xref: /freebsd/contrib/ntp/ntpd/ntp.conf.def (revision 94bb24b38701354b6a34607982483227823de864)
1/* -*- Mode: Text -*- */
2
3autogen definitions options;
4
5#include copyright.def
6
7// We want the synopsis to be "/etc/ntp.conf" but we need the prog-name
8// to be ntp.conf - the latter is also how autogen produces the output
9// file name.
10prog-name	= "ntp.conf";
11file-path	= "/etc/ntp.conf";
12prog-title	= "Network Time Protocol (NTP) daemon configuration file format";
13
14/* explain: Additional information whenever the usage routine is invoked */
15explain = <<- _END_EXPLAIN
16	_END_EXPLAIN;
17
18doc-section	= {
19  ds-type	= 'DESCRIPTION';
20  ds-format	= 'mdoc';
21  ds-text	= <<- _END_PROG_MDOC_DESCRIP
22The
23.Nm
24configuration file is read at initial startup by the
25.Xr ntpd 1ntpdmdoc
26daemon in order to specify the synchronization sources,
27modes and other related information.
28Usually, it is installed in the
29.Pa /etc
30directory,
31but could be installed elsewhere
32(see the daemon's
33.Fl c
34command line option).
35.Pp
36The file format is similar to other
37.Ux
38configuration files.
39Comments begin with a
40.Ql #
41character and extend to the end of the line;
42blank lines are ignored.
43Configuration commands consist of an initial keyword
44followed by a list of arguments,
45some of which may be optional, separated by whitespace.
46Commands may not be continued over multiple lines.
47Arguments may be host names,
48host addresses written in numeric, dotted-quad form,
49integers, floating point numbers (when specifying times in seconds)
50and text strings.
51.Pp
52The rest of this page describes the configuration and control options.
53The
54.Qq Notes on Configuring NTP and Setting up an NTP Subnet
55page
56(available as part of the HTML documentation
57provided in
58.Pa /usr/share/doc/ntp )
59contains an extended discussion of these options.
60In addition to the discussion of general
61.Sx Configuration Options ,
62there are sections describing the following supported functionality
63and the options used to control it:
64.Bl -bullet -offset indent
65.It
66.Sx Authentication Support
67.It
68.Sx Monitoring Support
69.It
70.Sx Access Control Support
71.It
72.Sx Automatic NTP Configuration Options
73.It
74.Sx Reference Clock Support
75.It
76.Sx Miscellaneous Options
77.El
78.Pp
79Following these is a section describing
80.Sx Miscellaneous Options .
81While there is a rich set of options available,
82the only required option is one or more
83.Ic pool ,
84.Ic server ,
85.Ic peer ,
86.Ic broadcast
87or
88.Ic manycastclient
89commands.
90.Sh Configuration Support
91Following is a description of the configuration commands in
92NTPv4.
93These commands have the same basic functions as in NTPv3 and
94in some cases new functions and new arguments.
95There are two
96classes of commands, configuration commands that configure a
97persistent association with a remote server or peer or reference
98clock, and auxiliary commands that specify environmental variables
99that control various related operations.
100.Ss Configuration Commands
101The various modes are determined by the command keyword and the
102type of the required IP address.
103Addresses are classed by type as
104(s) a remote server or peer (IPv4 class A, B and C), (b) the
105broadcast address of a local interface, (m) a multicast address (IPv4
106class D), or (r) a reference clock address (127.127.x.x).
107Note that
108only those options applicable to each command are listed below.
109Use
110of options not listed may not be caught as an error, but may result
111in some weird and even destructive behavior.
112.Pp
113If the Basic Socket Interface Extensions for IPv6 (RFC-2553)
114is detected, support for the IPv6 address family is generated
115in addition to the default support of the IPv4 address family.
116In a few cases, including the
117.Cm reslist
118billboard generated
119by
120.Xr ntpq 1ntpqmdoc
121or
122.Xr ntpdc 1ntpdcmdoc ,
123IPv6 addresses are automatically generated.
124IPv6 addresses can be identified by the presence of colons
125.Dq \&:
126in the address field.
127IPv6 addresses can be used almost everywhere where
128IPv4 addresses can be used,
129with the exception of reference clock addresses,
130which are always IPv4.
131.Pp
132Note that in contexts where a host name is expected, a
133.Fl 4
134qualifier preceding
135the host name forces DNS resolution to the IPv4 namespace,
136while a
137.Fl 6
138qualifier forces DNS resolution to the IPv6 namespace.
139See IPv6 references for the
140equivalent classes for that address family.
141.Bl -tag -width indent
142.It Xo Ic pool Ar address
143.Op Cm burst
144.Op Cm iburst
145.Op Cm version Ar version
146.Op Cm prefer
147.Op Cm minpoll Ar minpoll
148.Op Cm maxpoll Ar maxpoll
149.Xc
150.It Xo Ic server Ar address
151.Op Cm key Ar key \&| Cm autokey
152.Op Cm burst
153.Op Cm iburst
154.Op Cm version Ar version
155.Op Cm prefer
156.Op Cm minpoll Ar minpoll
157.Op Cm maxpoll Ar maxpoll
158.Op Cm true
159.Xc
160.It Xo Ic peer Ar address
161.Op Cm key Ar key \&| Cm autokey
162.Op Cm version Ar version
163.Op Cm prefer
164.Op Cm minpoll Ar minpoll
165.Op Cm maxpoll Ar maxpoll
166.Op Cm true
167.Op Cm xleave
168.Xc
169.It Xo Ic broadcast Ar address
170.Op Cm key Ar key \&| Cm autokey
171.Op Cm version Ar version
172.Op Cm prefer
173.Op Cm minpoll Ar minpoll
174.Op Cm ttl Ar ttl
175.Op Cm xleave
176.Xc
177.It Xo Ic manycastclient Ar address
178.Op Cm key Ar key \&| Cm autokey
179.Op Cm version Ar version
180.Op Cm prefer
181.Op Cm minpoll Ar minpoll
182.Op Cm maxpoll Ar maxpoll
183.Op Cm ttl Ar ttl
184.Xc
185.El
186.Pp
187These five commands specify the time server name or address to
188be used and the mode in which to operate.
189The
190.Ar address
191can be
192either a DNS name or an IP address in dotted-quad notation.
193Additional information on association behavior can be found in the
194.Qq Association Management
195page
196(available as part of the HTML documentation
197provided in
198.Pa /usr/share/doc/ntp ) .
199.Bl -tag -width indent
200.It Ic pool
201For type s addresses, this command mobilizes a persistent
202client mode association with a number of remote servers.
203In this mode the local clock can synchronized to the
204remote server, but the remote server can never be synchronized to
205the local clock.
206.It Ic server
207For type s and r addresses, this command mobilizes a persistent
208client mode association with the specified remote server or local
209radio clock.
210In this mode the local clock can synchronized to the
211remote server, but the remote server can never be synchronized to
212the local clock.
213This command should
214.Em not
215be used for type
216b or m addresses.
217.It Ic peer
218For type s addresses (only), this command mobilizes a
219persistent symmetric-active mode association with the specified
220remote peer.
221In this mode the local clock can be synchronized to
222the remote peer or the remote peer can be synchronized to the local
223clock.
224This is useful in a network of servers where, depending on
225various failure scenarios, either the local or remote peer may be
226the better source of time.
227This command should NOT be used for type
228b, m or r addresses.
229.It Ic broadcast
230For type b and m addresses (only), this
231command mobilizes a persistent broadcast mode association.
232Multiple
233commands can be used to specify multiple local broadcast interfaces
234(subnets) and/or multiple multicast groups.
235Note that local
236broadcast messages go only to the interface associated with the
237subnet specified, but multicast messages go to all interfaces.
238In broadcast mode the local server sends periodic broadcast
239messages to a client population at the
240.Ar address
241specified, which is usually the broadcast address on (one of) the
242local network(s) or a multicast address assigned to NTP.
243The IANA
244has assigned the multicast group address IPv4 224.0.1.1 and
245IPv6 ff05::101 (site local) exclusively to
246NTP, but other nonconflicting addresses can be used to contain the
247messages within administrative boundaries.
248Ordinarily, this
249specification applies only to the local server operating as a
250sender; for operation as a broadcast client, see the
251.Ic broadcastclient
252or
253.Ic multicastclient
254commands
255below.
256.It Ic manycastclient
257For type m addresses (only), this command mobilizes a
258manycast client mode association for the multicast address
259specified.
260In this case a specific address must be supplied which
261matches the address used on the
262.Ic manycastserver
263command for
264the designated manycast servers.
265The NTP multicast address
266224.0.1.1 assigned by the IANA should NOT be used, unless specific
267means are taken to avoid spraying large areas of the Internet with
268these messages and causing a possibly massive implosion of replies
269at the sender.
270The
271.Ic manycastserver
272command specifies that the local server
273is to operate in client mode with the remote servers that are
274discovered as the result of broadcast/multicast messages.
275The
276client broadcasts a request message to the group address associated
277with the specified
278.Ar address
279and specifically enabled
280servers respond to these messages.
281The client selects the servers
282providing the best time and continues as with the
283.Ic server
284command.
285The remaining servers are discarded as if never
286heard.
287.El
288.Pp
289Options:
290.Bl -tag -width indent
291.It Cm autokey
292All packets sent to and received from the server or peer are to
293include authentication fields encrypted using the autokey scheme
294described in
295.Sx Authentication Options .
296.It Cm burst
297when the server is reachable, send a burst of eight packets
298instead of the usual one.
299The packet spacing is normally 2 s;
300however, the spacing between the first and second packets
301can be changed with the
302.Ic calldelay
303command to allow
304additional time for a modem or ISDN call to complete.
305This is designed to improve timekeeping quality
306with the
307.Ic server
308command and s addresses.
309.It Cm iburst
310When the server is unreachable, send a burst of eight packets
311instead of the usual one.
312The packet spacing is normally 2 s;
313however, the spacing between the first two packets can be
314changed with the
315.Ic calldelay
316command to allow
317additional time for a modem or ISDN call to complete.
318This is designed to speed the initial synchronization
319acquisition with the
320.Ic server
321command and s addresses and when
322.Xr ntpd 1ntpdmdoc
323is started with the
324.Fl q
325option.
326.It Cm key Ar key
327All packets sent to and received from the server or peer are to
328include authentication fields encrypted using the specified
329.Ar key
330identifier with values from 1 to 65534, inclusive.
331The
332default is to include no encryption field.
333.It Cm minpoll Ar minpoll
334.It Cm maxpoll Ar maxpoll
335These options specify the minimum and maximum poll intervals
336for NTP messages, as a power of 2 in seconds
337The maximum poll
338interval defaults to 10 (1,024 s), but can be increased by the
339.Cm maxpoll
340option to an upper limit of 17 (36.4 h).
341The
342minimum poll interval defaults to 6 (64 s), but can be decreased by
343the
344.Cm minpoll
345option to a lower limit of 4 (16 s).
346.It Cm noselect
347Marks the server as unused, except for display purposes.
348The server is discarded by the selection algroithm.
349.It Cm preempt
350Says the association can be preempted.
351.It Cm true
352Marks the server as a truechimer.
353Use this option only for testing.
354.It Cm prefer
355Marks the server as preferred.
356All other things being equal,
357this host will be chosen for synchronization among a set of
358correctly operating hosts.
359See the
360.Qq Mitigation Rules and the prefer Keyword
361page
362(available as part of the HTML documentation
363provided in
364.Pa /usr/share/doc/ntp )
365for further information.
366.It Cm true
367Forces the association to always survive the selection and clustering algorithms.
368This option should almost certainly
369.Em only
370be used while testing an association.
371.It Cm ttl Ar ttl
372This option is used only with broadcast server and manycast
373client modes.
374It specifies the time-to-live
375.Ar ttl
376to
377use on broadcast server and multicast server and the maximum
378.Ar ttl
379for the expanding ring search with manycast
380client packets.
381Selection of the proper value, which defaults to
382127, is something of a black art and should be coordinated with the
383network administrator.
384.It Cm version Ar version
385Specifies the version number to be used for outgoing NTP
386packets.
387Versions 1-4 are the choices, with version 4 the
388default.
389.It Cm xleave
390Valid in
391.Cm peer
392and
393.Cm broadcast
394modes only, this flag enables interleave mode.
395.El
396.Ss Auxiliary Commands
397.Bl -tag -width indent
398.It Ic broadcastclient
399This command enables reception of broadcast server messages to
400any local interface (type b) address.
401Upon receiving a message for
402the first time, the broadcast client measures the nominal server
403propagation delay using a brief client/server exchange with the
404server, then enters the broadcast client mode, in which it
405synchronizes to succeeding broadcast messages.
406Note that, in order
407to avoid accidental or malicious disruption in this mode, both the
408server and client should operate using symmetric-key or public-key
409authentication as described in
410.Sx Authentication Options .
411.It Ic manycastserver Ar address ...
412This command enables reception of manycast client messages to
413the multicast group address(es) (type m) specified.
414At least one
415address is required, but the NTP multicast address 224.0.1.1
416assigned by the IANA should NOT be used, unless specific means are
417taken to limit the span of the reply and avoid a possibly massive
418implosion at the original sender.
419Note that, in order to avoid
420accidental or malicious disruption in this mode, both the server
421and client should operate using symmetric-key or public-key
422authentication as described in
423.Sx Authentication Options .
424.It Ic multicastclient Ar address ...
425This command enables reception of multicast server messages to
426the multicast group address(es) (type m) specified.
427Upon receiving
428a message for the first time, the multicast client measures the
429nominal server propagation delay using a brief client/server
430exchange with the server, then enters the broadcast client mode, in
431which it synchronizes to succeeding multicast messages.
432Note that,
433in order to avoid accidental or malicious disruption in this mode,
434both the server and client should operate using symmetric-key or
435public-key authentication as described in
436.Sx Authentication Options .
437.It Ic mdnstries Ar number
438If we are participating in mDNS,
439after we have synched for the first time
440we attempt to register with the mDNS system.
441If that registration attempt fails,
442we try again at one minute intervals for up to
443.Ic mdnstries
444times.
445After all,
446.Ic ntpd
447may be starting before mDNS.
448The default value for
449.Ic mdnstries
450is 5.
451.El
452.Sh Authentication Support
453Authentication support allows the NTP client to verify that the
454server is in fact known and trusted and not an intruder intending
455accidentally or on purpose to masquerade as that server.
456The NTPv3
457specification RFC-1305 defines a scheme which provides
458cryptographic authentication of received NTP packets.
459Originally,
460this was done using the Data Encryption Standard (DES) algorithm
461operating in Cipher Block Chaining (CBC) mode, commonly called
462DES-CBC.
463Subsequently, this was replaced by the RSA Message Digest
4645 (MD5) algorithm using a private key, commonly called keyed-MD5.
465Either algorithm computes a message digest, or one-way hash, which
466can be used to verify the server has the correct private key and
467key identifier.
468.Pp
469NTPv4 retains the NTPv3 scheme, properly described as symmetric key
470cryptography and, in addition, provides a new Autokey scheme
471based on public key cryptography.
472Public key cryptography is generally considered more secure
473than symmetric key cryptography, since the security is based
474on a private value which is generated by each server and
475never revealed.
476With Autokey all key distribution and
477management functions involve only public values, which
478considerably simplifies key distribution and storage.
479Public key management is based on X.509 certificates,
480which can be provided by commercial services or
481produced by utility programs in the OpenSSL software library
482or the NTPv4 distribution.
483.Pp
484While the algorithms for symmetric key cryptography are
485included in the NTPv4 distribution, public key cryptography
486requires the OpenSSL software library to be installed
487before building the NTP distribution.
488Directions for doing that
489are on the Building and Installing the Distribution page.
490.Pp
491Authentication is configured separately for each association
492using the
493.Cm key
494or
495.Cm autokey
496subcommand on the
497.Ic peer ,
498.Ic server ,
499.Ic broadcast
500and
501.Ic manycastclient
502configuration commands as described in
503.Sx Configuration Options
504page.
505The authentication
506options described below specify the locations of the key files,
507if other than default, which symmetric keys are trusted
508and the interval between various operations, if other than default.
509.Pp
510Authentication is always enabled,
511although ineffective if not configured as
512described below.
513If a NTP packet arrives
514including a message authentication
515code (MAC), it is accepted only if it
516passes all cryptographic checks.
517The
518checks require correct key ID, key value
519and message digest.
520If the packet has
521been modified in any way or replayed
522by an intruder, it will fail one or more
523of these checks and be discarded.
524Furthermore, the Autokey scheme requires a
525preliminary protocol exchange to obtain
526the server certificate, verify its
527credentials and initialize the protocol
528.Pp
529The
530.Cm auth
531flag controls whether new associations or
532remote configuration commands require cryptographic authentication.
533This flag can be set or reset by the
534.Ic enable
535and
536.Ic disable
537commands and also by remote
538configuration commands sent by a
539.Xr ntpdc 1ntpdcmdoc
540program running on
541another machine.
542If this flag is enabled, which is the default
543case, new broadcast client and symmetric passive associations and
544remote configuration commands must be cryptographically
545authenticated using either symmetric key or public key cryptography.
546If this
547flag is disabled, these operations are effective
548even if not cryptographic
549authenticated.
550It should be understood
551that operating with the
552.Ic auth
553flag disabled invites a significant vulnerability
554where a rogue hacker can
555masquerade as a falseticker and seriously
556disrupt system timekeeping.
557It is
558important to note that this flag has no purpose
559other than to allow or disallow
560a new association in response to new broadcast
561and symmetric active messages
562and remote configuration commands and, in particular,
563the flag has no effect on
564the authentication process itself.
565.Pp
566An attractive alternative where multicast support is available
567is manycast mode, in which clients periodically troll
568for servers as described in the
569.Sx Automatic NTP Configuration Options
570page.
571Either symmetric key or public key
572cryptographic authentication can be used in this mode.
573The principle advantage
574of manycast mode is that potential servers need not be
575configured in advance,
576since the client finds them during regular operation,
577and the configuration
578files for all clients can be identical.
579.Pp
580The security model and protocol schemes for
581both symmetric key and public key
582cryptography are summarized below;
583further details are in the briefings, papers
584and reports at the NTP project page linked from
585.Li http://www.ntp.org/ .
586.Ss Symmetric-Key Cryptography
587The original RFC-1305 specification allows any one of possibly
58865,534 keys, each distinguished by a 32-bit key identifier, to
589authenticate an association.
590The servers and clients involved must
591agree on the key and key identifier to
592authenticate NTP packets.
593Keys and
594related information are specified in a key
595file, usually called
596.Pa ntp.keys ,
597which must be distributed and stored using
598secure means beyond the scope of the NTP protocol itself.
599Besides the keys used
600for ordinary NTP associations,
601additional keys can be used as passwords for the
602.Xr ntpq 1ntpqmdoc
603and
604.Xr ntpdc 1ntpdcmdoc
605utility programs.
606.Pp
607When
608.Xr ntpd 1ntpdmdoc
609is first started, it reads the key file specified in the
610.Ic keys
611configuration command and installs the keys
612in the key cache.
613However,
614individual keys must be activated with the
615.Ic trusted
616command before use.
617This
618allows, for instance, the installation of possibly
619several batches of keys and
620then activating or deactivating each batch
621remotely using
622.Xr ntpdc 1ntpdcmdoc .
623This also provides a revocation capability that can be used
624if a key becomes compromised.
625The
626.Ic requestkey
627command selects the key used as the password for the
628.Xr ntpdc 1ntpdcmdoc
629utility, while the
630.Ic controlkey
631command selects the key used as the password for the
632.Xr ntpq 1ntpqmdoc
633utility.
634.Ss Public Key Cryptography
635NTPv4 supports the original NTPv3 symmetric key scheme
636described in RFC-1305 and in addition the Autokey protocol,
637which is based on public key cryptography.
638The Autokey Version 2 protocol described on the Autokey Protocol
639page verifies packet integrity using MD5 message digests
640and verifies the source with digital signatures and any of several
641digest/signature schemes.
642Optional identity schemes described on the Identity Schemes
643page and based on cryptographic challenge/response algorithms
644are also available.
645Using all of these schemes provides strong security against
646replay with or without modification, spoofing, masquerade
647and most forms of clogging attacks.
648.\" .Pp
649.\" The cryptographic means necessary for all Autokey operations
650.\" is provided by the OpenSSL software library.
651.\" This library is available from http://www.openssl.org/
652.\" and can be installed using the procedures outlined
653.\" in the Building and Installing the Distribution page.
654.\" Once installed,
655.\" the configure and build
656.\" process automatically detects the library and links
657.\" the library routines required.
658.Pp
659The Autokey protocol has several modes of operation
660corresponding to the various NTP modes supported.
661Most modes use a special cookie which can be
662computed independently by the client and server,
663but encrypted in transmission.
664All modes use in addition a variant of the S-KEY scheme,
665in which a pseudo-random key list is generated and used
666in reverse order.
667These schemes are described along with an executive summary,
668current status, briefing slides and reading list on the
669.Sx Autonomous Authentication
670page.
671.Pp
672The specific cryptographic environment used by Autokey servers
673and clients is determined by a set of files
674and soft links generated by the
675.Xr ntp-keygen 1ntpkeygenmdoc
676program.
677This includes a required host key file,
678required certificate file and optional sign key file,
679leapsecond file and identity scheme files.
680The
681digest/signature scheme is specified in the X.509 certificate
682along with the matching sign key.
683There are several schemes
684available in the OpenSSL software library, each identified
685by a specific string such as
686.Cm md5WithRSAEncryption ,
687which stands for the MD5 message digest with RSA
688encryption scheme.
689The current NTP distribution supports
690all the schemes in the OpenSSL library, including
691those based on RSA and DSA digital signatures.
692.Pp
693NTP secure groups can be used to define cryptographic compartments
694and security hierarchies.
695It is important that every host
696in the group be able to construct a certificate trail to one
697or more trusted hosts in the same group.
698Each group
699host runs the Autokey protocol to obtain the certificates
700for all hosts along the trail to one or more trusted hosts.
701This requires the configuration file in all hosts to be
702engineered so that, even under anticipated failure conditions,
703the NTP subnet will form such that every group host can find
704a trail to at least one trusted host.
705.Ss Naming and Addressing
706It is important to note that Autokey does not use DNS to
707resolve addresses, since DNS can't be completely trusted
708until the name servers have synchronized clocks.
709The cryptographic name used by Autokey to bind the host identity
710credentials and cryptographic values must be independent
711of interface, network and any other naming convention.
712The name appears in the host certificate in either or both
713the subject and issuer fields, so protection against
714DNS compromise is essential.
715.Pp
716By convention, the name of an Autokey host is the name returned
717by the Unix
718.Xr gethostname 2
719system call or equivalent in other systems.
720By the system design
721model, there are no provisions to allow alternate names or aliases.
722However, this is not to say that DNS aliases, different names
723for each interface, etc., are constrained in any way.
724.Pp
725It is also important to note that Autokey verifies authenticity
726using the host name, network address and public keys,
727all of which are bound together by the protocol specifically
728to deflect masquerade attacks.
729For this reason Autokey
730includes the source and destination IP addresses in message digest
731computations and so the same addresses must be available
732at both the server and client.
733For this reason operation
734with network address translation schemes is not possible.
735This reflects the intended robust security model where government
736and corporate NTP servers are operated outside firewall perimeters.
737.Ss Operation
738A specific combination of authentication scheme (none,
739symmetric key, public key) and identity scheme is called
740a cryptotype, although not all combinations are compatible.
741There may be management configurations where the clients,
742servers and peers may not all support the same cryptotypes.
743A secure NTPv4 subnet can be configured in many ways while
744keeping in mind the principles explained above and
745in this section.
746Note however that some cryptotype
747combinations may successfully interoperate with each other,
748but may not represent good security practice.
749.Pp
750The cryptotype of an association is determined at the time
751of mobilization, either at configuration time or some time
752later when a message of appropriate cryptotype arrives.
753When mobilized by a
754.Ic server
755or
756.Ic peer
757configuration command and no
758.Ic key
759or
760.Ic autokey
761subcommands are present, the association is not
762authenticated; if the
763.Ic key
764subcommand is present, the association is authenticated
765using the symmetric key ID specified; if the
766.Ic autokey
767subcommand is present, the association is authenticated
768using Autokey.
769.Pp
770When multiple identity schemes are supported in the Autokey
771protocol, the first message exchange determines which one is used.
772The client request message contains bits corresponding
773to which schemes it has available.
774The server response message
775contains bits corresponding to which schemes it has available.
776Both server and client match the received bits with their own
777and select a common scheme.
778.Pp
779Following the principle that time is a public value,
780a server responds to any client packet that matches
781its cryptotype capabilities.
782Thus, a server receiving
783an unauthenticated packet will respond with an unauthenticated
784packet, while the same server receiving a packet of a cryptotype
785it supports will respond with packets of that cryptotype.
786However, unconfigured broadcast or manycast client
787associations or symmetric passive associations will not be
788mobilized unless the server supports a cryptotype compatible
789with the first packet received.
790By default, unauthenticated associations will not be mobilized
791unless overridden in a decidedly dangerous way.
792.Pp
793Some examples may help to reduce confusion.
794Client Alice has no specific cryptotype selected.
795Server Bob has both a symmetric key file and minimal Autokey files.
796Alice's unauthenticated messages arrive at Bob, who replies with
797unauthenticated messages.
798Cathy has a copy of Bob's symmetric
799key file and has selected key ID 4 in messages to Bob.
800Bob verifies the message with his key ID 4.
801If it's the
802same key and the message is verified, Bob sends Cathy a reply
803authenticated with that key.
804If verification fails,
805Bob sends Cathy a thing called a crypto-NAK, which tells her
806something broke.
807She can see the evidence using the
808.Xr ntpq 1ntpqmdoc
809program.
810.Pp
811Denise has rolled her own host key and certificate.
812She also uses one of the identity schemes as Bob.
813She sends the first Autokey message to Bob and they
814both dance the protocol authentication and identity steps.
815If all comes out okay, Denise and Bob continue as described above.
816.Pp
817It should be clear from the above that Bob can support
818all the girls at the same time, as long as he has compatible
819authentication and identity credentials.
820Now, Bob can act just like the girls in his own choice of servers;
821he can run multiple configured associations with multiple different
822servers (or the same server, although that might not be useful).
823But, wise security policy might preclude some cryptotype
824combinations; for instance, running an identity scheme
825with one server and no authentication with another might not be wise.
826.Ss Key Management
827The cryptographic values used by the Autokey protocol are
828incorporated as a set of files generated by the
829.Xr ntp-keygen 1ntpkeygenmdoc
830utility program, including symmetric key, host key and
831public certificate files, as well as sign key, identity parameters
832and leapseconds files.
833Alternatively, host and sign keys and
834certificate files can be generated by the OpenSSL utilities
835and certificates can be imported from public certificate
836authorities.
837Note that symmetric keys are necessary for the
838.Xr ntpq 1ntpqmdoc
839and
840.Xr ntpdc 1ntpdcmdoc
841utility programs.
842The remaining files are necessary only for the
843Autokey protocol.
844.Pp
845Certificates imported from OpenSSL or public certificate
846authorities have certian limitations.
847The certificate should be in ASN.1 syntax, X.509 Version 3
848format and encoded in PEM, which is the same format
849used by OpenSSL.
850The overall length of the certificate encoded
851in ASN.1 must not exceed 1024 bytes.
852The subject distinguished
853name field (CN) is the fully qualified name of the host
854on which it is used; the remaining subject fields are ignored.
855The certificate extension fields must not contain either
856a subject key identifier or a issuer key identifier field;
857however, an extended key usage field for a trusted host must
858contain the value
859.Cm trustRoot ; .
860Other extension fields are ignored.
861.Ss Authentication Commands
862.Bl -tag -width indent
863.It Ic autokey Op Ar logsec
864Specifies the interval between regenerations of the session key
865list used with the Autokey protocol.
866Note that the size of the key
867list for each association depends on this interval and the current
868poll interval.
869The default value is 12 (4096 s or about 1.1 hours).
870For poll intervals above the specified interval, a session key list
871with a single entry will be regenerated for every message
872sent.
873.It Ic controlkey Ar key
874Specifies the key identifier to use with the
875.Xr ntpq 1ntpqmdoc
876utility, which uses the standard
877protocol defined in RFC-1305.
878The
879.Ar key
880argument is
881the key identifier for a trusted key, where the value can be in the
882range 1 to 65,534, inclusive.
883.It Xo Ic crypto
884.Op Cm cert Ar file
885.Op Cm leap Ar file
886.Op Cm randfile Ar file
887.Op Cm host Ar file
888.Op Cm sign Ar file
889.Op Cm gq Ar file
890.Op Cm gqpar Ar file
891.Op Cm iffpar Ar file
892.Op Cm mvpar Ar file
893.Op Cm pw Ar password
894.Xc
895This command requires the OpenSSL library.
896It activates public key
897cryptography, selects the message digest and signature
898encryption scheme and loads the required private and public
899values described above.
900If one or more files are left unspecified,
901the default names are used as described above.
902Unless the complete path and name of the file are specified, the
903location of a file is relative to the keys directory specified
904in the
905.Ic keysdir
906command or default
907.Pa /usr/local/etc .
908Following are the subcommands:
909.Bl -tag -width indent
910.It Cm cert Ar file
911Specifies the location of the required host public certificate file.
912This overrides the link
913.Pa ntpkey_cert_ Ns Ar hostname
914in the keys directory.
915.It Cm gqpar Ar file
916Specifies the location of the optional GQ parameters file.
917This
918overrides the link
919.Pa ntpkey_gq_ Ns Ar hostname
920in the keys directory.
921.It Cm host Ar file
922Specifies the location of the required host key file.
923This overrides
924the link
925.Pa ntpkey_key_ Ns Ar hostname
926in the keys directory.
927.It Cm iffpar Ar file
928Specifies the location of the optional IFF parameters file.
929This overrides the link
930.Pa ntpkey_iff_ Ns Ar hostname
931in the keys directory.
932.It Cm leap Ar file
933Specifies the location of the optional leapsecond file.
934This overrides the link
935.Pa ntpkey_leap
936in the keys directory.
937.It Cm mvpar Ar file
938Specifies the location of the optional MV parameters file.
939This overrides the link
940.Pa ntpkey_mv_ Ns Ar hostname
941in the keys directory.
942.It Cm pw Ar password
943Specifies the password to decrypt files containing private keys and
944identity parameters.
945This is required only if these files have been
946encrypted.
947.It Cm randfile Ar file
948Specifies the location of the random seed file used by the OpenSSL
949library.
950The defaults are described in the main text above.
951.It Cm sign Ar file
952Specifies the location of the optional sign key file.
953This overrides
954the link
955.Pa ntpkey_sign_ Ns Ar hostname
956in the keys directory.
957If this file is
958not found, the host key is also the sign key.
959.El
960.It Ic keys Ar keyfile
961Specifies the complete path and location of the MD5 key file
962containing the keys and key identifiers used by
963.Xr ntpd 1ntpdmdoc ,
964.Xr ntpq 1ntpqmdoc
965and
966.Xr ntpdc 1ntpdcmdoc
967when operating with symmetric key cryptography.
968This is the same operation as the
969.Fl k
970command line option.
971.It Ic keysdir Ar path
972This command specifies the default directory path for
973cryptographic keys, parameters and certificates.
974The default is
975.Pa /usr/local/etc/ .
976.It Ic requestkey Ar key
977Specifies the key identifier to use with the
978.Xr ntpdc 1ntpdcmdoc
979utility program, which uses a
980proprietary protocol specific to this implementation of
981.Xr ntpd 1ntpdmdoc .
982The
983.Ar key
984argument is a key identifier
985for the trusted key, where the value can be in the range 1 to
98665,534, inclusive.
987.It Ic revoke Ar logsec
988Specifies the interval between re-randomization of certain
989cryptographic values used by the Autokey scheme, as a power of 2 in
990seconds.
991These values need to be updated frequently in order to
992deflect brute-force attacks on the algorithms of the scheme;
993however, updating some values is a relatively expensive operation.
994The default interval is 16 (65,536 s or about 18 hours).
995For poll
996intervals above the specified interval, the values will be updated
997for every message sent.
998.It Ic trustedkey Ar key ...
999Specifies the key identifiers which are trusted for the
1000purposes of authenticating peers with symmetric key cryptography,
1001as well as keys used by the
1002.Xr ntpq 1ntpqmdoc
1003and
1004.Xr ntpdc 1ntpdcmdoc
1005programs.
1006The authentication procedures require that both the local
1007and remote servers share the same key and key identifier for this
1008purpose, although different keys can be used with different
1009servers.
1010The
1011.Ar key
1012arguments are 32-bit unsigned
1013integers with values from 1 to 65,534.
1014.El
1015.Ss Error Codes
1016The following error codes are reported via the NTP control
1017and monitoring protocol trap mechanism.
1018.Bl -tag -width indent
1019.It 101
1020.Pq bad field format or length
1021The packet has invalid version, length or format.
1022.It 102
1023.Pq bad timestamp
1024The packet timestamp is the same or older than the most recent received.
1025This could be due to a replay or a server clock time step.
1026.It 103
1027.Pq bad filestamp
1028The packet filestamp is the same or older than the most recent received.
1029This could be due to a replay or a key file generation error.
1030.It 104
1031.Pq bad or missing public key
1032The public key is missing, has incorrect format or is an unsupported type.
1033.It 105
1034.Pq unsupported digest type
1035The server requires an unsupported digest/signature scheme.
1036.It 106
1037.Pq mismatched digest types
1038Not used.
1039.It 107
1040.Pq bad signature length
1041The signature length does not match the current public key.
1042.It 108
1043.Pq signature not verified
1044The message fails the signature check.
1045It could be bogus or signed by a
1046different private key.
1047.It 109
1048.Pq certificate not verified
1049The certificate is invalid or signed with the wrong key.
1050.It 110
1051.Pq certificate not verified
1052The certificate is not yet valid or has expired or the signature could not
1053be verified.
1054.It 111
1055.Pq bad or missing cookie
1056The cookie is missing, corrupted or bogus.
1057.It 112
1058.Pq bad or missing leapseconds table
1059The leapseconds table is missing, corrupted or bogus.
1060.It 113
1061.Pq bad or missing certificate
1062The certificate is missing, corrupted or bogus.
1063.It 114
1064.Pq bad or missing identity
1065The identity key is missing, corrupt or bogus.
1066.El
1067.Sh Monitoring Support
1068.Xr ntpd 1ntpdmdoc
1069includes a comprehensive monitoring facility suitable
1070for continuous, long term recording of server and client
1071timekeeping performance.
1072See the
1073.Ic statistics
1074command below
1075for a listing and example of each type of statistics currently
1076supported.
1077Statistic files are managed using file generation sets
1078and scripts in the
1079.Pa ./scripts
1080directory of the source code distribution.
1081Using
1082these facilities and
1083.Ux
1084.Xr cron 8
1085jobs, the data can be
1086automatically summarized and archived for retrospective analysis.
1087.Ss Monitoring Commands
1088.Bl -tag -width indent
1089.It Ic statistics Ar name ...
1090Enables writing of statistics records.
1091Currently, eight kinds of
1092.Ar name
1093statistics are supported.
1094.Bl -tag -width indent
1095.It Cm clockstats
1096Enables recording of clock driver statistics information.
1097Each update
1098received from a clock driver appends a line of the following form to
1099the file generation set named
1100.Cm clockstats :
1101.Bd -literal
110249213 525.624 127.127.4.1 93 226 00:08:29.606 D
1103.Ed
1104.Pp
1105The first two fields show the date (Modified Julian Day) and time
1106(seconds and fraction past UTC midnight).
1107The next field shows the
1108clock address in dotted-quad notation.
1109The final field shows the last
1110timecode received from the clock in decoded ASCII format, where
1111meaningful.
1112In some clock drivers a good deal of additional information
1113can be gathered and displayed as well.
1114See information specific to each
1115clock for further details.
1116.It Cm cryptostats
1117This option requires the OpenSSL cryptographic software library.
1118It
1119enables recording of cryptographic public key protocol information.
1120Each message received by the protocol module appends a line of the
1121following form to the file generation set named
1122.Cm cryptostats :
1123.Bd -literal
112449213 525.624 127.127.4.1 message
1125.Ed
1126.Pp
1127The first two fields show the date (Modified Julian Day) and time
1128(seconds and fraction past UTC midnight).
1129The next field shows the peer
1130address in dotted-quad notation, The final message field includes the
1131message type and certain ancillary information.
1132See the
1133.Sx Authentication Options
1134section for further information.
1135.It Cm loopstats
1136Enables recording of loop filter statistics information.
1137Each
1138update of the local clock outputs a line of the following form to
1139the file generation set named
1140.Cm loopstats :
1141.Bd -literal
114250935 75440.031 0.000006019 13.778190 0.000351733 0.0133806
1143.Ed
1144.Pp
1145The first two fields show the date (Modified Julian Day) and
1146time (seconds and fraction past UTC midnight).
1147The next five fields
1148show time offset (seconds), frequency offset (parts per million -
1149PPM), RMS jitter (seconds), Allan deviation (PPM) and clock
1150discipline time constant.
1151.It Cm peerstats
1152Enables recording of peer statistics information.
1153This includes
1154statistics records of all peers of a NTP server and of special
1155signals, where present and configured.
1156Each valid update appends a
1157line of the following form to the current element of a file
1158generation set named
1159.Cm peerstats :
1160.Bd -literal
116148773 10847.650 127.127.4.1 9714 -0.001605376 0.000000000 0.001424877 0.000958674
1162.Ed
1163.Pp
1164The first two fields show the date (Modified Julian Day) and
1165time (seconds and fraction past UTC midnight).
1166The next two fields
1167show the peer address in dotted-quad notation and status,
1168respectively.
1169The status field is encoded in hex in the format
1170described in Appendix A of the NTP specification RFC 1305.
1171The final four fields show the offset,
1172delay, dispersion and RMS jitter, all in seconds.
1173.It Cm rawstats
1174Enables recording of raw-timestamp statistics information.
1175This
1176includes statistics records of all peers of a NTP server and of
1177special signals, where present and configured.
1178Each NTP message
1179received from a peer or clock driver appends a line of the
1180following form to the file generation set named
1181.Cm rawstats :
1182.Bd -literal
118350928 2132.543 128.4.1.1 128.4.1.20 3102453281.584327000 3102453281.58622800031 02453332.540806000 3102453332.541458000
1184.Ed
1185.Pp
1186The first two fields show the date (Modified Julian Day) and
1187time (seconds and fraction past UTC midnight).
1188The next two fields
1189show the remote peer or clock address followed by the local address
1190in dotted-quad notation.
1191The final four fields show the originate,
1192receive, transmit and final NTP timestamps in order.
1193The timestamp
1194values are as received and before processing by the various data
1195smoothing and mitigation algorithms.
1196.It Cm sysstats
1197Enables recording of ntpd statistics counters on a periodic basis.
1198Each
1199hour a line of the following form is appended to the file generation
1200set named
1201.Cm sysstats :
1202.Bd -literal
120350928 2132.543 36000 81965 0 9546 56 71793 512 540 10 147
1204.Ed
1205.Pp
1206The first two fields show the date (Modified Julian Day) and time
1207(seconds and fraction past UTC midnight).
1208The remaining ten fields show
1209the statistics counter values accumulated since the last generated
1210line.
1211.Bl -tag -width indent
1212.It Time since restart Cm 36000
1213Time in hours since the system was last rebooted.
1214.It Packets received Cm 81965
1215Total number of packets received.
1216.It Packets processed Cm 0
1217Number of packets received in response to previous packets sent
1218.It Current version Cm 9546
1219Number of packets matching the current NTP version.
1220.It Previous version Cm 56
1221Number of packets matching the previous NTP version.
1222.It Bad version Cm 71793
1223Number of packets matching neither NTP version.
1224.It Access denied Cm 512
1225Number of packets denied access for any reason.
1226.It Bad length or format Cm 540
1227Number of packets with invalid length, format or port number.
1228.It Bad authentication Cm 10
1229Number of packets not verified as authentic.
1230.It Rate exceeded Cm 147
1231Number of packets discarded due to rate limitation.
1232.El
1233.It Cm statsdir Ar directory_path
1234Indicates the full path of a directory where statistics files
1235should be created (see below).
1236This keyword allows
1237the (otherwise constant)
1238.Cm filegen
1239filename prefix to be modified for file generation sets, which
1240is useful for handling statistics logs.
1241.It Cm filegen Ar name Xo
1242.Op Cm file Ar filename
1243.Op Cm type Ar typename
1244.Op Cm link | nolink
1245.Op Cm enable | disable
1246.Xc
1247Configures setting of generation file set name.
1248Generation
1249file sets provide a means for handling files that are
1250continuously growing during the lifetime of a server.
1251Server statistics are a typical example for such files.
1252Generation file sets provide access to a set of files used
1253to store the actual data.
1254At any time at most one element
1255of the set is being written to.
1256The type given specifies
1257when and how data will be directed to a new element of the set.
1258This way, information stored in elements of a file set
1259that are currently unused are available for administrational
1260operations without the risk of disturbing the operation of ntpd.
1261(Most important: they can be removed to free space for new data
1262produced.)
1263.Pp
1264Note that this command can be sent from the
1265.Xr ntpdc 1ntpdcmdoc
1266program running at a remote location.
1267.Bl -tag -width indent
1268.It Cm name
1269This is the type of the statistics records, as shown in the
1270.Cm statistics
1271command.
1272.It Cm file Ar filename
1273This is the file name for the statistics records.
1274Filenames of set
1275members are built from three concatenated elements
1276.Ar Cm prefix ,
1277.Ar Cm filename
1278and
1279.Ar Cm suffix :
1280.Bl -tag -width indent
1281.It Cm prefix
1282This is a constant filename path.
1283It is not subject to
1284modifications via the
1285.Ar filegen
1286option.
1287It is defined by the
1288server, usually specified as a compile-time constant.
1289It may,
1290however, be configurable for individual file generation sets
1291via other commands.
1292For example, the prefix used with
1293.Ar loopstats
1294and
1295.Ar peerstats
1296generation can be configured using the
1297.Ar statsdir
1298option explained above.
1299.It Cm filename
1300This string is directly concatenated to the prefix mentioned
1301above (no intervening
1302.Ql / ) .
1303This can be modified using
1304the file argument to the
1305.Ar filegen
1306statement.
1307No
1308.Pa ..
1309elements are
1310allowed in this component to prevent filenames referring to
1311parts outside the filesystem hierarchy denoted by
1312.Ar prefix .
1313.It Cm suffix
1314This part is reflects individual elements of a file set.
1315It is
1316generated according to the type of a file set.
1317.El
1318.It Cm type Ar typename
1319A file generation set is characterized by its type.
1320The following
1321types are supported:
1322.Bl -tag -width indent
1323.It Cm none
1324The file set is actually a single plain file.
1325.It Cm pid
1326One element of file set is used per incarnation of a ntpd
1327server.
1328This type does not perform any changes to file set
1329members during runtime, however it provides an easy way of
1330separating files belonging to different
1331.Xr ntpd 1ntpdmdoc
1332server incarnations.
1333The set member filename is built by appending a
1334.Ql \&.
1335to concatenated
1336.Ar prefix
1337and
1338.Ar filename
1339strings, and
1340appending the decimal representation of the process ID of the
1341.Xr ntpd 1ntpdmdoc
1342server process.
1343.It Cm day
1344One file generation set element is created per day.
1345A day is
1346defined as the period between 00:00 and 24:00 UTC.
1347The file set
1348member suffix consists of a
1349.Ql \&.
1350and a day specification in
1351the form
1352.Cm YYYYMMdd .
1353.Cm YYYY
1354is a 4-digit year number (e.g., 1992).
1355.Cm MM
1356is a two digit month number.
1357.Cm dd
1358is a two digit day number.
1359Thus, all information written at 10 December 1992 would end up
1360in a file named
1361.Ar prefix
1362.Ar filename Ns .19921210 .
1363.It Cm week
1364Any file set member contains data related to a certain week of
1365a year.
1366The term week is defined by computing day-of-year
1367modulo 7.
1368Elements of such a file generation set are
1369distinguished by appending the following suffix to the file set
1370filename base: A dot, a 4-digit year number, the letter
1371.Cm W ,
1372and a 2-digit week number.
1373For example, information from January,
137410th 1992 would end up in a file with suffix
1375.No . Ns Ar 1992W1 .
1376.It Cm month
1377One generation file set element is generated per month.
1378The
1379file name suffix consists of a dot, a 4-digit year number, and
1380a 2-digit month.
1381.It Cm year
1382One generation file element is generated per year.
1383The filename
1384suffix consists of a dot and a 4 digit year number.
1385.It Cm age
1386This type of file generation sets changes to a new element of
1387the file set every 24 hours of server operation.
1388The filename
1389suffix consists of a dot, the letter
1390.Cm a ,
1391and an 8-digit number.
1392This number is taken to be the number of seconds the server is
1393running at the start of the corresponding 24-hour period.
1394Information is only written to a file generation by specifying
1395.Cm enable ;
1396output is prevented by specifying
1397.Cm disable .
1398.El
1399.It Cm link | nolink
1400It is convenient to be able to access the current element of a file
1401generation set by a fixed name.
1402This feature is enabled by
1403specifying
1404.Cm link
1405and disabled using
1406.Cm nolink .
1407If link is specified, a
1408hard link from the current file set element to a file without
1409suffix is created.
1410When there is already a file with this name and
1411the number of links of this file is one, it is renamed appending a
1412dot, the letter
1413.Cm C ,
1414and the pid of the
1415.Xr ntpd 1ntpdmdoc
1416server process.
1417When the
1418number of links is greater than one, the file is unlinked.
1419This
1420allows the current file to be accessed by a constant name.
1421.It Cm enable \&| Cm disable
1422Enables or disables the recording function.
1423.El
1424.El
1425.El
1426.Sh Access Control Support
1427The
1428.Xr ntpd 1ntpdmdoc
1429daemon implements a general purpose address/mask based restriction
1430list.
1431The list contains address/match entries sorted first
1432by increasing address values and and then by increasing mask values.
1433A match occurs when the bitwise AND of the mask and the packet
1434source address is equal to the bitwise AND of the mask and
1435address in the list.
1436The list is searched in order with the
1437last match found defining the restriction flags associated
1438with the entry.
1439Additional information and examples can be found in the
1440.Qq Notes on Configuring NTP and Setting up a NTP Subnet
1441page
1442(available as part of the HTML documentation
1443provided in
1444.Pa /usr/share/doc/ntp ) .
1445.Pp
1446The restriction facility was implemented in conformance
1447with the access policies for the original NSFnet backbone
1448time servers.
1449Later the facility was expanded to deflect
1450cryptographic and clogging attacks.
1451While this facility may
1452be useful for keeping unwanted or broken or malicious clients
1453from congesting innocent servers, it should not be considered
1454an alternative to the NTP authentication facilities.
1455Source address based restrictions are easily circumvented
1456by a determined cracker.
1457.Pp
1458Clients can be denied service because they are explicitly
1459included in the restrict list created by the
1460.Ic restrict
1461command
1462or implicitly as the result of cryptographic or rate limit
1463violations.
1464Cryptographic violations include certificate
1465or identity verification failure; rate limit violations generally
1466result from defective NTP implementations that send packets
1467at abusive rates.
1468Some violations cause denied service
1469only for the offending packet, others cause denied service
1470for a timed period and others cause the denied service for
1471an indefinite period.
1472When a client or network is denied access
1473for an indefinite period, the only way at present to remove
1474the restrictions is by restarting the server.
1475.Ss The Kiss-of-Death Packet
1476Ordinarily, packets denied service are simply dropped with no
1477further action except incrementing statistics counters.
1478Sometimes a
1479more proactive response is needed, such as a server message that
1480explicitly requests the client to stop sending and leave a message
1481for the system operator.
1482A special packet format has been created
1483for this purpose called the "kiss-of-death" (KoD) packet.
1484KoD packets have the leap bits set unsynchronized and stratum set
1485to zero and the reference identifier field set to a four-byte
1486ASCII code.
1487If the
1488.Cm noserve
1489or
1490.Cm notrust
1491flag of the matching restrict list entry is set,
1492the code is "DENY"; if the
1493.Cm limited
1494flag is set and the rate limit
1495is exceeded, the code is "RATE".
1496Finally, if a cryptographic violation occurs, the code is "CRYP".
1497.Pp
1498A client receiving a KoD performs a set of sanity checks to
1499minimize security exposure, then updates the stratum and
1500reference identifier peer variables, sets the access
1501denied (TEST4) bit in the peer flash variable and sends
1502a message to the log.
1503As long as the TEST4 bit is set,
1504the client will send no further packets to the server.
1505The only way at present to recover from this condition is
1506to restart the protocol at both the client and server.
1507This
1508happens automatically at the client when the association times out.
1509It will happen at the server only if the server operator cooperates.
1510.Ss Access Control Commands
1511.Bl -tag -width indent
1512.It Xo Ic discard
1513.Op Cm average Ar avg
1514.Op Cm minimum Ar min
1515.Op Cm monitor Ar prob
1516.Xc
1517Set the parameters of the
1518.Cm limited
1519facility which protects the server from
1520client abuse.
1521The
1522.Cm average
1523subcommand specifies the minimum average packet
1524spacing, while the
1525.Cm minimum
1526subcommand specifies the minimum packet spacing.
1527Packets that violate these minima are discarded
1528and a kiss-o'-death packet returned if enabled.
1529The default
1530minimum average and minimum are 5 and 2, respectively.
1531The
1532.Ic monitor
1533subcommand specifies the probability of discard
1534for packets that overflow the rate-control window.
1535.It Xo Ic restrict address
1536.Op Cm mask Ar mask
1537.Op Ar flag ...
1538.Xc
1539The
1540.Ar address
1541argument expressed in
1542dotted-quad form is the address of a host or network.
1543Alternatively, the
1544.Ar address
1545argument can be a valid host DNS name.
1546The
1547.Ar mask
1548argument expressed in dotted-quad form defaults to
1549.Cm 255.255.255.255 ,
1550meaning that the
1551.Ar address
1552is treated as the address of an individual host.
1553A default entry (address
1554.Cm 0.0.0.0 ,
1555mask
1556.Cm 0.0.0.0 )
1557is always included and is always the first entry in the list.
1558Note that text string
1559.Cm default ,
1560with no mask option, may
1561be used to indicate the default entry.
1562In the current implementation,
1563.Cm flag
1564always
1565restricts access, i.e., an entry with no flags indicates that free
1566access to the server is to be given.
1567The flags are not orthogonal,
1568in that more restrictive flags will often make less restrictive
1569ones redundant.
1570The flags can generally be classed into two
1571categories, those which restrict time service and those which
1572restrict informational queries and attempts to do run-time
1573reconfiguration of the server.
1574One or more of the following flags
1575may be specified:
1576.Bl -tag -width indent
1577.It Cm ignore
1578Deny packets of all kinds, including
1579.Xr ntpq 1ntpqmdoc
1580and
1581.Xr ntpdc 1ntpdcmdoc
1582queries.
1583.It Cm kod
1584If this flag is set when an access violation occurs, a kiss-o'-death
1585(KoD) packet is sent.
1586KoD packets are rate limited to no more than one
1587per second.
1588If another KoD packet occurs within one second after the
1589last one, the packet is dropped.
1590.It Cm limited
1591Deny service if the packet spacing violates the lower limits specified
1592in the
1593.Ic discard
1594command.
1595A history of clients is kept using the
1596monitoring capability of
1597.Xr ntpd 1ntpdmdoc .
1598Thus, monitoring is always active as
1599long as there is a restriction entry with the
1600.Cm limited
1601flag.
1602.It Cm lowpriotrap
1603Declare traps set by matching hosts to be low priority.
1604The
1605number of traps a server can maintain is limited (the current limit
1606is 3).
1607Traps are usually assigned on a first come, first served
1608basis, with later trap requestors being denied service.
1609This flag
1610modifies the assignment algorithm by allowing low priority traps to
1611be overridden by later requests for normal priority traps.
1612.It Cm nomodify
1613Deny
1614.Xr ntpq 1ntpqmdoc
1615and
1616.Xr ntpdc 1ntpdcmdoc
1617queries which attempt to modify the state of the
1618server (i.e., run time reconfiguration).
1619Queries which return
1620information are permitted.
1621.It Cm noquery
1622Deny
1623.Xr ntpq 1ntpqmdoc
1624and
1625.Xr ntpdc 1ntpdcmdoc
1626queries.
1627Time service is not affected.
1628.It Cm nopeer
1629Deny packets which would result in mobilizing a new association.
1630This
1631includes broadcast and symmetric active packets when a configured
1632association does not exist.
1633It also includes
1634.Cm pool
1635associations, so if you want to use servers from a
1636.Cm pool
1637directive and also want to use
1638.Cm nopeer
1639by default, you'll want a
1640.Cm "restrict source ..." line as well that does
1641.It not
1642include the
1643.Cm nopeer
1644directive.
1645.It Cm noserve
1646Deny all packets except
1647.Xr ntpq 1ntpqmdoc
1648and
1649.Xr ntpdc 1ntpdcmdoc
1650queries.
1651.It Cm notrap
1652Decline to provide mode 6 control message trap service to matching
1653hosts.
1654The trap service is a subsystem of the
1655.Xr ntpq 1ntpqmdoc
1656control message
1657protocol which is intended for use by remote event logging programs.
1658.It Cm notrust
1659Deny service unless the packet is cryptographically authenticated.
1660.It Cm ntpport
1661This is actually a match algorithm modifier, rather than a
1662restriction flag.
1663Its presence causes the restriction entry to be
1664matched only if the source port in the packet is the standard NTP
1665UDP port (123).
1666Both
1667.Cm ntpport
1668and
1669.Cm non-ntpport
1670may
1671be specified.
1672The
1673.Cm ntpport
1674is considered more specific and
1675is sorted later in the list.
1676.It Cm version
1677Deny packets that do not match the current NTP version.
1678.El
1679.Pp
1680Default restriction list entries with the flags ignore, interface,
1681ntpport, for each of the local host's interface addresses are
1682inserted into the table at startup to prevent the server
1683from attempting to synchronize to its own time.
1684A default entry is also always present, though if it is
1685otherwise unconfigured; no flags are associated
1686with the default entry (i.e., everything besides your own
1687NTP server is unrestricted).
1688.El
1689.Sh Automatic NTP Configuration Options
1690.Ss Manycasting
1691Manycasting is a automatic discovery and configuration paradigm
1692new to NTPv4.
1693It is intended as a means for a multicast client
1694to troll the nearby network neighborhood to find cooperating
1695manycast servers, validate them using cryptographic means
1696and evaluate their time values with respect to other servers
1697that might be lurking in the vicinity.
1698The intended result is that each manycast client mobilizes
1699client associations with some number of the "best"
1700of the nearby manycast servers, yet automatically reconfigures
1701to sustain this number of servers should one or another fail.
1702.Pp
1703Note that the manycasting paradigm does not coincide
1704with the anycast paradigm described in RFC-1546,
1705which is designed to find a single server from a clique
1706of servers providing the same service.
1707The manycast paradigm is designed to find a plurality
1708of redundant servers satisfying defined optimality criteria.
1709.Pp
1710Manycasting can be used with either symmetric key
1711or public key cryptography.
1712The public key infrastructure (PKI)
1713offers the best protection against compromised keys
1714and is generally considered stronger, at least with relatively
1715large key sizes.
1716It is implemented using the Autokey protocol and
1717the OpenSSL cryptographic library available from
1718.Li http://www.openssl.org/ .
1719The library can also be used with other NTPv4 modes
1720as well and is highly recommended, especially for broadcast modes.
1721.Pp
1722A persistent manycast client association is configured
1723using the
1724.Ic manycastclient
1725command, which is similar to the
1726.Ic server
1727command but with a multicast (IPv4 class
1728.Cm D
1729or IPv6 prefix
1730.Cm FF )
1731group address.
1732The IANA has designated IPv4 address 224.1.1.1
1733and IPv6 address FF05::101 (site local) for NTP.
1734When more servers are needed, it broadcasts manycast
1735client messages to this address at the minimum feasible rate
1736and minimum feasible time-to-live (TTL) hops, depending
1737on how many servers have already been found.
1738There can be as many manycast client associations
1739as different group address, each one serving as a template
1740for a future ephemeral unicast client/server association.
1741.Pp
1742Manycast servers configured with the
1743.Ic manycastserver
1744command listen on the specified group address for manycast
1745client messages.
1746Note the distinction between manycast client,
1747which actively broadcasts messages, and manycast server,
1748which passively responds to them.
1749If a manycast server is
1750in scope of the current TTL and is itself synchronized
1751to a valid source and operating at a stratum level equal
1752to or lower than the manycast client, it replies to the
1753manycast client message with an ordinary unicast server message.
1754.Pp
1755The manycast client receiving this message mobilizes
1756an ephemeral client/server association according to the
1757matching manycast client template, but only if cryptographically
1758authenticated and the server stratum is less than or equal
1759to the client stratum.
1760Authentication is explicitly required
1761and either symmetric key or public key (Autokey) can be used.
1762Then, the client polls the server at its unicast address
1763in burst mode in order to reliably set the host clock
1764and validate the source.
1765This normally results
1766in a volley of eight client/server at 2-s intervals
1767during which both the synchronization and cryptographic
1768protocols run concurrently.
1769Following the volley,
1770the client runs the NTP intersection and clustering
1771algorithms, which act to discard all but the "best"
1772associations according to stratum and synchronization
1773distance.
1774The surviving associations then continue
1775in ordinary client/server mode.
1776.Pp
1777The manycast client polling strategy is designed to reduce
1778as much as possible the volume of manycast client messages
1779and the effects of implosion due to near-simultaneous
1780arrival of manycast server messages.
1781The strategy is determined by the
1782.Ic manycastclient ,
1783.Ic tos
1784and
1785.Ic ttl
1786configuration commands.
1787The manycast poll interval is
1788normally eight times the system poll interval,
1789which starts out at the
1790.Cm minpoll
1791value specified in the
1792.Ic manycastclient ,
1793command and, under normal circumstances, increments to the
1794.Cm maxpolll
1795value specified in this command.
1796Initially, the TTL is
1797set at the minimum hops specified by the
1798.Ic ttl
1799command.
1800At each retransmission the TTL is increased until reaching
1801the maximum hops specified by this command or a sufficient
1802number client associations have been found.
1803Further retransmissions use the same TTL.
1804.Pp
1805The quality and reliability of the suite of associations
1806discovered by the manycast client is determined by the NTP
1807mitigation algorithms and the
1808.Cm minclock
1809and
1810.Cm minsane
1811values specified in the
1812.Ic tos
1813configuration command.
1814At least
1815.Cm minsane
1816candidate servers must be available and the mitigation
1817algorithms produce at least
1818.Cm minclock
1819survivors in order to synchronize the clock.
1820Byzantine agreement principles require at least four
1821candidates in order to correctly discard a single falseticker.
1822For legacy purposes,
1823.Cm minsane
1824defaults to 1 and
1825.Cm minclock
1826defaults to 3.
1827For manycast service
1828.Cm minsane
1829should be explicitly set to 4, assuming at least that
1830number of servers are available.
1831.Pp
1832If at least
1833.Cm minclock
1834servers are found, the manycast poll interval is immediately
1835set to eight times
1836.Cm maxpoll .
1837If less than
1838.Cm minclock
1839servers are found when the TTL has reached the maximum hops,
1840the manycast poll interval is doubled.
1841For each transmission
1842after that, the poll interval is doubled again until
1843reaching the maximum of eight times
1844.Cm maxpoll .
1845Further transmissions use the same poll interval and
1846TTL values.
1847Note that while all this is going on,
1848each client/server association found is operating normally
1849it the system poll interval.
1850.Pp
1851Administratively scoped multicast boundaries are normally
1852specified by the network router configuration and,
1853in the case of IPv6, the link/site scope prefix.
1854By default, the increment for TTL hops is 32 starting
1855from 31; however, the
1856.Ic ttl
1857configuration command can be
1858used to modify the values to match the scope rules.
1859.Pp
1860It is often useful to narrow the range of acceptable
1861servers which can be found by manycast client associations.
1862Because manycast servers respond only when the client
1863stratum is equal to or greater than the server stratum,
1864primary (stratum 1) servers fill find only primary servers
1865in TTL range, which is probably the most common objective.
1866However, unless configured otherwise, all manycast clients
1867in TTL range will eventually find all primary servers
1868in TTL range, which is probably not the most common
1869objective in large networks.
1870The
1871.Ic tos
1872command can be used to modify this behavior.
1873Servers with stratum below
1874.Cm floor
1875or above
1876.Cm ceiling
1877specified in the
1878.Ic tos
1879command are strongly discouraged during the selection
1880process; however, these servers may be temporally
1881accepted if the number of servers within TTL range is
1882less than
1883.Cm minclock .
1884.Pp
1885The above actions occur for each manycast client message,
1886which repeats at the designated poll interval.
1887However, once the ephemeral client association is mobilized,
1888subsequent manycast server replies are discarded,
1889since that would result in a duplicate association.
1890If during a poll interval the number of client associations
1891falls below
1892.Cm minclock ,
1893all manycast client prototype associations are reset
1894to the initial poll interval and TTL hops and operation
1895resumes from the beginning.
1896It is important to avoid
1897frequent manycast client messages, since each one requires
1898all manycast servers in TTL range to respond.
1899The result could well be an implosion, either minor or major,
1900depending on the number of servers in range.
1901The recommended value for
1902.Cm maxpoll
1903is 12 (4,096 s).
1904.Pp
1905It is possible and frequently useful to configure a host
1906as both manycast client and manycast server.
1907A number of hosts configured this way and sharing a common
1908group address will automatically organize themselves
1909in an optimum configuration based on stratum and
1910synchronization distance.
1911For example, consider an NTP
1912subnet of two primary servers and a hundred or more
1913dependent clients.
1914With two exceptions, all servers
1915and clients have identical configuration files including both
1916.Ic multicastclient
1917and
1918.Ic multicastserver
1919commands using, for instance, multicast group address
1920239.1.1.1.
1921The only exception is that each primary server
1922configuration file must include commands for the primary
1923reference source such as a GPS receiver.
1924.Pp
1925The remaining configuration files for all secondary
1926servers and clients have the same contents, except for the
1927.Ic tos
1928command, which is specific for each stratum level.
1929For stratum 1 and stratum 2 servers, that command is
1930not necessary.
1931For stratum 3 and above servers the
1932.Cm floor
1933value is set to the intended stratum number.
1934Thus, all stratum 3 configuration files are identical,
1935all stratum 4 files are identical and so forth.
1936.Pp
1937Once operations have stabilized in this scenario,
1938the primary servers will find the primary reference source
1939and each other, since they both operate at the same
1940stratum (1), but not with any secondary server or client,
1941since these operate at a higher stratum.
1942The secondary
1943servers will find the servers at the same stratum level.
1944If one of the primary servers loses its GPS receiver,
1945it will continue to operate as a client and other clients
1946will time out the corresponding association and
1947re-associate accordingly.
1948.Pp
1949Some administrators prefer to avoid running
1950.Xr ntpd 1ntpdmdoc
1951continuously and run either
1952.Xr sntp 1sntpmdoc
1953or
1954.Xr ntpd 1ntpdmdoc
1955.Fl q
1956as a cron job.
1957In either case the servers must be
1958configured in advance and the program fails if none are
1959available when the cron job runs.
1960A really slick
1961application of manycast is with
1962.Xr ntpd 1ntpdmdoc
1963.Fl q .
1964The program wakes up, scans the local landscape looking
1965for the usual suspects, selects the best from among
1966the rascals, sets the clock and then departs.
1967Servers do not have to be configured in advance and
1968all clients throughout the network can have the same
1969configuration file.
1970.Ss Manycast Interactions with Autokey
1971Each time a manycast client sends a client mode packet
1972to a multicast group address, all manycast servers
1973in scope generate a reply including the host name
1974and status word.
1975The manycast clients then run
1976the Autokey protocol, which collects and verifies
1977all certificates involved.
1978Following the burst interval
1979all but three survivors are cast off,
1980but the certificates remain in the local cache.
1981It often happens that several complete signing trails
1982from the client to the primary servers are collected in this way.
1983.Pp
1984About once an hour or less often if the poll interval
1985exceeds this, the client regenerates the Autokey key list.
1986This is in general transparent in client/server mode.
1987However, about once per day the server private value
1988used to generate cookies is refreshed along with all
1989manycast client associations.
1990In this case all
1991cryptographic values including certificates is refreshed.
1992If a new certificate has been generated since
1993the last refresh epoch, it will automatically revoke
1994all prior certificates that happen to be in the
1995certificate cache.
1996At the same time, the manycast
1997scheme starts all over from the beginning and
1998the expanding ring shrinks to the minimum and increments
1999from there while collecting all servers in scope.
2000.Ss Manycast Options
2001.Bl -tag -width indent
2002.It Xo Ic tos
2003.Oo
2004.Cm ceiling Ar ceiling |
2005.Cm cohort { 0 | 1 } |
2006.Cm floor Ar floor |
2007.Cm minclock Ar minclock |
2008.Cm minsane Ar minsane
2009.Oc
2010.Xc
2011This command affects the clock selection and clustering
2012algorithms.
2013It can be used to select the quality and
2014quantity of peers used to synchronize the system clock
2015and is most useful in manycast mode.
2016The variables operate
2017as follows:
2018.Bl -tag -width indent
2019.It Cm ceiling Ar ceiling
2020Peers with strata above
2021.Cm ceiling
2022will be discarded if there are at least
2023.Cm minclock
2024peers remaining.
2025This value defaults to 15, but can be changed
2026to any number from 1 to 15.
2027.It Cm cohort Bro 0 | 1 Brc
2028This is a binary flag which enables (0) or disables (1)
2029manycast server replies to manycast clients with the same
2030stratum level.
2031This is useful to reduce implosions where
2032large numbers of clients with the same stratum level
2033are present.
2034The default is to enable these replies.
2035.It Cm floor Ar floor
2036Peers with strata below
2037.Cm floor
2038will be discarded if there are at least
2039.Cm minclock
2040peers remaining.
2041This value defaults to 1, but can be changed
2042to any number from 1 to 15.
2043.It Cm minclock Ar minclock
2044The clustering algorithm repeatedly casts out outlier
2045associations until no more than
2046.Cm minclock
2047associations remain.
2048This value defaults to 3,
2049but can be changed to any number from 1 to the number of
2050configured sources.
2051.It Cm minsane Ar minsane
2052This is the minimum number of candidates available
2053to the clock selection algorithm in order to produce
2054one or more truechimers for the clustering algorithm.
2055If fewer than this number are available, the clock is
2056undisciplined and allowed to run free.
2057The default is 1
2058for legacy purposes.
2059However, according to principles of
2060Byzantine agreement,
2061.Cm minsane
2062should be at least 4 in order to detect and discard
2063a single falseticker.
2064.El
2065.It Cm ttl Ar hop ...
2066This command specifies a list of TTL values in increasing
2067order, up to 8 values can be specified.
2068In manycast mode these values are used in turn
2069in an expanding-ring search.
2070The default is eight
2071multiples of 32 starting at 31.
2072.El
2073.Sh Reference Clock Support
2074The NTP Version 4 daemon supports some three dozen different radio,
2075satellite and modem reference clocks plus a special pseudo-clock
2076used for backup or when no other clock source is available.
2077Detailed descriptions of individual device drivers and options can
2078be found in the
2079.Qq Reference Clock Drivers
2080page
2081(available as part of the HTML documentation
2082provided in
2083.Pa /usr/share/doc/ntp ) .
2084Additional information can be found in the pages linked
2085there, including the
2086.Qq Debugging Hints for Reference Clock Drivers
2087and
2088.Qq How To Write a Reference Clock Driver
2089pages
2090(available as part of the HTML documentation
2091provided in
2092.Pa /usr/share/doc/ntp ) .
2093In addition, support for a PPS
2094signal is available as described in the
2095.Qq Pulse-per-second (PPS) Signal Interfacing
2096page
2097(available as part of the HTML documentation
2098provided in
2099.Pa /usr/share/doc/ntp ) .
2100Many
2101drivers support special line discipline/streams modules which can
2102significantly improve the accuracy using the driver.
2103These are
2104described in the
2105.Qq Line Disciplines and Streams Drivers
2106page
2107(available as part of the HTML documentation
2108provided in
2109.Pa /usr/share/doc/ntp ) .
2110.Pp
2111A reference clock will generally (though not always) be a radio
2112timecode receiver which is synchronized to a source of standard
2113time such as the services offered by the NRC in Canada and NIST and
2114USNO in the US.
2115The interface between the computer and the timecode
2116receiver is device dependent, but is usually a serial port.
2117A
2118device driver specific to each reference clock must be selected and
2119compiled in the distribution; however, most common radio, satellite
2120and modem clocks are included by default.
2121Note that an attempt to
2122configure a reference clock when the driver has not been compiled
2123or the hardware port has not been appropriately configured results
2124in a scalding remark to the system log file, but is otherwise non
2125hazardous.
2126.Pp
2127For the purposes of configuration,
2128.Xr ntpd 1ntpdmdoc
2129treats
2130reference clocks in a manner analogous to normal NTP peers as much
2131as possible.
2132Reference clocks are identified by a syntactically
2133correct but invalid IP address, in order to distinguish them from
2134normal NTP peers.
2135Reference clock addresses are of the form
2136.Sm off
2137.Li 127.127. Ar t . Ar u ,
2138.Sm on
2139where
2140.Ar t
2141is an integer
2142denoting the clock type and
2143.Ar u
2144indicates the unit
2145number in the range 0-3.
2146While it may seem overkill, it is in fact
2147sometimes useful to configure multiple reference clocks of the same
2148type, in which case the unit numbers must be unique.
2149.Pp
2150The
2151.Ic server
2152command is used to configure a reference
2153clock, where the
2154.Ar address
2155argument in that command
2156is the clock address.
2157The
2158.Cm key ,
2159.Cm version
2160and
2161.Cm ttl
2162options are not used for reference clock support.
2163The
2164.Cm mode
2165option is added for reference clock support, as
2166described below.
2167The
2168.Cm prefer
2169option can be useful to
2170persuade the server to cherish a reference clock with somewhat more
2171enthusiasm than other reference clocks or peers.
2172Further
2173information on this option can be found in the
2174.Qq Mitigation Rules and the prefer Keyword
2175(available as part of the HTML documentation
2176provided in
2177.Pa /usr/share/doc/ntp )
2178page.
2179The
2180.Cm minpoll
2181and
2182.Cm maxpoll
2183options have
2184meaning only for selected clock drivers.
2185See the individual clock
2186driver document pages for additional information.
2187.Pp
2188The
2189.Ic fudge
2190command is used to provide additional
2191information for individual clock drivers and normally follows
2192immediately after the
2193.Ic server
2194command.
2195The
2196.Ar address
2197argument specifies the clock address.
2198The
2199.Cm refid
2200and
2201.Cm stratum
2202options can be used to
2203override the defaults for the device.
2204There are two optional
2205device-dependent time offsets and four flags that can be included
2206in the
2207.Ic fudge
2208command as well.
2209.Pp
2210The stratum number of a reference clock is by default zero.
2211Since the
2212.Xr ntpd 1ntpdmdoc
2213daemon adds one to the stratum of each
2214peer, a primary server ordinarily displays an external stratum of
2215one.
2216In order to provide engineered backups, it is often useful to
2217specify the reference clock stratum as greater than zero.
2218The
2219.Cm stratum
2220option is used for this purpose.
2221Also, in cases
2222involving both a reference clock and a pulse-per-second (PPS)
2223discipline signal, it is useful to specify the reference clock
2224identifier as other than the default, depending on the driver.
2225The
2226.Cm refid
2227option is used for this purpose.
2228Except where noted,
2229these options apply to all clock drivers.
2230.Ss Reference Clock Commands
2231.Bl -tag -width indent
2232.It Xo Ic server
2233.Sm off
2234.Li 127.127. Ar t . Ar u
2235.Sm on
2236.Op Cm prefer
2237.Op Cm mode Ar int
2238.Op Cm minpoll Ar int
2239.Op Cm maxpoll Ar int
2240.Xc
2241This command can be used to configure reference clocks in
2242special ways.
2243The options are interpreted as follows:
2244.Bl -tag -width indent
2245.It Cm prefer
2246Marks the reference clock as preferred.
2247All other things being
2248equal, this host will be chosen for synchronization among a set of
2249correctly operating hosts.
2250See the
2251.Qq Mitigation Rules and the prefer Keyword
2252page
2253(available as part of the HTML documentation
2254provided in
2255.Pa /usr/share/doc/ntp )
2256for further information.
2257.It Cm mode Ar int
2258Specifies a mode number which is interpreted in a
2259device-specific fashion.
2260For instance, it selects a dialing
2261protocol in the ACTS driver and a device subtype in the
2262parse
2263drivers.
2264.It Cm minpoll Ar int
2265.It Cm maxpoll Ar int
2266These options specify the minimum and maximum polling interval
2267for reference clock messages, as a power of 2 in seconds
2268For
2269most directly connected reference clocks, both
2270.Cm minpoll
2271and
2272.Cm maxpoll
2273default to 6 (64 s).
2274For modem reference clocks,
2275.Cm minpoll
2276defaults to 10 (17.1 m) and
2277.Cm maxpoll
2278defaults to 14 (4.5 h).
2279The allowable range is 4 (16 s) to 17 (36.4 h) inclusive.
2280.El
2281.It Xo Ic fudge
2282.Sm off
2283.Li 127.127. Ar t . Ar u
2284.Sm on
2285.Op Cm time1 Ar sec
2286.Op Cm time2 Ar sec
2287.Op Cm stratum Ar int
2288.Op Cm refid Ar string
2289.Op Cm mode Ar int
2290.Op Cm flag1 Cm 0 \&| Cm 1
2291.Op Cm flag2 Cm 0 \&| Cm 1
2292.Op Cm flag3 Cm 0 \&| Cm 1
2293.Op Cm flag4 Cm 0 \&| Cm 1
2294.Xc
2295This command can be used to configure reference clocks in
2296special ways.
2297It must immediately follow the
2298.Ic server
2299command which configures the driver.
2300Note that the same capability
2301is possible at run time using the
2302.Xr ntpdc 1ntpdcmdoc
2303program.
2304The options are interpreted as
2305follows:
2306.Bl -tag -width indent
2307.It Cm time1 Ar sec
2308Specifies a constant to be added to the time offset produced by
2309the driver, a fixed-point decimal number in seconds.
2310This is used
2311as a calibration constant to adjust the nominal time offset of a
2312particular clock to agree with an external standard, such as a
2313precision PPS signal.
2314It also provides a way to correct a
2315systematic error or bias due to serial port or operating system
2316latencies, different cable lengths or receiver internal delay.
2317The
2318specified offset is in addition to the propagation delay provided
2319by other means, such as internal DIPswitches.
2320Where a calibration
2321for an individual system and driver is available, an approximate
2322correction is noted in the driver documentation pages.
2323Note: in order to facilitate calibration when more than one
2324radio clock or PPS signal is supported, a special calibration
2325feature is available.
2326It takes the form of an argument to the
2327.Ic enable
2328command described in
2329.Sx Miscellaneous Options
2330page and operates as described in the
2331.Qq Reference Clock Drivers
2332page
2333(available as part of the HTML documentation
2334provided in
2335.Pa /usr/share/doc/ntp ) .
2336.It Cm time2 Ar secs
2337Specifies a fixed-point decimal number in seconds, which is
2338interpreted in a driver-dependent way.
2339See the descriptions of
2340specific drivers in the
2341.Qq Reference Clock Drivers
2342page
2343(available as part of the HTML documentation
2344provided in
2345.Pa /usr/share/doc/ntp ) .
2346.It Cm stratum Ar int
2347Specifies the stratum number assigned to the driver, an integer
2348between 0 and 15.
2349This number overrides the default stratum number
2350ordinarily assigned by the driver itself, usually zero.
2351.It Cm refid Ar string
2352Specifies an ASCII string of from one to four characters which
2353defines the reference identifier used by the driver.
2354This string
2355overrides the default identifier ordinarily assigned by the driver
2356itself.
2357.It Cm mode Ar int
2358Specifies a mode number which is interpreted in a
2359device-specific fashion.
2360For instance, it selects a dialing
2361protocol in the ACTS driver and a device subtype in the
2362parse
2363drivers.
2364.It Cm flag1 Cm 0 \&| Cm 1
2365.It Cm flag2 Cm 0 \&| Cm 1
2366.It Cm flag3 Cm 0 \&| Cm 1
2367.It Cm flag4 Cm 0 \&| Cm 1
2368These four flags are used for customizing the clock driver.
2369The
2370interpretation of these values, and whether they are used at all,
2371is a function of the particular clock driver.
2372However, by
2373convention
2374.Cm flag4
2375is used to enable recording monitoring
2376data to the
2377.Cm clockstats
2378file configured with the
2379.Ic filegen
2380command.
2381Further information on the
2382.Ic filegen
2383command can be found in
2384.Sx Monitoring Options .
2385.El
2386.El
2387.Sh Miscellaneous Options
2388.Bl -tag -width indent
2389.It Ic broadcastdelay Ar seconds
2390The broadcast and multicast modes require a special calibration
2391to determine the network delay between the local and remote
2392servers.
2393Ordinarily, this is done automatically by the initial
2394protocol exchanges between the client and server.
2395In some cases,
2396the calibration procedure may fail due to network or server access
2397controls, for example.
2398This command specifies the default delay to
2399be used under these circumstances.
2400Typically (for Ethernet), a
2401number between 0.003 and 0.007 seconds is appropriate.
2402The default
2403when this command is not used is 0.004 seconds.
2404.It Ic calldelay Ar delay
2405This option controls the delay in seconds between the first and second
2406packets sent in burst or iburst mode to allow additional time for a modem
2407or ISDN call to complete.
2408.It Ic driftfile Ar driftfile
2409This command specifies the complete path and name of the file used to
2410record the frequency of the local clock oscillator.
2411This is the same
2412operation as the
2413.Fl f
2414command line option.
2415If the file exists, it is read at
2416startup in order to set the initial frequency and then updated once per
2417hour with the current frequency computed by the daemon.
2418If the file name is
2419specified, but the file itself does not exist, the starts with an initial
2420frequency of zero and creates the file when writing it for the first time.
2421If this command is not given, the daemon will always start with an initial
2422frequency of zero.
2423.Pp
2424The file format consists of a single line containing a single
2425floating point number, which records the frequency offset measured
2426in parts-per-million (PPM).
2427The file is updated by first writing
2428the current drift value into a temporary file and then renaming
2429this file to replace the old version.
2430This implies that
2431.Xr ntpd 1ntpdmdoc
2432must have write permission for the directory the
2433drift file is located in, and that file system links, symbolic or
2434otherwise, should be avoided.
2435.It Ic dscp Ar value
2436This option specifies the Differentiated Services Control Point (DSCP) value,
2437a 6-bit code.
2438The default value is 46, signifying Expedited Forwarding.
2439.It Xo Ic enable
2440.Oo
2441.Cm auth | Cm bclient |
2442.Cm calibrate | Cm kernel |
2443.Cm mode7 | Cm monitor |
2444.Cm ntp | Cm stats |
2445.Cm peer_clear_digest_early |
2446.Cm unpeer_crypto_early | Cm unpeer_crypto_nak_early | Cm unpeer_digest_early
2447.Oc
2448.Xc
2449.It Xo Ic disable
2450.Oo
2451.Cm auth | Cm bclient |
2452.Cm calibrate | Cm kernel |
2453.Cm mode7 | Cm monitor |
2454.Cm ntp | Cm stats |
2455.Cm peer_clear_digest_early |
2456.Cm unpeer_crypto_early | Cm unpeer_crypto_nak_early | Cm unpeer_digest_early
2457.Oc
2458.Xc
2459Provides a way to enable or disable various server options.
2460Flags not mentioned are unaffected.
2461Note that all of these flags
2462can be controlled remotely using the
2463.Xr ntpdc 1ntpdcmdoc
2464utility program.
2465.Bl -tag -width indent
2466.It Cm auth
2467Enables the server to synchronize with unconfigured peers only if the
2468peer has been correctly authenticated using either public key or
2469private key cryptography.
2470The default for this flag is
2471.Ic enable .
2472.It Cm bclient
2473Enables the server to listen for a message from a broadcast or
2474multicast server, as in the
2475.Ic multicastclient
2476command with default
2477address.
2478The default for this flag is
2479.Ic disable .
2480.It Cm calibrate
2481Enables the calibrate feature for reference clocks.
2482The default for
2483this flag is
2484.Ic disable .
2485.It Cm kernel
2486Enables the kernel time discipline, if available.
2487The default for this
2488flag is
2489.Ic enable
2490if support is available, otherwise
2491.Ic disable .
2492.It Cm mode7
2493Enables processing of NTP mode 7 implementation-specific requests
2494which are used by the deprecated
2495.Xr ntpdc 1ntpdcmdoc
2496program.
2497The default for this flag is disable.
2498This flag is excluded from runtime configuration using
2499.Xr ntpq 1ntpqmdoc .
2500The
2501.Xr ntpq 1ntpqmdoc
2502program provides the same capabilities as
2503.Xr ntpdc 1ntpdcmdoc
2504using standard mode 6 requests.
2505.It Cm monitor
2506Enables the monitoring facility.
2507See the
2508.Xr ntpdc 1ntpdcmdoc
2509program
2510and the
2511.Ic monlist
2512command or further information.
2513The
2514default for this flag is
2515.Ic enable .
2516.It Cm ntp
2517Enables time and frequency discipline.
2518In effect, this switch opens and
2519closes the feedback loop, which is useful for testing.
2520The default for
2521this flag is
2522.Ic enable .
2523.It Cm peer_clear_digest_early
2524By default, if
2525.Xr ntpd 1ntpdmdoc
2526is using autokey and it
2527receives a crypto-NAK packet that
2528passes the duplicate packet and origin timestamp checks
2529the peer variables are immediately cleared.
2530While this is generally a feature
2531as it allows for quick recovery if a server key has changed,
2532a properly forged and appropriately delivered crypto-NAK packet
2533can be used in a DoS attack.
2534If you have active noticable problems with this type of DoS attack
2535then you should consider
2536disabling this option.
2537You can check your
2538.Cm peerstats
2539file for evidence of any of these attacks.
2540The
2541default for this flag is
2542.Ic enable .
2543.It Cm stats
2544Enables the statistics facility.
2545See the
2546.Sx Monitoring Options
2547section for further information.
2548The default for this flag is
2549.Ic disable .
2550.It Cm unpeer_crypto_early
2551By default, if
2552.Xr ntpd 1ntpdmdoc
2553receives an autokey packet that fails TEST9,
2554a crypto failure,
2555the association is immediately cleared.
2556This is almost certainly a feature,
2557but if, in spite of the current recommendation of not using autokey,
2558you are
2559.B still
2560using autokey
2561.B and
2562you are seeing this sort of DoS attack
2563disabling this flag will delay
2564tearing down the association until the reachability counter
2565becomes zero.
2566You can check your
2567.Cm peerstats
2568file for evidence of any of these attacks.
2569The
2570default for this flag is
2571.Ic enable .
2572.It Cm unpeer_crypto_nak_early
2573By default, if
2574.Xr ntpd 1ntpdmdoc
2575receives a crypto-NAK packet that
2576passes the duplicate packet and origin timestamp checks
2577the association is immediately cleared.
2578While this is generally a feature
2579as it allows for quick recovery if a server key has changed,
2580a properly forged and appropriately delivered crypto-NAK packet
2581can be used in a DoS attack.
2582If you have active noticable problems with this type of DoS attack
2583then you should consider
2584disabling this option.
2585You can check your
2586.Cm peerstats
2587file for evidence of any of these attacks.
2588The
2589default for this flag is
2590.Ic enable .
2591.It Cm unpeer_digest_early
2592By default, if
2593.Xr ntpd 1ntpdmdoc
2594receives what should be an authenticated packet
2595that passes other packet sanity checks but
2596contains an invalid digest
2597the association is immediately cleared.
2598While this is generally a feature
2599as it allows for quick recovery,
2600if this type of packet is carefully forged and sent
2601during an appropriate window it can be used for a DoS attack.
2602If you have active noticable problems with this type of DoS attack
2603then you should consider
2604disabling this option.
2605You can check your
2606.Cm peerstats
2607file for evidence of any of these attacks.
2608The
2609default for this flag is
2610.Ic enable .
2611.El
2612.It Ic includefile Ar includefile
2613This command allows additional configuration commands
2614to be included from a separate file.
2615Include files may
2616be nested to a depth of five; upon reaching the end of any
2617include file, command processing resumes in the previous
2618configuration file.
2619This option is useful for sites that run
2620.Xr ntpd 1ntpdmdoc
2621on multiple hosts, with (mostly) common options (e.g., a
2622restriction list).
2623.It Ic leapsmearinterval Ar seconds
2624This EXPERIMENTAL option is only available if
2625.Xr ntpd 1ntpdmdoc
2626was built with the
2627.Cm --enable-leap-smear
2628option to the
2629.Cm configure
2630script.
2631It specifies the interval over which a leap second correction will be applied.
2632Recommended values for this option are between
26337200 (2 hours) and 86400 (24 hours).
2634.Sy DO NOT USE THIS OPTION ON PUBLIC-ACCESS SERVERS!
2635See http://bugs.ntp.org/2855 for more information.
2636.It Ic logconfig Ar configkeyword
2637This command controls the amount and type of output written to
2638the system
2639.Xr syslog 3
2640facility or the alternate
2641.Ic logfile
2642log file.
2643By default, all output is turned on.
2644All
2645.Ar configkeyword
2646keywords can be prefixed with
2647.Ql = ,
2648.Ql +
2649and
2650.Ql - ,
2651where
2652.Ql =
2653sets the
2654.Xr syslog 3
2655priority mask,
2656.Ql +
2657adds and
2658.Ql -
2659removes
2660messages.
2661.Xr syslog 3
2662messages can be controlled in four
2663classes
2664.Po
2665.Cm clock ,
2666.Cm peer ,
2667.Cm sys
2668and
2669.Cm sync
2670.Pc .
2671Within these classes four types of messages can be
2672controlled: informational messages
2673.Po
2674.Cm info
2675.Pc ,
2676event messages
2677.Po
2678.Cm events
2679.Pc ,
2680statistics messages
2681.Po
2682.Cm statistics
2683.Pc
2684and
2685status messages
2686.Po
2687.Cm status
2688.Pc .
2689.Pp
2690Configuration keywords are formed by concatenating the message class with
2691the event class.
2692The
2693.Cm all
2694prefix can be used instead of a message class.
2695A
2696message class may also be followed by the
2697.Cm all
2698keyword to enable/disable all
2699messages of the respective message class.
2700Thus, a minimal log configuration
2701could look like this:
2702.Bd -literal
2703logconfig =syncstatus +sysevents
2704.Ed
2705.Pp
2706This would just list the synchronizations state of
2707.Xr ntpd 1ntpdmdoc
2708and the major system events.
2709For a simple reference server, the
2710following minimum message configuration could be useful:
2711.Bd -literal
2712logconfig =syncall +clockall
2713.Ed
2714.Pp
2715This configuration will list all clock information and
2716synchronization information.
2717All other events and messages about
2718peers, system events and so on is suppressed.
2719.It Ic logfile Ar logfile
2720This command specifies the location of an alternate log file to
2721be used instead of the default system
2722.Xr syslog 3
2723facility.
2724This is the same operation as the
2725.Fl l
2726command line option.
2727.It Ic setvar Ar variable Op Cm default
2728This command adds an additional system variable.
2729These
2730variables can be used to distribute additional information such as
2731the access policy.
2732If the variable of the form
2733.Sm off
2734.Va name = Ar value
2735.Sm on
2736is followed by the
2737.Cm default
2738keyword, the
2739variable will be listed as part of the default system variables
2740.Po
2741.Xr ntpq 1ntpqmdoc
2742.Ic rv
2743command
2744.Pc ) .
2745These additional variables serve
2746informational purposes only.
2747They are not related to the protocol
2748other that they can be listed.
2749The known protocol variables will
2750always override any variables defined via the
2751.Ic setvar
2752mechanism.
2753There are three special variables that contain the names
2754of all variable of the same group.
2755The
2756.Va sys_var_list
2757holds
2758the names of all system variables.
2759The
2760.Va peer_var_list
2761holds
2762the names of all peer variables and the
2763.Va clock_var_list
2764holds the names of the reference clock variables.
2765.It Xo Ic tinker
2766.Oo
2767.Cm allan Ar allan |
2768.Cm dispersion Ar dispersion |
2769.Cm freq Ar freq |
2770.Cm huffpuff Ar huffpuff |
2771.Cm panic Ar panic |
2772.Cm step Ar step |
2773.Cm stepback Ar stepback |
2774.Cm stepfwd Ar stepfwd |
2775.Cm stepout Ar stepout
2776.Oc
2777.Xc
2778This command can be used to alter several system variables in
2779very exceptional circumstances.
2780It should occur in the
2781configuration file before any other configuration options.
2782The
2783default values of these variables have been carefully optimized for
2784a wide range of network speeds and reliability expectations.
2785In
2786general, they interact in intricate ways that are hard to predict
2787and some combinations can result in some very nasty behavior.
2788Very
2789rarely is it necessary to change the default values; but, some
2790folks cannot resist twisting the knobs anyway and this command is
2791for them.
2792Emphasis added: twisters are on their own and can expect
2793no help from the support group.
2794.Pp
2795The variables operate as follows:
2796.Bl -tag -width indent
2797.It Cm allan Ar allan
2798The argument becomes the new value for the minimum Allan
2799intercept, which is a parameter of the PLL/FLL clock discipline
2800algorithm.
2801The value in log2 seconds defaults to 7 (1024 s), which is also the lower
2802limit.
2803.It Cm dispersion Ar dispersion
2804The argument becomes the new value for the dispersion increase rate,
2805normally .000015 s/s.
2806.It Cm freq Ar freq
2807The argument becomes the initial value of the frequency offset in
2808parts-per-million.
2809This overrides the value in the frequency file, if
2810present, and avoids the initial training state if it is not.
2811.It Cm huffpuff Ar huffpuff
2812The argument becomes the new value for the experimental
2813huff-n'-puff filter span, which determines the most recent interval
2814the algorithm will search for a minimum delay.
2815The lower limit is
2816900 s (15 m), but a more reasonable value is 7200 (2 hours).
2817There
2818is no default, since the filter is not enabled unless this command
2819is given.
2820.It Cm panic Ar panic
2821The argument is the panic threshold, normally 1000 s.
2822If set to zero,
2823the panic sanity check is disabled and a clock offset of any value will
2824be accepted.
2825.It Cm step Ar step
2826The argument is the step threshold, which by default is 0.128 s.
2827It can
2828be set to any positive number in seconds.
2829If set to zero, step
2830adjustments will never occur.
2831Note: The kernel time discipline is
2832disabled if the step threshold is set to zero or greater than the
2833default.
2834.It Cm stepback Ar stepback
2835The argument is the step threshold for the backward direction,
2836which by default is 0.128 s.
2837It can
2838be set to any positive number in seconds.
2839If both the forward and backward step thresholds are set to zero, step
2840adjustments will never occur.
2841Note: The kernel time discipline is
2842disabled if
2843each direction of step threshold are either
2844set to zero or greater than .5 second.
2845.It Cm stepfwd Ar stepfwd
2846As for stepback, but for the forward direction.
2847.It Cm stepout Ar stepout
2848The argument is the stepout timeout, which by default is 900 s.
2849It can
2850be set to any positive number in seconds.
2851If set to zero, the stepout
2852pulses will not be suppressed.
2853.El
2854.It Xo Ic rlimit
2855.Oo
2856.Cm memlock Ar Nmegabytes |
2857.Cm stacksize Ar N4kPages
2858.Cm filenum Ar Nfiledescriptors
2859.Oc
2860.Xc
2861.Bl -tag -width indent
2862.It Cm memlock Ar Nmegabytes
2863Specify the number of megabytes of memory that should be
2864allocated and locked.
2865Probably only available under Linux, this option may be useful
2866when dropping root (the
2867.Fl i
2868option).
2869The default is 32 megabytes on non-Linux machines, and -1 under Linux.
2870-1 means "do not lock the process into memory".
28710 means "lock whatever memory the process wants into memory".
2872.It Cm stacksize Ar N4kPages
2873Specifies the maximum size of the process stack on systems with the
2874.Fn mlockall
2875function.
2876Defaults to 50 4k pages (200 4k pages in OpenBSD).
2877.It Cm filenum Ar Nfiledescriptors
2878Specifies the maximum number of file descriptors ntpd may have open at once.
2879Defaults to the system default.
2880.El
2881.It Xo Ic trap Ar host_address
2882.Op Cm port Ar port_number
2883.Op Cm interface Ar interface_address
2884.Xc
2885This command configures a trap receiver at the given host
2886address and port number for sending messages with the specified
2887local interface address.
2888If the port number is unspecified, a value
2889of 18447 is used.
2890If the interface address is not specified, the
2891message is sent with a source address of the local interface the
2892message is sent through.
2893Note that on a multihomed host the
2894interface used may vary from time to time with routing changes.
2895.Pp
2896The trap receiver will generally log event messages and other
2897information from the server in a log file.
2898While such monitor
2899programs may also request their own trap dynamically, configuring a
2900trap receiver will ensure that no messages are lost when the server
2901is started.
2902.It Cm hop Ar ...
2903This command specifies a list of TTL values in increasing order, up to 8
2904values can be specified.
2905In manycast mode these values are used in turn in
2906an expanding-ring search.
2907The default is eight multiples of 32 starting at
290831.
2909.El
2910	_END_PROG_MDOC_DESCRIP;
2911};
2912
2913doc-section	= {
2914  ds-type	= 'FILES';
2915  ds-format	= 'mdoc';
2916  ds-text	= <<- _END_MDOC_FILES
2917.Bl -tag -width /etc/ntp.drift -compact
2918.It Pa /etc/ntp.conf
2919the default name of the configuration file
2920.It Pa ntp.keys
2921private MD5 keys
2922.It Pa ntpkey
2923RSA private key
2924.It Pa ntpkey_ Ns Ar host
2925RSA public key
2926.It Pa ntp_dh
2927Diffie-Hellman agreement parameters
2928.El
2929	_END_MDOC_FILES;
2930};
2931
2932doc-section	= {
2933  ds-type	= 'SEE ALSO';
2934  ds-format	= 'mdoc';
2935  ds-text	= <<- _END_MDOC_SEE_ALSO
2936.Xr ntpd 1ntpdmdoc ,
2937.Xr ntpdc 1ntpdcmdoc ,
2938.Xr ntpq 1ntpqmdoc
2939.Pp
2940In addition to the manual pages provided,
2941comprehensive documentation is available on the world wide web
2942at
2943.Li http://www.ntp.org/ .
2944A snapshot of this documentation is available in HTML format in
2945.Pa /usr/share/doc/ntp .
2946.Rs
2947.%A David L. Mills
2948.%T Network Time Protocol (Version 4)
2949.%O RFC5905
2950.Re
2951	_END_MDOC_SEE_ALSO;
2952};
2953
2954doc-section	= {
2955  ds-type	= 'BUGS';
2956  ds-format	= 'mdoc';
2957  ds-text	= <<- _END_MDOC_BUGS
2958The syntax checking is not picky; some combinations of
2959ridiculous and even hilarious options and modes may not be
2960detected.
2961.Pp
2962The
2963.Pa ntpkey_ Ns Ar host
2964files are really digital
2965certificates.
2966These should be obtained via secure directory
2967services when they become universally available.
2968	_END_MDOC_BUGS;
2969};
2970
2971doc-section	= {
2972  ds-type	= 'NOTES';
2973  ds-format	= 'mdoc';
2974  ds-text	= <<- _END_MDOC_NOTES
2975This document was derived from FreeBSD.
2976	_END_MDOC_NOTES;
2977};
2978