets sent in burst or iburst mode to allow additional time for a modem
2363or ISDN call to complete.
2364.It Ic driftfile Ar driftfile
2365This command specifies the complete path and name of the file used to
2366record the frequency of the local clock oscillator.
2367This is the same
2368operation as the
2369.Fl f
2370command line option.
2371If the file exists, it is read at
2372startup in order to set the initial frequency and then updated once per
2373hour with the current frequency computed by the daemon.
2374If the file name is
2375specified, but the file itself does not exist, the starts with an initial
2376frequency of zero and creates the file when writing it for the first time.
2377If this command is not given, the daemon will always start with an initial
2378frequency of zero.
2379.Pp
2380The file format consists of a single line containing a single
2381floating point number, which records the frequency offset measured
2382in parts-per-million (PPM).
2383The file is updated by first writing
2384the current drift value into a temporary file and then renaming
2385this file to replace the old version.
2386This implies that
2387.Xr ntpd 1ntpdmdoc
2388must have write permission for the directory the
2389drift file is located in, and that file system links, symbolic or
2390otherwise, should be avoided.
2391.It Ic dscp Ar value
2392This option specifies the Differentiated Services Control Point (DSCP) value,
2393a 6-bit code.  The default value is 46, signifying Expedited Forwarding.
2394.It Xo Ic enable
2395.Oo
2396.Cm auth | Cm bclient |
2397.Cm calibrate | Cm kernel |
2398.Cm mode7 | Cm monitor |
2399.Cm ntp | Cm stats |
2400.Cm unpeer_crypto_early | Cm unpeer_crypto_nak_early | Cm unpeer_digest_early
2401.Oc
2402.Xc
2403.It Xo Ic disable
2404.Oo
2405.Cm auth | Cm bclient |
2406.Cm calibrate | Cm kernel |
2407.Cm mode7 | Cm monitor |
2408.Cm ntp | Cm stats |
2409.Cm unpeer_crypto_early | Cm unpeer_crypto_nak_early | Cm unpeer_digest_early
2410.Oc
2411.Xc
2412Provides a way to enable or disable various server options.
2413Flags not mentioned are unaffected.
2414Note that all of these flags
2415can be controlled remotely using the
2416.Xr ntpdc 1ntpdcmdoc
2417utility program.
2418.Bl -tag -width indent
2419.It Cm auth
2420Enables the server to synchronize with unconfigured peers only if the
2421peer has been correctly authenticated using either public key or
2422private key cryptography.
2423The default for this flag is
2424.Ic enable .
2425.It Cm bclient
2426Enables the server to listen for a message from a broadcast or
2427multicast server, as in the
2428.Ic multicastclient
2429command with default
2430address.
2431The default for this flag is
2432.Ic disable .
2433.It Cm calibrate
2434Enables the calibrate feature for reference clocks.
2435The default for
2436this flag is
2437.Ic disable .
2438.It Cm kernel
2439Enables the kernel time discipline, if available.
2440The default for this
2441flag is
2442.Ic enable
2443if support is available, otherwise
2444.Ic disable .
2445.It Cm mode7
2446Enables processing of NTP mode 7 implementation-specific requests
2447which are used by the deprecated
2448.Xr ntpdc 1ntpdcmdoc
2449program.
2450The default for this flag is disable.
2451This flag is excluded from runtime configuration using
2452.Xr ntpq 1ntpqmdoc .
2453The
2454.Xr ntpq 1ntpqmdoc
2455program provides the same capabilities as
2456.Xr ntpdc 1ntpdcmdoc
2457using standard mode 6 requests.
2458.It Cm monitor
2459Enables the monitoring facility.
2460See the
2461.Xr ntpdc 1ntpdcmdoc
2462program
2463and the
2464.Ic monlist
2465command or further information.
2466The
2467default for this flag is
2468.Ic enable .
2469.It Cm ntp
2470Enables time and frequency discipline.
2471In effect, this switch opens and
2472closes the feedback loop, which is useful for testing.
2473The default for
2474this flag is
2475.Ic enable .
2476.It Cm stats
2477Enables the statistics facility.
2478See the
2479.Sx Monitoring Options
2480section for further information.
2481The default for this flag is
2482.Ic disable .
2483.It Cm unpeer_crypto_early
2484By default, if
2485.Xr ntpd 1ntpdmdoc
2486receives an autokey packet that fails TEST9,
2487a crypto failure,
2488the association is immediately cleared.
2489This is almost certainly a feature,
2490but if, in spite of the current recommendation of not using autokey,
2491you are
2492.B still
2493using autokey
2494.B and
2495you are seeing this sort of DoS attack
2496disabling this flag will delay
2497tearing down the association until the reachability counter
2498becomes zero.
2499You can check your
2500.Cm peerstats
2501file for evidence of any of these attacks.
2502The
2503default for this flag is
2504.Ic enable .
2505.It Cm unpeer_crypto_nak_early
2506By default, if
2507.Xr ntpd 1ntpdmdoc
2508receives a crypto-NAK packet that
2509passes the duplicate packet and origin timestamp checks
2510the association is immediately cleared.
2511While this is generally a feature
2512as it allows for quick recovery if a server key has changed,
2513a properly forged and appropriately delivered crypto-NAK packet
2514can be used in a DoS attack.
2515If you have active noticable problems with this type of DoS attack
2516then you should consider
2517disabling this option.
2518You can check your
2519.Cm peerstats
2520file for evidence of any of these attacks.
2521The
2522default for this flag is
2523.Ic enable .
2524.It Cm unpeer_digest_early
2525By default, if
2526.Xr ntpd 1ntpdmdoc
2527receives what should be an authenticated packet
2528that passes other packet sanity checks but
2529contains an invalid digest
2530the association is immediately cleared.
2531While this is generally a feature
2532as it allows for quick recovery,
2533if this type of packet is carefully forged and sent
2534during an appropriate window it can be used for a DoS attack.
2535If you have active noticable problems with this type of DoS attack
2536then you should consider
2537disabling this option.
2538You can check your
2539.Cm peerstats
2540file for evidence of any of these attacks.
2541The
2542default for this flag is
2543.Ic enable .
2544.El
2545.It Ic includefile Ar includefile
2546This command allows additional configuration commands
2547to be included from a separate file.
2548Include files may
2549be nested to a depth of five; upon reaching the end of any
2550include file, command processing resumes in the previous
2551configuration file.
2552This option is useful for sites that run
2553.Xr ntpd 1ntpdmdoc
2554on multiple hosts, with (mostly) common options (e.g., a
2555restriction list).
2556.It Ic leapsmearinterval Ar seconds
2557This EXPERIMENTAL option is only available if
2558.Xr ntpd 1ntpdmdoc
2559was built with the
2560.Cm --enable-leap-smear
2561option to the
2562.Cm configure
2563script.
2564It specifies the interval over which a leap second correction will be applied.
2565Recommended values for this option are between
25667200 (2 hours) and 86400 (24 hours).
2567.Sy DO NOT USE THIS OPTION ON PUBLIC-ACCESS SERVERS!
2568See http://bugs.ntp.org/2855 for more information.
2569.It Ic logconfig Ar configkeyword
2570This command controls the amount and type of output written to
2571the system
2572.Xr syslog 3
2573facility or the alternate
2574.Ic logfile
2575log file.
2576By default, all output is turned on.
2577All
2578.Ar configkeyword
2579keywords can be prefixed with
2580.Ql = ,
2581.Ql +
2582and
2583.Ql - ,
2584where
2585.Ql =
2586sets the
2587.Xr syslog 3
2588priority mask,
2589.Ql +
2590adds and
2591.Ql -
2592removes
2593messages.
2594.Xr syslog 3
2595messages can be controlled in four
2596classes
2597.Po
2598.Cm clock ,
2599.Cm peer ,
2600.Cm sys
2601and
2602.Cm sync
2603.Pc .
2604Within these classes four types of messages can be
2605controlled: informational messages
2606.Po
2607.Cm info
2608.Pc ,
2609event messages
2610.Po
2611.Cm events
2612.Pc ,
2613statistics messages
2614.Po
2615.Cm statistics
2616.Pc
2617and
2618status messages
2619.Po
2620.Cm status
2621.Pc .
2622.Pp
2623Configuration keywords are formed by concatenating the message class with
2624the event class.
2625The
2626.Cm all
2627prefix can be used instead of a message class.
2628A
2629message class may also be followed by the
2630.Cm all
2631keyword to enable/disable all
2632messages of the respective message class.Thus, a minimal log configuration
2633could look like this:
2634.Bd -literal
2635logconfig =syncstatus +sysevents
2636.Ed
2637.Pp
2638This would just list the synchronizations state of
2639.Xr ntpd 1ntpdmdoc
2640and the major system events.
2641For a simple reference server, the
2642following minimum message configuration could be useful:
2643.Bd -literal
2644logconfig =syncall +clockall
2645.Ed
2646.Pp
2647This configuration will list all clock information and
2648synchronization information.
2649All other events and messages about
2650peers, system events and so on is suppressed.
2651.It Ic logfile Ar logfile
2652This command specifies the location of an alternate log file to
2653be used instead of the default system
2654.Xr syslog 3
2655facility.
2656This is the same operation as the -l command line option.
2657.It Ic setvar Ar variable Op Cm default
2658This command adds an additional system variable.
2659These
2660variables can be used to distribute additional information such as
2661the access policy.
2662If the variable of the form
2663.Sm off
2664.Va name = Ar value
2665.Sm on
2666is followed by the
2667.Cm default
2668keyword, the
2669variable will be listed as part of the default system variables
2670.Po
2671.Xr ntpq 1ntpqmdoc
2672.Ic rv
2673command
2674.Pc ) .
2675These additional variables serve
2676informational purposes only.
2677They are not related to the protocol
2678other that they can be listed.
2679The known protocol variables will
2680always override any variables defined via the
2681.Ic setvar
2682mechanism.
2683There are three special variables that contain the names
2684of all variable of the same group.
2685The
2686.Va sys_var_list
2687holds
2688the names of all system variables.
2689The
2690.Va peer_var_list
2691holds
2692the names of all peer variables and the
2693.Va clock_var_list
2694holds the names of the reference clock variables.
2695.It Xo Ic tinker
2696.Oo
2697.Cm allan Ar allan |
2698.Cm dispersion Ar dispersion |
2699.Cm freq Ar freq |
2700.Cm huffpuff Ar huffpuff |
2701.Cm panic Ar panic |
2702.Cm step Ar step |
2703.Cm stepback Ar stepback |
2704.Cm stepfwd Ar stepfwd |
2705.Cm stepout Ar stepout
2706.Oc
2707.Xc
2708This command can be used to alter several system variables in
2709very exceptional circumstances.
2710It should occur in the
2711configuration file before any other configuration options.
2712The
2713default values of these variables have been carefully optimized for
2714a wide range of network speeds and reliability expectations.
2715In
2716general, they interact in intricate ways that are hard to predict
2717and some combinations can result in some very nasty behavior.
2718Very
2719rarely is it necessary to change the default values; but, some
2720folks cannot resist twisting the knobs anyway and this command is
2721for them.
2722Emphasis added: twisters are on their own and can expect
2723no help from the support group.
2724.Pp
2725The variables operate as follows:
2726.Bl -tag -width indent
2727.It Cm allan Ar allan
2728The argument becomes the new value for the minimum Allan
2729intercept, which is a parameter of the PLL/FLL clock discipline
2730algorithm.
2731The value in log2 seconds defaults to 7 (1024 s), which is also the lower
2732limit.
2733.It Cm dispersion Ar dispersion
2734The argument becomes the new value for the dispersion increase rate,
2735normally .000015 s/s.
2736.It Cm freq Ar freq
2737The argument becomes the initial value of the frequency offset in
2738parts-per-million.
2739This overrides the value in the frequency file, if
2740present, and avoids the initial training state if it is not.
2741.It Cm huffpuff Ar huffpuff
2742The argument becomes the new value for the experimental
2743huff-n'-puff filter span, which determines the most recent interval
2744the algorithm will search for a minimum delay.
2745The lower limit is
2746900 s (15 m), but a more reasonable value is 7200 (2 hours).
2747There
2748is no default, since the filter is not enabled unless this command
2749is given.
2750.It Cm panic Ar panic
2751The argument is the panic threshold, normally 1000 s.
2752If set to zero,
2753the panic sanity check is disabled and a clock offset of any value will
2754be accepted.
2755.It Cm step Ar step
2756The argument is the step threshold, which by default is 0.128 s.
2757It can
2758be set to any positive number in seconds.
2759If set to zero, step
2760adjustments will never occur.
2761Note: The kernel time discipline is
2762disabled if the step threshold is set to zero or greater than the
2763default.
2764.It Cm stepback Ar stepback
2765The argument is the step threshold for the backward direction,
2766which by default is 0.128 s.
2767It can
2768be set to any positive number in seconds.
2769If both the forward and backward step thresholds are set to zero, step
2770adjustments will never occur.
2771Note: The kernel time discipline is
2772disabled if
2773each direction of step threshold are either
2774set to zero or greater than .5 second.
2775.It Cm stepfwd Ar stepfwd
2776As for stepback, but for the forward direction.
2777.It Cm stepout Ar stepout
2778The argument is the stepout timeout, which by default is 900 s.
2779It can
2780be set to any positive number in seconds.
2781If set to zero, the stepout
2782pulses will not be suppressed.
2783.El
2784.It Xo Ic rlimit
2785.Oo
2786.Cm memlock Ar Nmegabytes |
2787.Cm stacksize Ar N4kPages
2788.Cm filenum Ar Nfiledescriptors
2789.Oc
2790.Xc
2791.Bl -tag -width indent
2792.It Cm memlock Ar Nmegabytes
2793Specify the number of megabytes of memory that should be
2794allocated and locked.
2795Probably only available under Linux, this option may be useful
2796when dropping root (the
2797.Fl i
2798option).
2799The default is 32 megabytes on non-Linux machines, and -1 under Linux.
2800-1 means "do not lock the process into memory".
28010 means "lock whatever memory the process wants into memory".
2802.It Cm stacksize Ar N4kPages
2803Specifies the maximum size of the process stack on systems with the
2804.Fn mlockall
2805function.
2806Defaults to 50 4k pages (200 4k pages in OpenBSD).
2807.It Cm filenum Ar Nfiledescriptors
2808Specifies the maximum number of file descriptors ntpd may have open at once. Defaults to the system default.
2809.El
2810.It Xo Ic trap Ar host_address
2811.Op Cm port Ar port_number
2812.Op Cm interface Ar interface_address
2813.Xc
2814This command configures a trap receiver at the given host
2815address and port number for sending messages with the specified
2816local interface address.
2817If the port number is unspecified, a value
2818of 18447 is used.
2819If the interface address is not specified, the
2820message is sent with a source address of the local interface the
2821message is sent through.
2822Note that on a multihomed host the
2823interface used may vary from time to time with routing changes.
2824.Pp
2825The trap receiver will generally log event messages and other
2826information from the server in a log file.
2827While such monitor
2828programs may also request their own trap dynamically, configuring a
2829trap receiver will ensure that no messages are lost when the server
2830is started.
2831.It Cm hop Ar ...
2832This command specifies a list of TTL values in increasing order, up to 8
2833values can be specified.
2834In manycast mode these values are used in turn in
2835an expanding-ring search.
2836The default is eight multiples of 32 starting at
283731.
2838.El
2839	_END_PROG_MDOC_DESCRIP;
2840};
2841
2842doc-section	= {
2843  ds-type	= 'FILES';
2844  ds-format	= 'mdoc';
2845  ds-text	= <<- _END_MDOC_FILES
2846.Bl -tag -width /etc/ntp.drift -compact
2847.It Pa /etc/ntp.conf
2848the default name of the configuration file
2849.It Pa ntp.keys
2850private MD5 keys
2851.It Pa ntpkey
2852RSA private key
2853.It Pa ntpkey_ Ns Ar host
2854RSA public key
2855.It Pa ntp_dh
2856Diffie-Hellman agreement parameters
2857.El
2858	_END_MDOC_FILES;
2859};
2860
2861doc-section	= {
2862  ds-type	= 'SEE ALSO';
2863  ds-format	= 'mdoc';
2864  ds-text	= <<- _END_MDOC_SEE_ALSO
2865.Xr ntpd 1ntpdmdoc ,
2866.Xr ntpdc 1ntpdcmdoc ,
2867.Xr ntpq 1ntpqmdoc
2868.Pp
2869In addition to the manual pages provided,
2870comprehensive documentation is available on the world wide web
2871at
2872.Li http://www.ntp.org/ .
2873A snapshot of this documentation is available in HTML format in
2874.Pa /usr/share/doc/ntp .
2875.Rs
2876.%A David L. Mills
2877.%T Network Time Protocol (Version 4)
2878.%O RFC5905
2879.Re
2880	_END_MDOC_SEE_ALSO;
2881};
2882
2883doc-section	= {
2884  ds-type	= 'BUGS';
2885  ds-format	= 'mdoc';
2886  ds-text	= <<- _END_MDOC_BUGS
2887The syntax checking is not picky; some combinations of
2888ridiculous and even hilarious options and modes may not be
2889detected.
2890.Pp
2891The
2892.Pa ntpkey_ Ns Ar host
2893files are really digital
2894certificates.
2895These should be obtained via secure directory
2896services when they become universally available.
2897	_END_MDOC_BUGS;
2898};
2899
2900doc-section	= {
2901  ds-type	= 'NOTES';
2902  ds-format	= 'mdoc';
2903  ds-text	= <<- _END_MDOC_NOTES
2904This document was derived from FreeBSD.
2905	_END_MDOC_NOTES;
2906};
2907