Virgin import of ntpd 4.2.6p5.

When the series of commits is complete, things like
https://cert.litnet.lt/en/docs/ntp-distributed-reflection-dos-attacks
should be fixed.

PR:		bin/148836 (except that we import a newer version)
Asked by:	Too many
MFC after:	2 weeks

134 files changed, 6051 insertions, 3713 deletions

diff --git a/html/accopt.html b/html/accopt.html
index be8a5bb..f1f8cb3 100644
--- a/html/accopt.html
+++ b/html/accopt.html
@@ -1,73 +1,202 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
 
 <html>
+<head>
+<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
+<meta name="generator" content="HTML Tidy, see www.w3.org">
+<title>Access Control Options</title>
+<link href="scripts/style.css" type="text/css" rel="stylesheet">
+<style type="text/css">
+<!--
+.style1 {
+	color: #FF0000;
+	font-weight: bold;
+}
+-->
+</style>
+</head>
 
-	<head>
-		<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
-		<meta name="generator" content="HTML Tidy, see www.w3.org">
-		<title>Access Control Options</title>
-		<link href="scripts/style.css" type="text/css" rel="stylesheet">
-	</head>
-
-	<body>
-		<h3>Access Control Options</h3>
-		<img src="pic/pogo6.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/~mills/pictures.html">from <i>Pogo</i>, Walt Kelly</a>
-		<p>The skunk watches for intruders and sprays.</p>
-		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">18:35</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="246">Thursday, July 28, 2005</csobj></p>
-		<br clear="left">
-		<h4>Related Links</h4>
-		<script type="text/javascript" language="javascript" src="scripts/links7.txt"></script>
-		<h4>Table of Contents</h4>
-		<ul>
-			<li class="inline"><a href="#acx">Access Control Support</a>
-			<li class="inline"><a href="#kiss">The Kiss-of-Death Packet</a>
-			<li class="inline"><a href="#cmd">Access Control Commands</a>
-		</ul>
-		<hr>
-		<h4 id="acx">Access Control Support</h4>
-		The<tt> ntpd</tt> daemon implements a general purpose address/mask based restriction list. The list contains address/match entries sorted first by increasing address values and and then by increasing mask values. A match occurs when the bitwise AND of the mask and the packet source address is equal to the bitwise AND of the mask and address in the list. The list is searched in order with the last match found defining the restriction flags associated with the entry. Additional information and examples can be found in the <a href="notes.html">Notes on Configuring NTP and Setting up a NTP Subnet</a> page.
-		<p>The restriction facility was implemented in conformance with the access policies for the original NSFnet backbone time servers. Later the facility was expanded to deflect cryptographic and clogging attacks. While this facility may be useful for keeping unwanted or broken or malicious clients from congesting innocent servers, it should not be considered an alternative to the NTP authentication facilities. Source address based restrictions are easily circumvented by a determined cracker.</p>
-		<p>Clients can be denied service because they are explicitly included in the restrict list created by the <tt>restrict</tt> command or implicitly as the result of cryptographic or rate limit violations. Cryptographic violations include certificate or identity verification failure; rate limit violations generally result from defective NTP&nbsp;implementations that send packets at abusive rates. Some violations cause denied service only for the offending packet, others cause denied service for a timed period and others cause the denied service for an indefinate period. When a client or network is denied access for an indefinate period, the only way at present to remove the restrictions is by restarting the server.</p>
-		<h4 id="kiss">The Kiss-of-Death Packet</h4>
-		<p>Ordinarily, packets denied service are simply dropped with no further action except incrementing statistics counters. Sometimes a more proactive response is needed, such as a server message that explicitly requests the client to stop sending and leave a message for the system operator. A special packet format has been created for this purpose called the &quot;kiss-o'-death&quot; (KoD) packet. KoD packets have the leap bits set unsynchronized and stratum set to zero and the reference identifier field set to a four-byte ASCII code. If the <tt>noserve</tt> or <tt>notrust</tt> flag of the matching restrict list entry is set, the code is &quot;DENY&quot;; if the <tt>limited</tt> flag is set and the rate limit is exceeded, the code is &quot;RATE&quot;. Finally, if a cryptographic violation occurs, the code is &quot;CRYP&quot;.</p>
-		<p>A client receiving a KoD performs a set of sanity checks to minimize security exposure, then updates the stratum and reference identifier peer variables, sets the access denied (TEST4) bit in the peer flash variable and sends a message to the log. As long as the TEST4 bit is set, the client will send no further packets to the server. The only way at present to recover from this condition is to restart the protocol at both the client and server. This happens automatically at the client when the association times out. It will happen at the server only if the server operator cooperates.</p>
-		<h4 id="cmd">Access Control Commands</h4>
-		<dl>
-			<dt><tt>discard [ average <i>avg</i> ][ minimum <i>min</i> ] [ monitor <i>prob</i> ]</tt>
-			<dd>Set the parameters of the <tt>limited</tt> facility which protects the server from client abuse. The <tt>average</tt> subcommand specifies the minimum average packet spacing, while the <tt>minimum</tt> subcommand specifies the minimum packet spacing. Packets that violate these minima are discarded and a kiss-o'-death packet returned if enabled. The default minimum average and minimum are 5 and 2, respectively. The monitor subcommand specifies the probability of discard for packets that overflow the rate-control window.
-			<dt><tt>restrict <i>address</i> [mask <i>mask</i>] [<i>flag</i>][...]</tt>
-			<dd>The <i><tt>address</tt></i> argument expressed in dotted-quad form is the address of a host or network. Alternatively, the <tt><i>address</i></tt> argument can be a valid host DNS&nbsp;name. The <i><tt>mask</tt></i> argument expressed in dotted-quad form defaults to <tt>255.255.255.255</tt>, meaning that the <i><tt>address</tt></i> is treated as the address of an individual host. A default entry (address <tt>0.0.0.0</tt>, mask <tt>0.0.0.0</tt>) is always included and is always the first entry in the list. Note that text string <tt>default</tt>, with no mask option, may be used to indicate the default entry.
-			<dd>In the current implementation, <i><tt>flag</tt></i> always restricts access, i.e., an entry with no flags indicates that free access to the server is to be given. The flags are not orthogonal, in that more restrictive flags will often make less restrictive ones redundant. The flags can generally be classed into two catagories, those which restrict time service and those which restrict informational queries and attempts to do run-time reconfiguration of the server. One or more of the following flags may be specified:
-				<dl>
-					<dt><tt>ignore</tt>
-					<dd>Deny packets of all kinds, including <tt>ntpq</tt> and <tt>ntpdc</tt> queries.
-					<dt><tt>kod</tt>
-					<dd>If this flag is set when an access violation occurs, a kiss-o'-death (KoD) packet is sent. KoD packets are rate limited to no more than one per second. If another KoD packet occurs within one second after the last one, the packet is dropped
-					<dt><tt>limited</tt>
-					<dd>Deny service if the packet spacing violates the lower limits specified in the <tt>discard</tt> command. A history of clients is kept using the monitoring capability of <tt>ntpd</tt>. Thus, monitoring is always active as long as there is a restriction entry with the <tt>limited</tt> flag.
-					<dt><tt>lowpriotrap</tt>
-					<dd>Declare traps set by matching hosts to be low priority. The number of traps a server can maintain is limited (the current limit is 3). Traps are usually assigned on a first come, first served basis, with later trap requestors being denied service. This flag modifies the assignment algorithm by allowing low priority traps to be overridden by later requests for normal priority traps.
-					<dt><tt>nomodify</tt>
-					<dd>Deny <tt>ntpq</tt> and <tt>ntpdc</tt> queries which attempt to modify the state of the server (i.e., run time reconfiguration). Queries which return information are permitted.
-					<dt><tt>noquery</tt>
-					<dd>Deny <tt>ntpq</tt> and <tt>ntpdc</tt> queries. Time service is not affected.
-					<dt><tt>nopeer</tt>
-					<dd>Deny packets which would result in mobilizing a new association. &nbsp;This includes broadcast, symmetric-active and manycast client packets when a configured association does not exist.
-					<dt><tt>noserve</tt>
-					<dd>Deny all packets except <tt>ntpq</tt> and <tt>ntpdc</tt> queries.
-					<dt><tt>notrap</tt>
-					<dd>Decline to provide mode 6 control message trap service to matching hosts. The trap service is a subsystem of the <tt>ntpdq</tt> control message protocol which is intended for use by remote event logging programs.
-					<dt><tt>notrust</tt>
-					<dd>Deny packets unless the packet is cryptographically authenticated.
-					<dt><tt>ntpport</tt>
-					<dd>This is actually a match algorithm modifier, rather than a restriction flag. Its presence causes the restriction entry to be matched only if the source port in the packet is the standard NTP UDP port (123). Both <tt>ntpport</tt> and <tt>non-ntpport</tt> may be specified. The <tt>ntpport</tt> is considered more specific and is sorted later in the list.
-					<dt><tt>version</tt>
-					<dd>Deny packets that do not match the current NTP version.
-				</dl>
-			<dd>Default restriction list entries with the flags <tt>ignore, interface, ntpport</tt>, for each of the local host's interface addresses are inserted into the table at startup to prevent the server from attempting to synchronize to its own time. A default entry is also always present, though if it is otherwise unconfigured; no flags are associated with the default entry (i.e., everything besides your own NTP server is unrestricted).
+<body>
+
+<h3>Access Control Options</h3>
+
+<img src="pic/pogo6.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/~mills/pictures.html">from <i>Pogo</i>, Walt Kelly</a>
+
+<p>The skunk watches for intruders and sprays.</p>
+<p>Last update: 
+<!-- #BeginDate format:En2m -->30-Sep-2009  17:16<!-- #EndDate -->
+		UTC</p>
+<br clear="left">
+
+<h4>Related Links</h4>
+
+<script type="text/javascript" language="javascript" src="scripts/command.txt"></script>
+<script type="text/javascript" language="javascript" src="scripts/accopt.txt"></script>
+
+<h4>Table of Contents</h4>
+
+<ul>
+<li class="inline"><a href="#acx">Access Control Support</a></li>
+<li class="inline"><a href="#cmd">Access Control Commands</a></li>
+</ul>
+
+<hr>
+
+<h4 id="acx">Access Control Support</h4>
+
+<p>The <tt>ntpd</tt> daemon implements a general purpose access control list
+	(ACL) containing address/match entries sorted first by increasing address
+	values and then by increasing mask values. A match occurs when the bitwise
+	AND of the mask and the packet source address is equal to the bitwise AND of
+	the mask and address in the list. The list is searched in order with the last
+	match found defining the restriction flags associated with the entry.</p>
+
+<p>An example may clarify how it works. Our campus has two class-B networks,
+128.4 for the ECE and CIS departments and 128.175 for the rest of campus.
+Let's assume (not true!) that subnet 128.4.1 homes critical services like class
+	rosters and spread sheets. A suitable ACL might be</p>
+<pre>
+restrict default nopeer					# deny new associations
+restrict 128.175.0.0 mask 255.255.0.0 		# allow campus access
+restrict 128.4.0.0 mask 255.255.0.0 none	# allow ECE and CIS access
+restrict 128.4.1.0 mask 255.255.255.0 notrust # require authentication on subnet 1
+restrict time.nist.gov						# allow access
+</pre>
+
+<p>While this facility may be useful for keeping unwanted, broken or malicious clients from congesting innocent servers, it should not be considered an alternative to the NTP authentication facilities. Source address based restrictions are easily circumvented by a determined cracker.</p>
+
+<h4 id="cmd">Access Control Commands</h4>
+
+<dl>
+
+<dt id="discard"><tt>discard [ average <i>avg</i> ][ minimum <i>min</i> ] [ monitor <i>prob</i> ]</tt></dt>
+<dd>Set the parameters of the rate control facility which protects the server
+	from client abuse. If the <tt>limited</tt> flag is present in the ACL, packets
+	that violate these limits are discarded. If in addition the <tt>kod</tt> restriction
+	is present, a kiss-o'-death packet is returned.</dd>
+
+<dd><dl>
+
+<dt><tt>average <i>avg</i></tt></dt>
+<dd>Specify the minimum average interpacket spacing (minimum average headway
+time) in log<sub>2</sub> s with default 3.</dd>
+
+<dt><tt>minimum <i>min</i></tt></dt>
+<dd>Specify the minimum interpacket spacing (guard time) in log<sub>2</sub> s
+	with default 1.</dd>
+
+<dt><tt>monitor</tt></dt>
+<dd>Specify the probability of discard for packets that overflow the rate-control
+	window. This is a performance optimization for servers with aggregate arrivals
+	of 1000 packets per second or more.</dd>
+
+</dl></dd>
+			
+<dt id="restrict"><tt>restrict <i>address</i> [mask <i>mask</i>] [<i>flag</i>][...]</tt></dt>
+<dd>The <tt><i>address</i></tt> argument expressed in dotted-quad form is the
+	address of a host or network. Alternatively, the <tt><i>address</i></tt> argument
+	can be a valid host DNS name. The <tt><i>mask</i></tt> argument expressed in
+	dotted-quad form defaults to 255.255.255.255, meaning that the <tt><i>address</i></tt> is
+	treated as the address of an individual host. A default entry (address 0.0.0.0,
+	mask 0.0.0.0) is always included and is always the first entry in the list.
+	Note that the text string <tt>default</tt>, with no mask option, may be used
+	to indicate the default entry.</dd>
+
+<dd>Some flags have the effect to deny service, some  have the effect to
+	enable service and some are  conditioned by other flags. The  flags. are
+	not orthogonal, in that more restrictive flags will often make less restrictive
+	ones redundant. The flags that deny service are classed in two categories,
+	those that restrict time service and those that restrict informational queries
+	and attempts to do run-time reconfiguration of the server. One or more of the
+	following flags may be specified:</dd>
+<dd><dl>
+
+<dt><tt>flake</tt></dt>
+<dd>Discard received NTP packets with probability 0.1; that is, on average drop
+	one packet in ten. This is for testing and amusement. The name comes from Bob
+	Braden's <i>flakeway</i>, which once did a similar thing for early Internet
+	testing.</dd>
+
+<dt><tt>ignore</tt></dt>
+<dd>Deny packets of all kinds, including <tt>ntpq</tt> and <tt>ntpdc</tt> queries.</dd>
+
+<dt><tt>kod</tt></dt>
+<dd>Send a kiss-o'-death (KoD) packet if the <tt>limited</tt> flag is present
+	and a packet violates the rate limits established by the <tt>discard</tt> command.
+	KoD packets are themselves rate limited for each source address separately.
+	If this flag is not present, packets that violate the rate limits are discarded.</dd>
+
+<dt><tt>limited</tt></dt>
+<dd>Deny time service if the packet violates the rate limits established by the <tt>discard</tt> command.
+	This does not apply to <tt>ntpq</tt> and <tt>ntpdc</tt> queries.</dd>
+
+<dt><tt>lowpriotrap</tt></dt>
+<dd>Declare traps set by matching hosts to be low priority. The number of traps
+	a server can maintain is limited (the current limit is 3). Traps are usually
+	assigned on a first come, first served basis, with later trap requestors being
+	denied service. This flag modifies the assignment algorithm by allowing low
+	priority traps to be overridden by later requests for normal priority traps.</dd>
+<dt><tt>mssntp</tt></dt>
+<dd>Enable Microsoft Windows MS-SNTP authentication using Active Directory services.
+	<span class="style1">Note: Potential users should be aware that these services
+	involve a TCP connection to another process that could potentially block,
+	denying services to other users. Therefore, this flag should be used only
+	for a dedicated  server with no clients other than MS-SNTP.</span></dd>
+<dt><tt>nomodify</tt></dt>
+<dd>Deny <tt>ntpq</tt> and <tt>ntpdc</tt> queries which attempt to modify the
+	state of the server (i.e., run time reconfiguration). Queries which return information
+	are permitted.</dd>
+
+<dt><tt>noquery</tt></dt>
+<dd>Deny <tt>ntpq</tt> and <tt>ntpdc</tt> queries. Time service is not affected.</dd>
+
+<dt><tt>nopeer</tt></dt>
+<dd>Deny packets that might  mobilize an  association unless authenticated. This
+	includes broadcast, symmetric-active and manycast server packets when a configured
+	association does not exist. Note that this flag does not apply to packets
+	that do not attempt to mobilize an association. </dd>
+
+<dt><tt>noserve</tt></dt>
+<dd>Deny all packets except <tt>ntpq</tt> and <tt>ntpdc</tt> queries.</dd>
+
+<dt><tt>notrap</tt></dt>
+<dd>Decline to provide mode 6 control message trap service to matching hosts.
+	The trap service is a subsystem of the <tt>ntpdc</tt> control message protocol
+	which is intended for use by remote event logging programs.</dd>
+
+<dt><tt>notrust</tt></dt>
+<dd>Deny packets that are not cryptographically authenticated. Note carefully
+	how this flag interacts with the <tt>auth</tt> option of the <tt>enable</tt> and <tt>disable</tt> commands.
+	If  <tt>auth</tt> is enabled, which is the default, authentication is required
+	for all packets that might mobilize  an association.
+	If <tt>auth</tt> is
+	disabled, but the <tt>notrust</tt> flag is not present, an association can be
+	mobilized whether or not authenticated. If <tt>auth</tt> is disabled, but the <tt>notrust</tt> flag
+	is present, authentication is required only for the specified address/mask
+	range. </dd>
+
+		<dt><tt>ntpport</tt></dt>
+			<dt><tt>non-ntpport</tt></dt>
+			<dd>This is actually a match algorithm modifier, rather than a restriction
+				flag. Its presence causes the restriction entry to be matched only if the
+				source port in the packet is the standard NTP UDP port (123). Both <tt>ntpport</tt> and <tt>non-ntpport</tt> may
+				be specified. The <tt>ntpport</tt> is considered more specific and is sorted
+				later in the list.</dd>
+			<dt><tt>version</tt></dt>
+			<dd>Deny packets that do not match the current NTP version.</dd>
 		</dl>
-		<hr>
-		<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
-	</body>
+</dd>
+<dd>Default restriction list entries with the flags <tt>ignore, ntpport</tt>,
+	for each of the local host's interface addresses are inserted into the table
+	at startup to prevent the server from attempting to synchronize to its own time.
+	A default entry is also always present, though if it is otherwise unconfigured;
+	no flags are associated with the default entry (i.e., everything besides your
+	own NTP server is unrestricted).</dd>
+</dl>
+
+<hr>
+<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
+
+</body>
 
 </html>
\ No newline at end of file
diff --git a/html/assoc.html b/html/assoc.html
index 0ca1426..6bd0d75 100644
--- a/html/assoc.html
+++ b/html/assoc.html
@@ -13,45 +13,82 @@
 		<h3>Association Management</h3>
 		<img src="pic/alice51.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/~mills/pictures.html">from <i>Alice's Adventures in Wonderland</i>, Lewis Carroll</a>
 		<p>Make sure who your friends are.</p>
-		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">18:35</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="246">Thursday, July 28, 2005</csobj></p>
+		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">21:56</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="277">Friday, December 28, 2007</csobj></p>
 		<br clear="left">
 		<h4>Related Links</h4>
-		<script type="text/javascript" language="javascript" src="scripts/links7.txt"></script>
+		<script type="text/javascript" language="javascript" src="scripts/config.txt"></script>
 		<h4>Table of Contents</h4>
 		<ul>
 			<li class="inline"><a href="#modes">Association Modes</a>
 			<li class="inline"><a href="#client">Client/Server Mode</a>
 			<li class="inline"><a href="#symact">Symmetric Active/Passive Mode</a>
 			<li class="inline"><a href="#broad">Broadcast/Multicast Modes</a>
-			<li class="inline"><a href="#umlt">Multicasting</a>
-			<li class="inline"><a href="#umlt">Multicasting</a>
-			<li class="inline"><a href="#burst">Burst Modes</a>
+			<li class="inline"><a href="#many">Manycast Mode</a>
+			<li class="inline"><a href="#orphan">Orphan Mode</a>
+			<li class="inline"><a href="#burst">Burst Options</a>
 		</ul>
 		<hr>
 		<h4 id="modes">Association Modes</h4>
-		<p>NTP Version 4 (NTPv4) incorporates new features and refinements to the NTP Version 3 (NTPv3) algorithms; however, it continues the tradition of backwards compatibility with older versions. A number of new operating modes for automatic server discovery and improved accuracy in occasionally connected networks are provided. Following is an overview of the new features; additional information is available on the <a href="confopt.html">Configuration Options</a> and <a href="authopt.html">Authentication Options</a> pages and in the papers, reports, memoranda and briefings at <a href="http://www.ntp.org">www.ntp.org</a>.</p>
-		<p>There are two types of associations: persistent associations, which result from configuration file commands, and ephemeral associations, which result from protocol operations described below. A persistent association is never demobilized, although it may become dormant when the associated server becomes unreachable. An ephemeral association is mobilized when a message arrives from a server; for instance, a symmetric passive association is mobilized upon arrival of a symmetric active message. A broadcast client association is mobilized upon arrival of a broadcast server message, while a Manycast client association is mobilized upon arrival of a Manycast server message.</p>
-		<p>Ordinarily, successful mobilization of an ephemeral association requires the server to be cryptographically authenticated to the dependent client. This can be done using either symmetric-key or public-key cryptography, as described in the <a href="authopt.html">Authentication Options</a> page. The cryptographic means insure an unbroken chain of trust between the dependent client and the primary servers at the root of the synchronization subnet. We call this chain the <i>provenance</i> of the client and define new vocabulary as to proventicate a client or provide proventic credentials. Once mobilized, ephemeral associations are demobilized when either (a) the server becomes unreachable or (b) the server refreshes the key media without notifying the client.</p>
-		<p>There are three principal modes of operation: client/server, symmetric active/passive and broadcast. In addition, there are two modes using IP multicast support: multicast and manycast. These modes are selected based on the scope of service, intended flow of time and proventic values and means of configuration. Following is a summary of the operations in each mode.</p>
+		<p>This page describes the various modes of operation provided in NTPv4. Details about the configuration commands and options are given on the <a href="confopt.html">Configuration Options</a> page. Details about the cryptographic authentication schemes are given on the <a href="authopt.html">Authentication Options</a> page. Details about the automatic server discovery schemes are described on the <a href="manyopt.html">Automatic Server Discovery Schemes</a> page. Additional information is available in the papers, reports, memoranda and briefings on the <a href="http://www.eecis.udel.edu/~mills/ntp.html"> NTP Project</a> page.</p>
+		<p>There are three types of associations in NTP: persistent, preemptable and ephemeral. Persistent associations are mobilized by a configuration command and never demobilized. Preemptable associations, which are new to NTPv4, are mobilized by a configuration command which includes the <tt>prempt</tt> option and are demobilized by a &quot;better&quot; server or by timeout, but only if the number of survivors exceeds the threshold set by the <tt>tos maxclock</tt> configuration command. Ephemeral associations are mobilized upon arrival of designated messages and demobilized by timeout.</p>
+		<p>Ordinarily, successful mobilization of ephemeral associations requires the server to be cryptographically authenticated to the client. This can be done using either symmetric key or Autokey public key cryptography, as described in the <a href="authopt.html">Authentication Options</a> page.</p>
+		<p>There are three principal modes of operation in NTP: client/server, symmetric active/passive and broadcast/multicast. There are three automatic server discovery schemes in NTP: broadcast/multicast, manycast and pool described on the <a href="manyopt.html">Automatic Server Discovery Schemes</a> page. In addition, the orphan mode and burst options described on this page can be used in appropriate cases.</p>
+		<p>Following is a summary of the operations in each mode. Note that reference to option applies to the commands described on the <a href="confopt.html">Configuration Options</a> page. See that page for applicability and defaults.</p>
 		<h4 id="client">Client/Server Mode</h4>
-		<p>Client/server mode is probably the most common configuration in the Internet today. It operates in the classic remote-procedure-call (RPC) paradigm with stateless servers. In this mode a client sends a request to the server and expects a reply at some future time. In some contexts this would be described as a &quot;pull&quot; operation, in that the client pulls the time and proventic values from the server. A client is configured in client mode using the <tt>server</tt> (sic) command and specifying the server IPv4 or IPv6 DNS name or address; the server requires no prior configuration. The original NTPv3 authentication scheme is applicable in this mode, as well as the new NTPv4 Autokey proventication scheme. In addition, two burst modes described below can be used in appropriate cases.</p>
+		<p>Client/server mode is the most common configuration in the Internet today. It operates in the classic remote-procedure-call (RPC) paradigm with stateless servers and stateful clients. In this mode a host sends a client (mode 3) request to the specified server and expects a server (mode 4) reply at some future time. In some contexts this would be described as a &quot;pull&quot; operation, in that the host pulls the time and related values from the server.</p>
+		<p>A host is configured in client mode using the <tt>server</tt> (sic) command and specifying the server DNS&nbsp;name or IPv4 or IPv6 address; the server requires no prior configuration. The <tt>iburst</tt> option described later on this page is recommended for clients, as this speeds up initial synchronization from several minutes to several seconds. The <tt>burst</tt> option described later on this page can be useful to reduce jitter on very noisy dial-up or ISDN network links.</p>
+		<p>Ordinarily, the program automatically manages the poll interval between the default minimum and maximum values. The <tt>minpoll</tt> and <tt>maxpoll</tt> options can be used to bracket the range. Unless noted otherwise, these options should not be used with reference clock drivers.</p>
 		<h4 id="symact">Symmetric Active/Passive Mode</h4>
-		<p>Symmetric active/passive mode is intended for configurations were a clique of low-stratum peers operate as mutual backups for each other. Each peer operates with one or more primary reference sources, such as a radio clock, or a subset of secondary servers known to be reliable and proventicated. Should one of the peers lose all reference sources or simply cease operation, the other peers will automatically reconfigure so that time and proventication values can flow from the surviving peers to all the others in the clique. In some contexts this would be described as a &quot;push-pull&quot; operation, in that the peer either pulls or pushes the time and proventic values depending on the particular configuration.</p>
-		<p>Symmetric peers operate with their sources in some NTP mode and with each other in symmetric mode. A peer is configured in symmetric active mode using the <tt>peer</tt> command and specifying the other peer IPv4 or IPv6 DNS name or address. The other peer can also be configured in symmetric active mode in a similar way. However, if the other peer is not specifically configured in this way, a symmetric passive association is mobilized upon arrival of a symmetric active message. Since an intruder can impersonate a symmetric active peer and inject false time values, symmetric mode should always be cryptographically validated. The original NTPv3 authentication scheme is applicable in this mode, as well as the new NTPv4 Autokey proventication scheme.</p>
+		<p>Symmetric active/passive mode is intended for configurations were a clique
+			of low-stratum peers operate as mutual backups for each other. Each peer operates
+			with one or more primary reference sources, such as a radio clock, or a set
+			of secondary (stratum, 2) servers known to be reliable and authentic. Should
+			one of the peers lose all reference sources or simply cease operation, the
+			other peers will automatically reconfigure so that time and related values
+			can flow from the surviving peers to all hosts in the subnet. In some contexts
+			this would be described as a &quot;push-pull&quot; operation, in that the
+			peer either pulls or pushes the time and related values depending on the particular
+			configuration.</p>
+		<p>In symmetric active mode a peer symmetric active (mode 1) message to a designated peer. If a matching configured symmetric active association is found, the designated peer returns a symmetric active message. If no matching association is found, the designated peer mobilizes a ephemeral symmetric passive association and returns a symmetric passive (mode 2) message. Since an intruder can impersonate a symmetric active peer and cause a spurious symmetric passive association to be mobilized, symmetric passive mode should always be cryptographically validated.</p>
+		<p>A peer is configured in symmetric active mode using the <tt>peer</tt> command and specifying the other peer DNS name or IPv4 or IPv6 address. The <tt>burst</tt> and <tt>iburst</tt> options should not be used in symmetric modes, as this can upset the intended symmetry of the protocol and result in spurious duplicate or dropped messages.</p>
+		<p>As symmetric modes are most often used as root servers for moderate to large subnets where rapid response is required, it is generally best to set the minimum and maximum poll intervals of each root server to the same value using the <tt>minpoll</tt> and <tt>maxpoll</tt> options.</p>
 		<h4 id="broad">Broadcast/Multicast Modes</h4>
-		<p>IPv4 broadcast mode in both NTPv3 and NTPv4 is limited to directly connected subnets such as Ethernets which support broadcast technology. Ordinarily, this technology does not operate beyond the first hop router or gateway. In IPv6 and where service is intended beyond the local subnet, IP multicasting can be used where supported by the operating system and the routers support the Internet Group Management Protocol (IGMP). Most current kernels and available routers do support IP multicast technology, although service providers are sometimes reluctant to deploy it.</p>
-		<p>IPv4 broadcast mode is intended for configurations involving one or a few servers and a possibly very large client population on the same subnet. A broadcast server is configured using the <tt>broadcast</tt> command and a IPv4 local subnet broadcast address. A broadcast client is configured using the <tt>broadcastclient</tt> command, in which case it responds to broadcast messages received on any interface. Since an intruder can impersonate a broadcast server and inject false time values, this mode should always be cryptographically validated. The original NTPv3 authentication scheme is applicable in this mode, as well as the new NTPv4 Autokey proventication scheme.</p>
-		<p>The server generates broadcast messages continuously at intervals specified by the <tt>minpoll</tt> keyword and with a time-to-live span specified by the <tt>ttl</tt> keyword. A broadcast client responds to the first message received by waiting a short interval to avoid implosion at the server. Then, the client polls the server in burst mode in order to quickly set the host clock and validate the source. This normally results in a volley of eight client/server cycles at 2-s intervals during which both the synchronization and cryptographic protocols run concurrently. Following the volley, the client computes the offset between the apparent broadcast time and the (unicast) client time. This offset is used to compensate for the propagation time between the broadcast server and client. Once the offset is computed, the server continues as before and the client sends no further messages. If for some reason the broadcast server does not respond to client messages, the client will time out the volley and continue in listen-only mode with a default propagation delay.</p>
-		<h4 id="umlt">Multicasting</h4>
-		<p>Multicasting can be used to extend the scope of a timekeeping subnet in two ways: multicasting and manycasting. A general discussion of IP multicast technology is beyond the scope of this page. In simple terms a host or router sending to a IPv4 or IPv6 multicast group address expects all hosts or routers listening on this address to receive the message. There is no intrinsic limit on the number of senders or receivers and senders can be receivers and vice versa. The IANA has assigned multicast group address IPv4 224.0.1.1 and IPv6 FF05::101 (site local) to NTP, but these addresses should be used only where the multicast span can be reliably constrained to protect neighbor networks. In general, administratively scoped IPv4 group addresses should be used, as described in RFC-2365, or GLOP group addresses, as described in RFC-2770.</p>
-		<p>A multicast server is configured using the <tt>broadcast</tt> command, but with a multicast group address instead of a broadcast address. A multicast client is configured using the <tt>multicastclient</tt> command with a multicast group address. However, there is a subtle difference between IPv4 broadcasting and multicasting. IPv4 broadcasting is specific to each interface and local subnet address. If more than one interface is attached to a machine, a separate <tt>broadcast</tt> command applies to each one separately. This provides a way to limit exposure in a firewall, for example. For IPv6 the same distinction can be made using link-local prefix FF02 for each interface and site-local FF05 for all interfacesl.</p>
-		<p>IP multicasting is a different paradigm. By design, multicast messages travel from the sender via a shortest-path or shared tree to the receivers, which may require these messages emit from one or all interfaces, but carry a common source address. However, it is possible to configure multiple multicast group addresses using multiple <tt>broadcast</tt> or <tt>multicastclient</tt> commands. Other than these particulars, multicast messages are processed just like broadcast messages. Note that the calibration feature in broadcast mode is extremely important, since IP multicast messages can travel far different paths through the IP routing fabric than ordinary IP unicast messages.</p>
-		<h4 id="many">Manycasting</h4>
-		<p>Manycasting is a automatic discovery and configuration paradigm new to NTPv4. It is intended as a means for a multicast client to troll the nearby network neighborhood to find cooperating manycast servers, validate them using cryptographic means and evaluate their time values with respect to other servers that might be lurking in the vicinity. The intended result is that each manycast client mobilizes client associations with some number of the &quot;best&quot; of the nearby anycast servers, yet automatically reconfigures to sustain this number of servers should one or another fail. Additional information is on the <a href="manyopt.html">Automatic NTP Configuration Options</a> page.</p>
-		<h4 id="burst">Burst Modes</h4>
-		<p>There are two burst modes where a single poll event triggers a burst of eight packets at 2-s intervals instead of the usual one. The <tt>burst</tt> mode sends a burst when the server is reachable, while the <tt>iburst</tt> mode sends a burst when the server is unreachable. Each mode is independently of the other and both can be used if necessary. The <tt>calldelay</tt> command can be used to increase the interval between the first and second packets in the burst in order to allow a modem to complete a call. Received server packets update the clock filter, which selects the best (most accurate) time values. When the last packet in the burst is sent, the next received packet updates the system variables and sets the system clock in the usual manner, as if only a single client/server cycle had occurred. The result is not only a rapid and reliable setting of the system clock, but a considerable reduction in network jitter.</p>
-		<p>The <tt>iburst</tt> keyword is used where it is important to set the clock quickly when an association is first mobilized or first becomes reachable or when the network attachment requires an initial calling or training procedure. The burst is initiated only when the server first becomes reachable and results in good accuracy with intermittent connections typical of PPP and ISDN services. Outlyers due to initial dial-up delays, etc., are avoided and the client sets the clock within a few seconds after the first message.</p>
-		<p>The <tt>burst</tt> keyword can be configured in cases of excessive network jitter or when the network attachment requires an initial calling or training procedure. The burst is initiated at each poll interval when the server is reachable. The burst does produce additional network overhead and can cause trouble if used indiscriminately. It should only be used where the poll interval is expected to settle to values at or above 1024 s.</p>
+		<p>NTP broadcast and multicast modes are intended for configurations involving one or a few servers and a possibly very large client population. Broadcast mode can be used with Ethernet, FDDI and WiFi spans interconnected by hubs or switches. Ordinarily, broadcast packets do not extend beyond a level-3 router. Where service is intended beyond a level-3 router, multicast mode can be used. Additional information is on the <a href="manyopt.html">Automatic NTP Configuration Options</a> page.</p>
+		<h4 id="many">Manycast Mode</h4>
+		<p>Manycast mode is a automatic discovery and configuration paradigm new to NTPv4. It is intended as a means for a multicast client to troll the nearby network neighborhood to find cooperating manycast servers, validate them using cryptographic means and evaluate their time values with respect to other servers that might be lurking in the vicinity. The intended result is that each manycast client mobilizes ephemeral client associations with some number of the &quot;best&quot; of the nearby manycast servers, yet automatically reconfigures to sustain this number of servers should one or another fail. Additional information is on the <a href="manyopt.html">Automatic NTP Configuration Options</a> page.</p>
+		<h4 id="orphan">Orphan Mode</h4>
+		<p>Sometimes an NTP subnet becomes isolated from all UTC sources such as local reference clocks or Internet time servers. In such cases it may be necessary that the subnet servers and clients remain synchronized to a common timescale, not necessarily the UTC timescale. Previously, this function was provided by the local clock driver to simulate a UTC source. A server with this driver could be used to synchronize other hosts in the subnet directly or indirectly.</p>
+		<p>There are many disadvantages using the local clock driver, primarily that the subnet is vulnerable to single-point failures and multiple server  redundancy is not possible. Orphan mode is intended to replace the local clock driver. It provides a single simulated UTC source with multiple servers and provides seamless switching as servers fail and recover.</p>
+		<p>A common configuration for private networks includes one or more core servers operating at the lowest stratum. Good practice is to configure each of these servers as backup for the others using symmetric or broadcast modes. As long as at least one core server can reach a UTC source, the entire subnet can synchronize to it.</p>
+		<p>If no UTC sources are available to any core server, one of them can provide a simulated UTC source for all other hosts in the subnet. However, only one core server can simulate the UTC source and all direct dependents, called orphan children, must select the same one, called the orphan parent.</p>
+		<p>A host is enabled for orphan mode using the <tt>tos orphan <i>stratum</i></tt> command, where <tt><i>stratum</i></tt> is some stratum less than 16 and greater than any anticipated stratum that might occur with configured Internet time servers. However, sufficient headroom should remain so every subnet host dependent on the orphan children has stratum less than 16. Where no associations for other servers or reference clocks are configured, the orphan stratum can be set to 1. These are the same considerations that guide the local clock driver stratum selection.</p>
+		<p>A orphan parent with no sources shows reference ID <font face="Courier New, Courier, Monaco, monospace">LOOP</font>&nbsp;if
+			operating at stratum 1 and 127.0.0.1 (Unix loopback address) otherwise.
+			While ordinary NTP clients use a selection metric based on delay
+			and dispersion, orphan children use a metric computed from the IP
+			address of each core server. Each orphan child chooses the orphan
+			parent as the root server with the smallest metric.</p>
+		<p>For orphan mode to work well, each core server with available sources should operate at the same stratum. All core servers and orphan children should include the same <font face="Courier New, Courier, Monaco, monospace">tos</font> command in the configuration file. Each orphan child should include in the configuration file all root servers.</p>
+		<div align-"center">
+				<img src="pic/peer.gif" alt="gif">
+		</div>
+		<p>For example, consider the peer network configuration above, where two or more campus primary or secondary (stratum 2) servers are configured with reference clocks or public Internet primary servers and with each other using symmetric modes. With this configuration a server that loses all sources continues to discipline the system clock using the other servers as backup. Only the core servers and orphan children need to be enabled for orphan mode.</p>
+		<div align-"center">
+			<img src="pic/broad.gif" alt="gif">
+		</div>
+		<p>For broadcast networks each core server is configured in both broadcast server and broadcast client modes as shown above. Orphan children operate as broadcast clients of all core servers. As in peer networks, the core servers back up each other and only they and the orphan children need to be enabled for orphan mode.</p>
+		<p>In normal operation subnet hosts operate below stratum 5, so the subnet is automatically configured as described in the NTP specification. If all UTC sources are lost, all core servers become orphans and the orphan children will select the same root server to become the orphan parent.</p>
+		<h4 id="burst">Burst Options</h4>
+		<p>There are two burst options where a single poll event triggers a burst of eight packets at 2-s intervals instead of the normal one packet. They should be used only with the <tt>server</tt> and <tt>pool</tt> commands, but not with reference clock drivers nor symmetric peers. The <tt>burst</tt> option sends a burst when the server is reachable, while the <tt>iburst</tt> option sends a burst when the server is unreachable. Each mode is independently of the other and both can be used at the same time. In either mode the client sends one packet, waits for the reply, then sends the remaining packets in the burst.  This may be useful to allow a modem to complete a call.</p>
+		<p>In both modes received server packets update the clock filter, which selects the best (most accurate) time values. When the last packet in the burst is sent, the next received packet updates the system variables and adjusts the system clock as if only a single packet exchange had occurred.</p>
+		<p>The <tt>iburst</tt> option is useful where the system clock must be set quickly or when the network attachment requires an initial calling or training sequence. The burst is initiated only when the server first becomes reachable. This improves accuracy with intermittent connections typical of PPP and ISDN services. Outliers due to initial dial-up delays, etc., are avoided and the client sets the clock within a few seconds after the first received packet.</p>
+		<p>The <tt>burst</tt> option can be configured in cases of excessive network
+			jitter or when the network attachment requires an initial calling or training
+			sequence. The burst is initiated at each poll interval when the server is
+			reachable. The number of packets in the burst is determined by the poll interval
+			so that the average interval between packets is no less than 16. At a poll
+			interval of 16 s, only one packet is sent in the burst; at 32 s, two packets
+			are sent and so forth until at 128 s and above eight packets are sent.</p>
 		<hr>
 		<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
 	</body>
diff --git a/html/audio.html b/html/audio.html
index 9cea273..76bdd56 100644
--- a/html/audio.html
+++ b/html/audio.html
@@ -12,10 +12,11 @@
 	<body>
 		<h3>Reference Clock Audio Drivers</h3>
 		<img src="pic/radio2.jpg" alt="jpg" align="left">ICOM R-72 shortwave receiver and Sure audio mixer
-		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">18:36</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="246">Thursday, July 28, 2005</csobj></p>
+		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">00:48</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="308">Saturday, November 24, 2007</csobj></p>
 		<br clear="left">
 		<h4>Related Links</h4>
-		<script type="text/javascript" language="javascript" src="scripts/links8.txt"></script>
+		<script type="text/javascript" language="javascript" src="scripts/refclock.txt"></script>
+		<script type="text/javascript" language="javascript" src="scripts/audio.txt"></script>
 		<h4>Table of Contents</h4>
 		<ul>
 			<li class="inline"><a href="#sound">Sound Card Drivers</a>
@@ -25,11 +26,17 @@
 		<hr>
 		<h4 id="sound">Sound Card Drivers</h4>
 		<p>There are some applications in which the computer time can be disciplined to an audio signal, rather than a serial timecode and communications port or special purpose bus peripheral. This is useful in such cases where the audio signal is sent over a telephone circuit, for example, or received directly from a shortwave receiver. In such cases the audio signal can be connected via an ordinary sound card or baseboard audio codec. The suite of NTP reference clock drivers currently includes three drivers suitable for these applications. They include a driver for the Inter Range Instrumentation Group (IRIG) signals produced by many radio clocks and timing devices, another for the Canadian time/frequency radio station CHU and a third for the NIST time/frequency radio stations WWV and WWVH. The radio drivers are designed to work with ordinary inexpensive shortwave radios and may be one of the least expensive ways to build a good primary time server.</p>
-		<p>All three drivers make ample use of sophisticated digital signal processing algorithms designed to efficiently extract timing signals from noise and interference. The radio station drivers in particular implement optimum linear demodulation and decoding techniques, including maximum likelihood and soft-decision methods. The documentation page for each driver contains an in-depth discussion on the algorithms and performance expectations. In some cases the algorithms are further analyzed, modelled and evaluated in a technical report.</p>
+		<p>All three drivers make ample use of sophisticated digital signal processing
+			algorithms designed to efficiently extract timing signals from noise and interference.
+			The radio station drivers in particular implement optimum linear demodulation
+			and decoding techniques, including maximum-likelihood and soft-decision methods.
+			The documentation page for each driver contains an in-depth discussion on
+			the algorithms and performance expectations. In some cases the algorithms
+			are further analyzed, modeled and evaluated in a technical report.</p>
 		<p>Currently, the audio drivers work with with Sun operating systems and audio codecs, including SunOS 4.1.3 and Solaris from 2.6 and probably all others in between. They also work with FreeBSD from 4.1 with compatible sound card. In fact, the interface is quite generic and support for other systems, in particular the various Unix generics, should not be difficult. Volunteers are solicited.</p>
 		<p>The audio drivers include a number of common features designed to groom input signals, suppress spikes and normalize signal levels. An automatic gain control (AGC) feature provides protection against overdriven or underdriven input signals. It is designed to maintain adequate demodulator signal amplitude while avoiding occasional noise spikes. In order to assure reliable operation, the signal level must be in the range where the audio gain control is effective. In general, this means the input signal level must be such as to cause the AGC to set the gain somewhere in the middle of the range from 0 to 255, as indicated in the timecode displayed by the <tt>ntpq</tt> program.</p>
-		<p>The drivers operate by disciplining a logical clock based on the codec sample clock to the audio signal as received. This is done by stuffing or slipping samples as required to maintain exact frequency to the order of 0.1 PPM. In order for the driver to reliably lock on the audio signal, the sample clock frequency tolerance must be less than 250 PPM (.025 percent) for the IRIG driver and half that for the radio drivers. The largest error observed so far is about 60 PPM, but it is possible some sound cards or codecs may exceed that value.</p>
-		<p>The drivers include provisions to select the input port and to monitor the input signal. The <tt>fudge flag 2</tt> selects the microphone port if set to zero or the line-in port if set to one. It does not seem useful to specify the compact disc player port. The <tt>fudge flag 3</tt> enables the input signal monitor using the previously selected output port and output gain. Both of these flags can be set in the configuration file or remotely using the <tt>ntpdc</tt> utility program.</p>
+		<p>The IRIG&nbsp;and WWV drivers operate by disciplining a logical clock based on the codec sample clock to the audio signal as received. This is done by stuffing or slipping samples as required to maintain exact frequency to the order of 0.1 PPM. In order for the driver to reliably lock on the audio signal, the sample clock frequency tolerance must be less than 250 PPM (.025 percent) for the IRIG driver and half that for the WWV driver. The largest error observed so far is about 60 PPM, but it is possible some sound cards or codecs may exceed that value. In any case, the configuration file command <tt>tinker codec</tt> command can be used to change the systematic offset in units of 125 PPM.</p>
+		<p>The drivers include provisions to select the input port and to monitor the input signal. The <tt>fudge flag 2</tt> command selects the microphone port if set to zero or the line-in port if set to one. It does not seem useful to specify the compact disc player port. The <tt>fudge flag 3</tt> command enables the input signal monitor using the previously selected output port and output gain. Both of these flags can be set in the configuration file or remotely using the <tt>ntpdc</tt> utility program.</p>
 		<h4 id="short">Shortwave Radio Drivers</h4>
 		<p>The WWV/H and CHU audio drivers require an external shortwave radio with the radio output - speaker or headphone jack - connected to either the microphone or line-in port on the computer. There is some degree of art in setting up the radio and antenna and getting the setup to work. While the drivers are highly sophisticated and efficient in extracting timing signals from noise and interference, it always helps to have as clear a signal as possible.</p>
 		<p>The most important factor affecting the radio signal is the antenna. It need not be long - even 15 feet is enough if it is located outside of a metal frame building, preferably on the roof, and away from metallic objects. An ordinary CB whip mounted on a PVC pipe and wooden X-frame on the roof should work well with most portable radios, as they are optimized for small antennas.</p>
@@ -38,12 +45,13 @@
 		<p>Shortwave (3-30 MHz) radio propagation phenomena are well known to shortwave enthusiasts. The phenomena generally obey the following rules:</p>
 		<ul>
 			<li>The optimum frequency is higher in daytime than nighttime, stays high longer on summer days and low longer on winter nights.
-			<li>Transitions between daytime and nightime conditions generally occur somewhat after sunrise and sunset at the midpoint of the path from transmitter to receiver.
+			<li>Transitions between daytime and nighttime conditions generally occur somewhat
+				after sunrise and sunset at the midpoint of the path from transmitter to
+				receiver.
 			<li>Ambient noise (static) on the lower frequencies follows the thunderstorm season, so is higher on summer afternoons and evenings.
 			<li>The lower frequency bands are best for shorter distances, while the higher bands are best for longer distances.
-			<li>The optimum frequencies are higher at the peak of the 11-year sunspot cycle and lower at the trough. The current sunspot cycle should peak in the first couple of years beginning the century.
-		</ul>
-		<p>The best way to choose a frequency is to listen at various times over the day and determine the best highest (daytime) and lowest (nighttime) frequencies. Then, assuming one is available, choose the highest frequency between these frequencies. This strategy assumes that the high frequency is more problematic than the low, that the low frequency probably comes with severe multipath and static, and insures that probably twice a day the chosen frequency will work. For instance, on the east coast the best compromise CHU frequency is probably 7335 kHz and the best WWV frequency is probably 15 MHz.</p>
+			<li>The optimum frequencies are higher at the peak of the 11-year sunspot cycle and lower at the trough. The current sunspot cycle began at the minimum in late 2006 and should reach its peak in 2012.</ul>
+		<p>The best way to choose a frequency is to listen at various times over the day and determine the highest (daytime) and lowest (nighttime) frequencies that work well. Choose the frequency that works for the most number of hours in the day, usually the highest frequency. For instance, on the east coast the best compromise CHU frequency is 7335 kHz and the best WWV frequency is 15 MHz.</p>
 		<h4>Autotune Modes</h4>
 		<p>The shortwave drivers include support for an optional autotune function compatible with ICOM&nbsp;receivers and transceivers. The <tt>mode</tt> keyword of the <tt>server</tt> configuration command specifies the ICOM ID select code in decimal. A missing or zero argument disables the CI-V interface. Since all ICOM select codes are less than 128, the high order bit of the code is used by the driver to specify the baud rate. If this bit is not set, the rate is 9600 bps for the newer radios; if set, the rate is 1200 bps for the older radios. Following are the ID select codes for the known radios.</p>
 		<table width="100%" cols="6">
@@ -83,54 +91,62 @@
 				<td>726</td>
 				<td>0x30</td>
 				<td>48</td>
-				<td>R71</td>
-				<td>0x1A</td>
-				<td>26</td>
+				<td>7000</td>
+				<td>0x70</td>
+				<td>113</td>
 			</tr>
 			<tr>
 				<td>735</td>
 				<td>0x04</td>
 				<td>4</td>
-				<td>R72</td>
-				<td>0x32</td>
-				<td>50</td>
+				<td>R71</td>
+				<td>0x1A</td>
+				<td>26</td>
 			</tr>
 			<tr>
 				<td>746</td>
 				<td>0x66</td>
 				<td>102</td>
-				<td>R75</td>
-				<td>0x5a</td>
-				<td>90</td>
+				<td>R72</td>
+				<td>0x32</td>
+				<td>50</td>
 			</tr>
 			<tr>
 				<td>751</td>
 				<td>0x1c</td>
 				<td>28</td>
-				<td>R7000</td>
-				<td>0x08</td>
-				<td>8</td>
+				<td>R75</td>
+				<td>0x5a</td>
+				<td>90</td>
 			</tr>
 			<tr>
 				<td>756PROII</td>
 				<td>0x64</td>
 				<td>100</td>
-				<td>R7100</td>
-				<td>0x34</td>
-				<td>52</td>
+				<td>R7000</td>
+				<td>0x08</td>
+				<td>8</td>
 			</tr>
 			<tr>
 				<td>761</td>
 				<td>0x1e</td>
 				<td>30</td>
-				<td>R8500</td>
-				<td>0x4a</td>
-				<td>74</td>
+				<td>R7100</td>
+				<td>0x34</td>
+				<td>52</td>
 			</tr>
 			<tr>
 				<td>765</td>
 				<td>0x2c</td>
 				<td>44</td>
+				<td>R8500</td>
+				<td>0x4a</td>
+				<td>74</td>
+			</tr>
+			<tr>
+				<td></td>
+				<td></td>
+				<td></td>
 				<td>R9000</td>
 				<td>0x2a</td>
 				<td>42</td>
@@ -138,8 +154,25 @@
 		</table>
 		<h4 id="setup">Setup and Debugging Aids</h4>
 		<p>The audio drivers include extensive setup and debugging support to help hook up the audio signals and monitor the driver operations. The documentation page for each driver describes the various messages that can be produced either in real time or written to the <tt>clockstats</tt> file for later analysis. Of particular help in verifying signal connections and compatibility is a provision to monitor the signal via headphones or speaker.</p>
-		<p>Connecting radios and IRIG devices to the computer and verifying correct configuration is somewhat of a black art. The signals have to be connected to the correct ports and the signal level maintained within tolerances. Some radios have recorder outputs which produce a line level signal not affected by the volume control. These signals can be connected to the line-in port on the computer. If the level is too low, connect to the microphone-in port instead. If the radio does not have a recorder output, connect the headphone or speaker output to the line-in port and adjust the volume control so the driver indicates comfortably above the minimum specified and the AGC level somewhere in the middle of the range 0-255. IRIG signals are usually much larger than radio outputs, usually in the range to several volts and may even overload the line-in port. In such cases an attenuator must be used to reduce the signal level below the overload point.</p>
-		<p>It is very easy to underdrive or overdrive the audio codec, in which case the drivers will not synchronize to the signal. The drivers use <tt>fudge flag2</tt> to enable audio monitoring of the input signal. This is useful during setup to confirm the signal is actually reaching the audio codec and generally free of hum and interference. This feature is not intended for regular use, since it does increase the processor load on the system. Note that the speaker volume must be set before the driver is started.</p>
+		<p>Connecting radios and IRIG devices to the computer and verifying correct
+			configuration is somewhat of a black art. The signals have to be connected
+			to the correct ports and the signal level maintained within tolerances. Some
+			radios have recorder outputs which produce a microphone-level signal not affected
+			by the volume control. These signals can be connected to the microphone port
+			on the computer. If the radio does not have a recorder output, connect the
+			headphone or speaker output to the line-in port and adjust the volume control
+			so the driver indicates comfortably above the minimum specified and the AGC
+			level somewhere in the middle of the range 0-255. IRIG signals are usually
+			much larger than radio outputs, usually in the range to several volts and
+			may even overload the line-in port. In such cases the signal is designed to
+			drive a cable terminated with a 50-ohm resistor, which results in a level
+			the line-in port can handle..</p>
+		<p>It is very easy to underdriven or overdrive the audio codec, in which case
+			the drivers will not synchronize to the signal. The drivers use <tt>fudge
+			flag2</tt> to enable audio monitoring of the input signal. This is useful
+			during setup to confirm the signal is actually reaching the audio
+			codec and generally free of noise and interference. Note that the monitor
+			volume must be set before the driver is started.</p>
 		<p>The drivers write a synthesized timecode to the <tt>clockstats</tt> file each time the clock is set or verified and at other times if verbose monitoring is enabled. The format includes several fixed-length fields defining the UTC time to the millisecond, together with additional variable-length fields specific to each driver. The data include the intervals since the clock was last set or verified, the audio gain and various state variables and counters specific to each driver.</p>
 		<hr>
 		<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
diff --git a/html/authopt.html b/html/authopt.html
index 5f67b3c..dfb880c 100644
--- a/html/authopt.html
+++ b/html/authopt.html
@@ -2,154 +2,492 @@
 
 <html>
 
-	<head>
-		<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
-		<meta name="generator" content="HTML Tidy, see www.w3.org">
-		<title>Authentication Options</title>
-		<link href="scripts/style.css" type="text/css" rel="stylesheet">
-	</head>
-
-	<body>
-		<h3>Authentication Options</h3>
-		<img src="pic/alice44.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/%7emills/pictures.html">from <i>Alice's Adventures in Wonderland</i>, Lewis Carroll</a>
-		<p>Our resident cryptographer; now you see him, now you don't.</p>
-		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">01:29</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="338">Wednesday, September 13, 2006</csobj></p>
-		<br clear="left">
-		<h4>Related Links</h4>
-		<script type="text/javascript" language="javascript" src="scripts/links9.txt"></script>
-		<h4>Table of Contents</h4>
-		<ul>
-			<li class="inline"><a href="#auth">Authentication Support</a>
-			<li class="inline"><a href="#symm">Symmetric Key Cryptography</a>
-			<li class="inline"><a href="#pub">Public Key Cryptography</a>
-			<li class="inline"><a href="#cfg">Configuration</a>
-			<li class="inline"><a href="#inter">Operation</a>
-			<li class="inline"><a href="#key">Key Management</a>
-			<li class="inline"><a href="#cmd">Authentication Commands</a>
-			<li class="inline"><a href="#err">Error Codes</a>
-			<li class="inline"><a href="#file">Files</a>
-		</ul>
-		<hr>
-		<h4 id="auth">Authentication Support</h4>
-		<p>Authentication support allows the NTP client to verify that the server is in fact known and trusted and not an intruder intending accidentally or on purpose to masquerade as that server. The NTPv3 specification RFC-1305 defines a scheme which provides cryptographic authentication of received NTP packets. Originally, this was done using the Data Encryption Standard (DES) algorithm operating in Cipher Block Chaining (CBC) mode, commonly called DES-CBC. Subsequently, this was replaced by the RSA Message Digest 5 (MD5) algorithm using a private key, commonly called keyed-MD5. Either algorithm computes a message digest, or one-way hash, which can be used to verify the server has the correct private key and key identifier.</p>
-		<p>NTPv4 retains the NTPv3 scheme, properly described as symmetric key cryptography, and, in addition, provides a new Autokey scheme based on public key cryptography. Public key cryptography is generally considered more secure than symmetric key cryptography, since the security is based on a private value which is generated by each host and never revealed. With the exception of the group key described later, all key distribution and management functions involve only public values, which considerably simplifies key distribution and storage. Public key management is based on X.509 certificates, which can be provided by commercial services or produced by utility programs in the OpenSSL software library or the NTPv4 distribution.</p>
-		<p>While the algorithms for symmetric key cryptography are included in the NTPv4 distribution, public key cryptography requires the OpenSSL software library to be installed before building the NTP distribution. This library is available from <a href="http://www.openssl.org">http://www.openssl.org</a> and can be installed using the procedures outlined in the <a href="build/build.html">Building and Installing the Distribution</a> page. Once installed, the configure and build process automatically detects the library and links the library routines required.</p>
-		<p>Authentication is configured separately for each association using the <tt>key</tt> or <tt>autokey</tt> subcommand on the <tt>peer</tt>, <tt>server</tt>, <tt>broadcast</tt> and <tt>manycastclient</tt> configuration commands as described in the <a href="confopt.html">Configuration Options</a> page. The authentication options described below specify the locations of the key files, if other than default, which symmetric keys are trusted and the interval between various operations, if other than default.</p>
-		<p>Authentication is always enabled, although ineffective if not configured as described below. If a NTP packet arrives including a message authentication code (MAC), it is accepted only if it passes all cryptographic checks. The checks require correct key ID, key value and message digest. If the packet has been modified in any way or replayed by an intruder, it will fail one or more of these checks and be discarded. Furthermore, the Autokey scheme requires a preliminary protocol exchange to obtain the server certificate, verify its credentials and initialize the protocol</p>
-		<p>The <tt>auth</tt> flag controls whether new associations or remote configuration commands require cryptographic authentication. This flag can be set or reset by the <tt>enable</tt> and <tt>disable</tt> commands and also by remote configuration commands sent by a <tt>ntpdc</tt> program running on another machine. If this flag is enabled, which is the default case, new broadcast/manycast client and symmetric passive associations and remote configuration commands must be cryptographically authenticated using either symmetric key or public key cryptography. If this flag is disabled, these operations are effective even if not cryptographic authenticated. It should be understood that operating with the <tt>auth</tt> flag disabled invites a significant vulnerability where a rogue hacker can masquerade as a truechimer and seriously disrupt system timekeeping. It is important to note that this flag has no purpose other than to allow or disallow a new association in response to new broadcast and symmetric active messages and remote configuration commands and, in particular, the flag has no effect on the authentication process itself.</p>
-		<p>The security model and protocol schemes for both symmetric key and public key cryptography are summarized below; further details are in the briefings, papers and reports at the NTP project page linked from <a href="http://www.ntp.org">www.ntp.org</a>.</p>
-		<h4 id="symm">Symmetric Key Cryptography</h4>
-		
-		The original RFC-1305 specification allows any one of possibly 65,534 keys, each distinguished by a 32-bit key identifier, to authenticate an association. The servers and clients involved must agree on the key and key identifier to authenticate NTP packets. Keys and related information are specified in a key file, usually called <tt>ntp.keys</tt>, which must be distributed and stored using secure means beyond the scope of the NTP protocol itself. Besides the keys used for ordinary NTP associations, additional keys can be used as passwords for the <tt><a href="ntpq.html">ntpq</a></tt> and <tt><a href="ntpdc.html">ntpdc</a></tt> utility programs. Ordinarily, the <tt>ntp.keys</tt> file is generated by the <tt><a href="keygen.html">ntp-keygen</a></tt> program.
-		<p>When <tt>ntpd</tt> is first started, it reads the key file specified in the <tt>keys</tt> configuration command and installs the keys in the key cache. However, individual keys must be activated with the <tt>trustedkey</tt> command before use. This allows, for instance, the installation of possibly several batches of keys and then activating or deactivating each batch remotely using <tt>ntpdc</tt>. This also provides a revocation capability that can be used if a key becomes compromised. The <tt>requestkey</tt> command selects the key used as the password for the <tt>ntpdc</tt> utility, while the <tt>controlkey</tt> command selects the key used as the password for the <tt>ntpq</tt> utility.</p>
-		<h4 id="pub">Public Key Cryptography</h4>
-		<p>NTPv4 supports the original NTPv3 symmetric key scheme described in RFC-1305 and in addition the Autokey protocol, which is based on public key cryptography. The Autokey Version 2 protocol described on the <a href="http://www.eecis.udel.edu/%7emills/proto.html">Autokey Protocol</a> page verifies packet integrity using MD5 message digests and verifies the source with digital signatures and any of several digest/signature schemes. Optional identity schemes described on the <a href="http://www.eecis.udel.edu/%7emills/ident.html">Identity Schemes</a> page and based on cryptographic challenge/response algorithms are also available. Using these schemes provides strong security against replay with or without modification, spoofing, masquerade and most forms of clogging attacks.</p>
-		<p>The Autokey protocol has several modes of operation corresponding to the various NTP modes supported. Most modes use a special cookie which can be computed independently by the client and server, but encrypted in transmission. All modes use in addition a variant of the S-KEY scheme, in which a pseudo-random key list is generated and used in reverse order. These schemes are described along with an executive summary, current status, briefing slides and reading list on the <a href="http://www.eecis.udel.edu/%7emills/autokey.html">Autonomous Authentication</a> page.</p>
-		<p>The specific cryptographic environment used by Autokey servers and clients is determined by a set of files and soft links generated by the <a href="keygen.html"><tt>ntp-keygen</tt></a> program. This includes a required host key file, required host certificate file and optional sign key file, leapsecond file and identity scheme files. The digest/signature scheme is specified in the X.509 certificate along with the matching sign key. There are several schemes available in the OpenSSL software library, each identified by a specific string such as <tt>md5WithRSAEncryption</tt>, which stands for the MD5 message digest with RSA encryption scheme. The current NTP distribution supports all the schemes in the OpenSSL library, including those based on RSA and DSA digital signatures.</p>
-		<p>NTP secure groups can be used to define cryptographic compartments and security hierarchies. It is important that every host in the group be able to construct a certificate trail to one or more trusted hosts in the same group. Each group host runs the Autokey protocol to obtain the certificates for all hosts along the trail to one or more trusted hosts. This requires the configuration file in all hosts to be engineered so that, even under anticipated failure conditions, the NTP&nbsp;subnet will form such that every group host can find a trail to at least one trusted host.</p>
-		<h4>Naming and Addressing</h4>
-		<p>It is important to note that Autokey does not use DNS&nbsp;to resolve addresses, since DNS can't be completely trusted until the name servers have synchronized clocks. The cryptographic name used by Autokey to bind the host identity credentials and cryptographic values must be independent of interface, network and any other naming convention. The name appears in the host certificate in either or both the subject and issuer fields, so protection against DNS&nbsp;compromise is essential.</p>
-		<p>By convention, the name of an Autokey host is the name returned by the Unix <tt>gethostname()</tt> system call or equivalent in other systems. By the system design model, there are no provisions to allow alternate names or aliases. However, this is not to say that DNS&nbsp;aliases, different names for each interface, etc., are constrained in any way.</p>
-		<p>It is also important to note that Autokey verifies authenticity using the host name, network address and public keys, all of which are bound together by the protocol specifically to deflect masquerade attacks. For this reason Autokey includes the source and destinatino IP&nbsp;addresses in message digest computations and so the same addresses must be available at both the server and client. For this reason operation with network address translation schemes is not possible. This reflects the intended robust security model where government and corporate NTP&nbsp;servers are operated outside firewall perimeters.</p>
-		<h4 id="cfg">Configuration</h4>
-		<p>Autokey has an intimidating number of options, most of which are not necessary in typical scenarios. The simplest configuration consists of a subnet with one or more servers at the same low stratum acting as trusted hosts and with dependent clients at higher strata and sharing a single secure group and identity scheme. Each trusted host generates a host key, trusted certificate and group key. Each client generates a host key, normal certificate and installs the group key of each trusted host using secure means and renames it as the name of the trusted host.</p>
-		<p>For example, trusted host Alice generates keys using</p>
-		<p><tt>ntp-keygen -H -T -I -p xyz</tt></p>
-		<p>where H specifies a new host key, T the trusted certificate, I&nbsp;the IFF&nbsp;identity scheme and p the password used to encrypt the private key files. The group key file  is <tt>ntpkey_IFFpar_alice.<i>filestamp</i></tt><i>, </i>where <i>filestamp </i>represents the NTP&nbsp;time in seconds when the file was generated.</p>
-		<p>Host Bob generate keys using</p>
-		<p><tt>ntp-keygen -H -p abc</tt></p>
-		<p>where <tt>abc</tt> is different for each group host. The trusted host generates a password-protected group key using</p>
-		<p><tt>ntp-keygen -q xyz -p abc -e &gt;<i>temp</i></tt></p>
-		<p>where <tt>xyz</tt> is the trusted host password, <tt>abc</tt> is the password supplied by the client and <i><tt>temp</tt></i> is a temporary file. This file is transmitted to Bob using secure means and renamed to the fully qualified host name for Alice preceded by the string <tt>ntpkey_iff_</tt>.</p>
-		<h4>Operation</h4>
-		<p>A specific combination of authentication scheme (none, symmetric key, public key) and identity scheme is called a cryptotype, although not all combinations are compatible. There may be management configurations where the clients, servers and peers may not all support the same cryptotypes. A secure NTPv4 subnet can be configured in many ways while keeping in mind the principles explained above and in this section. Note however that some cryptotype combinations may successfully interoperate with each other, but may not represent good security practice.</p>
-		<p>The cryptotype of an association is determined at the time of mobilization, either at configuration time or some time later when a message of appropriate cryptotype arrives. When mobilized by a <tt>server</tt> or <tt>peer</tt> configuration command and no <tt>key</tt> or <tt>autokey</tt> subcommands are present, the association is not authenticated; if the <tt>key</tt> subcommand is present, the association is authenticated using the symmetric key ID specified; if the <tt>autokey</tt> subcommand is present, the association is authenticated using Autokey.</p>
-		<h4 id="key">Key Management</h4>
-		<p>The cryptographic values used by the Autokey protocol are incorporated as a set of files generated by the <a href="keygen.html"><tt>ntp-keygen</tt></a> utility program, including symmetric key, host key and public certificate files, as well as sign key, identity parameters and leapseconds files. Alternatively, host and sign keys and certificate files can be generated by the OpenSSL utilities and certificates can be imported from public certificate authorities. Note that symmetric keys are necessary for the <tt>ntpq</tt> and <tt>ntpdc</tt> utility programs. The remaining files are necessary only for the Autokey protocol.</p>
-		<p>Certificates imported from OpenSSL or public certificate authorities have certian limitations. The certificate should be in ASN.1 syntax, X.509 Version 3 format and encoded in PEM, which is the same format used by OpenSSL. The overall length of the certificate encoded in ASN.1 must not exceed 1024 bytes. The subject distinguished name field (<tt>CN</tt>) is the fully qualified name of the host on which it is used; the remaining subject fields are ignored. The certificate extension fields must not contain either a subject key identifier or a issuer key identifier field; however, an extended key usage field for a trusted host must contain the value <tt>trustRoot</tt>;. Other extension fields are ignored.</p>
-		<h4 id="cmd">Authentication Commands</h4>
-		<dl>
-			<dt><tt>autokey [<i>logsec</i>]</tt>
-			<dd>Specifies the interval between regenerations of the session key list used with the Autokey protocol. Note that the size of the key list for each association depends on this interval and the current poll interval. The default value is 12 (4096 s or about 1.1 hours). For poll intervals above the specified interval, a session key list with a single entry will be regenerated for every message sent.
-			<dt><tt>controlkey <i>key</i></tt>
-			<dd>Specifies the key identifier to use with the <a href="ntpq.html"><tt>ntpq</tt></a> utility, which uses the standard protocol defined in RFC-1305. The <tt><i>key</i></tt> argument is the key identifier for a trusted key, where the value can be in the range 1 to 65,534, inclusive.
-			<dt><tt>crypto [cert <i>file</i>] [leap <i>file</i>] [randfile <i>file</i>] [host <i>file</i>] [sign <i>file</i>] [ident <i>scheme</i>] [iffpar <i>file</i>] [gqpar <i>file</i>] [mvpar <i>file</i>] [pw <i>password</i>]</tt>
-			<dd>This command requires the OpenSSL library. It activates public key cryptography, selects the message digest and signature encryption scheme and loads the required private and public values described above. If one or more files are left unspecified, the default names are used as described above. Unless the complete path and name of the file are specified, the location of a file is relative to the keys directory specified in the <tt>keysdir</tt> command or default <tt>/usr/local/etc</tt>. Following are the subcommands:
-				<dl>
-					<dt><tt>cert <i>file</i></tt>
-					<dd>Specifies the location of the required host public certificate file. This overrides the link <tt>ntpkey_cert_<i>hostname</i></tt> in the keys directory.
-					
-					<dt><tt>gqpar <i>file</i></tt>
-					<dd>Specifies the location of the client GQ parameters file. This overrides the link <tt>ntpkey_gq_<i>hostname</i></tt> in the keys directory.
-					
-					<dt><tt>host <i>file</i></tt>
-					<dd>Specifies the location of the required host key file. This overrides the link <tt>ntpkey_key_<i>hostname</i></tt> in the keys directory.
-					<dt><tt>ident <i>scheme</i></tt>
-					<dd>Requests the server identity <i><tt>scheme</tt></i>, which can be <tt>IFF</tt>, <tt>GQ</tt> or <tt>MV</tt>. This is used when the host will not be a server for a dependent client.<dt><tt>iffpar <i>file</i></tt>
-					<dd>Specifies the location of the optional IFF parameters file.This overrides the link <tt>ntpkey_iff_<i>hostname</i></tt> in the keys directory.
-					<dt><tt>leap <i>file</i></tt>
-					<dd>Specifies the location of the client leapsecond file. This overrides the link <tt>ntpkey_leap</tt> in the keys directory.
-					<dt><tt>mv</tt>
-					<dd>Requests the MV server identity scheme.
-					<dt><tt>mvpar <i>file</i></tt>
-					<dd>Specifies the location of the client MV parameters file. This overrides the link <tt>ntpkey_mv_<i>hostname</i></tt> in the keys directory.
-					<dt><tt>pw <i>password</i></tt>
-					<dd>Specifies the password to decrypt files containing private keys and identity parameters. This is required only if these files have been encrypted.
-					<dt><tt>randfile <i>file</i></tt>
-					<dd>Specifies the location of the random seed file used by the OpenSSL library. The defaults are described in the main text above.
-					<dt><tt>sign <i>file</i></tt>
-					<dd>Specifies the location of the optional sign key file. This overrides the link <tt>ntpkey_sign_<i>hostname</i></tt> in the keys directory. If this file is not found, the host key is also the sign key.
-				</dl>
-			<dt><tt>keys <i>keyfile</i></tt>
-			<dd>Specifies the complete path and location of the MD5 key file containing the keys and key identifiers used by <tt>ntpd</tt>, <tt>ntpq</tt> and <tt>ntpdc</tt> when operating with symmetric key cryptography. This is the same operation as the <tt>-k </tt>command line option.
-			<dt><tt>keysdir <i>path</i></tt>
-			<dd>This command specifies the default directory path for cryptographic keys, parameters and certificates. The default is <tt>/usr/local/etc/</tt>.
-			<dt><tt>requestkey <i>key</i></tt>
-			<dd>Specifies the key identifier to use with the <a href="ntpdc.html"><tt>ntpdc</tt></a> utility program, which uses a proprietary protocol specific to this implementation of <tt>ntpd</tt>. The <tt><i>key</i></tt> argument is a key identifier for the trusted key, where the value can be in the range 1 to 65,534, inclusive.
-			<dt><tt>revoke [<i>logsec</i>]</tt>
-			<dd>Specifies the interval between re-randomization of certain cryptographic values used by the Autokey scheme, as a power of 2 in seconds. These values need to be updated frequently in order to deflect brute-force attacks on the algorithms of the scheme; however, updating some values is a relatively expensive operation. The default interval is 16 (65,536 s or about 18 hours). For poll intervals above the specified interval, the values will be updated for every message sent.
-			<dt><tt>trustedkey <i>key</i> [...]</tt>
-			<dd>Specifies the key identifiers which are trusted for the purposes of authenticating peers with symmetric key cryptography, as well as keys used by the <tt>ntpq</tt> and <tt>ntpdc</tt> programs. The authentication procedures require that both the local and remote servers share the same key and key identifier for this purpose, although different keys can be used with different servers. The <tt><i>key</i></tt> arguments are 32-bit unsigned integers with values from 1 to 65,534.
-		</dl>
-		<h4 id="err">Error Codes</h4>
-		<p>Errors can occur due to mismatched configurations, unexpected restarts, expired certificates and unfriendly people. In most cases the protocol state machine recovers automatically by retransmission, timeout and restart, where necessary. Some errors are due to mismatched keys, digest schemes or identity schemes and must be corrected by installing the correct media and/or correcting the configuration file. One of the most common errors is expired certificates, which must be regenerated and signed at least once per year using the <tt><a href="keygen.html">ntp-keygen</a></tt> program.</p>
-		<p>The following error codes are reported via the NTP control and monitoring protocol trap mechanism.</p>
-		<dl>
-			<dt>101 (bad field format or length)
-			<dd>The packet has invalid version, length or format.
-			<dt>102 (bad timestamp)
-			<dd>The packet timestamp is the same or older than the most recent received. This could be due to a replay or a server clock time step.
-			<dt>103 (bad filestamp)
-			<dd>The packet filestamp is the same or older than the most recent received. This could be due to a replay or a key file generation error.
-			<dt>104 (bad or missing public key)
-			<dd>The public key is missing, has incorrect format or is an unsupported type.
-			<dt>105 (unsupported digest type)
-			<dd>The server requires an unsupported digest/signature scheme.
-			<dt>106 (unsupported identity type)<dd>The client or server has requested an identity scheme the other does not support.<dt>107 (bad signature length)
-			<dd>The signature length does not match the current public key.
-			<dt>108 (signature not verified)
-			<dd>The message fails the signature check. It could be bogus or signed by a different private key.
-			<dt>109 (certificate not verified)
-			<dd>The certificate is invalid or signed with the wrong key.<dt>110 (host certificate expired)<dd>The old server certificate has expired.<dt>111 (bad or missing cookie)
-			<dd>The cookie is missing, corrupted or bogus.
-			<dt>112 (bad or missing leapseconds table)
-			<dd>The leapseconds table is missing, corrupted or bogus.
-			<dt>113 (bad or missing certificate)
-			<dd>The certificate is missing, corrupted or bogus.
-			<dt>114 (bad or missing group key)<dd>The identity key is missing, corrupt or bogus.
-		
-			<dt>115 (protocol error)
-			<dd>The protocol state machine has wedged due to unexpected restart
-			<dt>116 (server certificate expired)
-			<dd>The old server certificate has expired.
-		</dl>
-		<h4 id="file">Files</h4>
-		<p>See the <a href="keygen.html"><tt>ntp-keygen</tt></a> page.</p>
-		<h4 id="leap">Leapseconds Table</h4>
-		<p>The NIST provides a file documenting the epoch for all historic occasions of leap second insertion since 1972. The leapsecond table shows each epoch of insertion along with the offset of International Atomic Time (TAI) with respect to Coordinated Universal Time (UTC), as disseminated by NTP. The table can be obtained directly from NIST national time servers using <tt>ftp</tt> as the ASCII file <tt>pub/leap-seconds</tt>.</p>
-		<p>While not strictly a security function, the Autokey protocol provides means to securely retrieve the leapsecond table from a server or peer. Servers load the leapsecond table directly from the file specified in the <tt>crypto</tt> command, with default <tt>ntpkey_leap</tt>, while clients can obtain the table indirectly from the servers using the Autokey protocol. Once loaded, the table can be provided on request to other clients and servers.</p>
-		<hr>
-		<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
-	</body>
+<head>
+<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
+<meta name="generator" content="HTML Tidy, see www.w3.org">
+<title>Authentication Options</title>
+<link href="scripts/style.css" type="text/css" rel="stylesheet">
+<style type="text/css">
+<!--
+.style1 {	color: #FF0000;
+	font-weight: bold;
+}
+-->
+</style>
+</head>
+
+<body>
+<h3>Authentication Options</h3>
+<img src="pic/alice44.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/%7emills/pictures.html">from <i>Alice's Adventures in Wonderland</i>, Lewis Carroll</a>
+
+<p>Our resident cryptographer; now you see him, now you don't.</p>
+
+<p>Last update: 
+			<!-- #BeginDate format:En2m -->14-Apr-2010  20:49<!-- #EndDate -->
+UTC</p>
+<br clear="left">
+
+<h4>Related Links</h4>
+
+<script type="text/javascript" language="javascript" src="scripts/command.txt"></script>
+<script type="text/javascript" language="javascript" src="scripts/authopt.txt"></script>
+
+<h4>Table of Contents</h4>
+
+<ul>
+<li class="inline"><a href="#auth">Introduction</a></li>
+<li class="inline"><a href="#symm">Symmetric Key Cryptography</a></li>
+<li class="inline"><a href="#pub">Public Key Cryptography</a></li>
+<li class="inline"><a href="#group">NTP Secure Groups</a></li>
+<li class="inline"><a href="#ident">Identity Schemes and Cryptotypes</a></li>
+<li class="inline"><a href="#cfg">Configuration</a></li>
+<li class="inline"><a href="#exam">Examples</a></li>
+<li class="inline"><a href="#cmd">Authentication Commands</a></li>
+<li class="inline"><a href="#err">Error Codes</a></li>
+<li class="inline"><a href="#file">Files</a></li>
+</ul>
+
+<hr>
+
+<h4 id="auth">Introduction</h4>
+
+<p>This page describes the various cryptographic authentication provisions  in
+	NTPv4. Details about the configuration commands and options are given on
+	the <a href="confopt.html">Configuration
+	Options</a> page. Details about the automatic server discovery schemes are described
+	on the <a href="manyopt.html">Automatic Server Discovery Schemes</a> page. Additional
+	information is available in the papers, reports, memoranda and briefings
+	cited on the <a href="http://www.eecis.udel.edu/~mills/ntp.html"> NTP Project</a> page.
+	Authentication support allows the NTP client to verify that servers are in
+	fact known and trusted and not intruders intending accidentally or intentionally
+	to masquerade as a legitimate server.</p>
+
+<p> The NTPv3 specification RFC-1305 defines a  scheme properly described as
+	symmetric key cryptography. It uses the Data Encryption Standard (DES)
+	algorithm operating in cipher-block chaining (CBC) mode. Subsequently, this
+	scheme was replaced by the RSA Message Digest 5 (MD5) algorithm commonly
+	called keyed-MD5. Either algorithm computes a message digest or one-way hash
+	which can be used to verify the client has the same key and key identifier
+	as the server. If the OpenSSL cryptographic library is installed, support
+	is available for all algorithms included in the library. Note however, if
+	conformance to FIPS 140-2 is required, only a limited subset of these algorithms
+	is available.</p>
+
+<p>NTPv4 includes the NTPv3 scheme
+	and optionally a new scheme based on public key cryptography and called
+	Autokey. Public key cryptography is generally considered more secure than
+	symmetric key cryptography, since the security is based on private and public
+	values which are generated by each participant and where the private value
+	is never revealed. Autokey uses X.509 public certificates, which can be produced
+	by commercial services, utility programs in the OpenSSL software library
+	or the <a href="keygen.html"><tt>ntp-keygen</tt></a> utility
+	program in the NTP software distribution.</p>
+
+<p>While the algorithms for MD5 symmetric key cryptography are included in the
+	NTPv4 software distribution, modern algorithms for symmetric key and public
+	key cryptograpny   requires the OpenSSL software library
+	to be installed before building the NTP distribution. This library is available
+	from <a href="http://www.openssl.org">http://www.openssl.org</a> and
+	can be installed using the procedures outlined in the <a href="build.html">Building
+	and Installing the Distribution</a> page. Once installed, the configure and
+	build process automatically detects the library and links the library routines
+	required.</p>
+
+<p>Note that according to US law, NTP binaries including OpenSSL library components,
+	including the OpenSSL library itself, cannot be exported outside the
+	US without license from the US Department of Commerce. Builders outside the
+	US are advised to obtain the OpenSSL library directly from OpenSSL, which
+	is outside the US, and build outside the US.</p>
+
+<p>Authentication is configured separately for each association using the <tt>key</tt> or <tt>autokey</tt> option of the <tt>server</tt> configuration command, as described in the <a href="confopt.html">Server Options</a> page, and the options described on this page. The <a href="keygen.html">ntp-keygen</a> page describes the files required for the various authentication schemes. Further details are in the briefings, papers and reports at the NTP project page linked from <a href="http://www.ntp.org">www.ntp.org</a>.</p>
+
+<h4 id="symm">Symmetric Key Cryptography</h4>
+
+<p>The original RFC-1305 specification allows any one of possibly 65,534 keys
+	(excluding zero), each distinguished by a 32-bit key ID, to authenticate
+	an association. The servers and clients involved must agree on the key, key
+	ID and key type to authenticate NTP packets. If an NTP packet includes a
+	message authentication code (MAC), consisting of a key ID and message digest,
+	it is accepted only if the key ID matches a trusted key and the message digest
+	is verified with this key. Note that for historic reasons the message digest
+	algorithm is not consistent with RFC-1828. The digest is computed directly
+	from the concatenation of the key string followed by the packet contents
+	with the exception of the MAC itself.</p>
+ 
+<p>Keys and related information are specified in a keys file, usually called <tt>ntp.keys</tt>,
+	which must be distributed and stored using secure means beyond the scope
+	of the NTP protocol itself. Besides the keys used for ordinary NTP associations,
+	additional keys can be used as passwords for the <tt><a href="ntpq.html">ntpq</a></tt> and <tt><a href="ntpdc.html">ntpdc</a></tt> utility
+	programs. Ordinarily, the <tt>ntp.keys</tt> file is generated by the <tt><a href="keygen.html">ntp-keygen</a></tt> program,
+	but it can be constructed and edited using an ordinary text editor. The
+	program generates pseudo-random keys, one key for each line. Each line consists
+	of three fields, the key identifier as a decimal number from 1 to 65534 inclusive,
+	a key type chosen from the  keywords of the <tt>digest</tt> option of the <tt>crypto</tt> command,
+	and a 20-character printable ASCII string or a 40-character hex string as
+	the key itself.</p>
+
+<p>When <tt>ntpd</tt> is first started, it reads the key file specified by the <tt>keys</tt> command and installs the keys in the key cache. However, individual keys must be activated with the <tt>trustedkey</tt> configuration command before use. This allows, for instance, the installation of possibly several batches of keys and then activating a key remotely using <tt>ntpdc</tt>. The <tt>requestkey</tt> command selects the key ID used as the password for the <tt>ntpdc</tt> utility, while the <tt>controlkey</tt> command selects the key ID used as the password for the <tt>ntpq</tt> utility.</p>
+<p>By default, the message digest algorithm is MD5 selected by the key type
+	<tt>M</tt> in the keys file. However, if the OpenSSL library is installed,
+	any message digest algorithm supported by that library can be used. The key
+	type is selected as the algorithm name given in the OpenSSL documentation.
+	The key type is associated with the key and can be different for different
+	 keys. The server and client
+	must share the same key, key ID and key type and both must be trusted. Note
+	that if conformance to FIPS 140-2 is required, the message digest algorithm
+	must conform to the Secure Hash Standard (SHS), which requires an algorithm
+	from the Secure Hash Algorithm (SHA) family, and the digital signature encryption
+	algorithm, if used, must conform to the Digital Signature Standard (DSS),
+	which requires the Digital Signature Algorithm (DSA).</p>
+<p>In addition to the above means,  <tt>ntpd</tt> now  supports
+	  Microsoft Windows MS-SNTP authentication using Active Directory services.
+	This support was contributed by the Samba Team and is still in development.
+	It is enabled using the <tt>mssntp</tt> flag
+	of the <tt>restrict</tt> command described on
+	the <a href="authopt.html">Access Control Options</a> page. <span class="style1">Note:
+	Potential users should be aware that these services involve a TCP connection
+	to another process that could potentially block, denying services to other
+	users. Therefore, this flag should be used only for a dedicated server with
+	no clients other than MS-SNTP.</span></p>
+<h4 id="pub">Public Key Cryptography</h4>
+
+<p>NTPv4 supports the Autokey security protocol, which is based on public key cryptography. The Autokey Version 2 protocol described on the <a href="http://www.eecis.udel.edu/%7emills/proto.html">Autokey Protocol</a> page verifies packet integrity using MD5 message digests and verifies the source using digital signatures and any of several digest/signature schemes. Optional identity schemes described on the <a href="http://www.eecis.udel.edu/~mills/ident.html">Autokey Identity Schemes</a> page are based on cryptographic challenge/response exchanges. These schemes provide strong security against replay with or without message modification, spoofing, masquerade and most forms of clogging attacks. These schemes are described along with an executive summary, current status, briefing slides and reading list on the <a href="http://www.eecis.udel.edu/~mills/autokey.html">Autonomous Authentication</a> page.</p>
+
+<p>Autokey authenticates individual packets using cookies bound to the IP source and destination addresses. The cookies must have the same addresses at both the server and client. For this reason operation with network address translation schemes is not possible. This reflects the intended robust security model where government and corporate NTP servers are operated outside firewall perimeters.</p>
+
+<p>There are three timeouts associated with the Autokey scheme. The key list timeout, which defaults to about 1.1 h, specifies the interval between generating new key lists. The revoke timeout, which defaults to about 36 h, specifies the interval between generating new private values. The restart timeout, with default about 5 d, specifies the interval between protocol restarts to refresh public values. In general, the behavior when these timeouts expire is not affected by the issues discussed on this page.</p>
+
+<h4 id="group">NTP Secure Groups</h4>
+
+<p>NTP secure groups are used to define cryptographic compartments and security
+	hierarchies. All hosts belonging to a secure group have the same group name
+	but different host names. The string specified in the <tt>host</tt> option of
+	the <tt>crypto</tt> command is the name of the host and the name used in the
+	host key, sign key and certificate files. The string specified in the <tt>ident</tt> option
+	of the <tt>crypto</tt> command is the group name of all group hosts and the
+	name used in the identity files. The file naming conventions are described on
+	the <a href="keygen.html">ntp-keygen</a> page.</p>
+
+<p>Each group includes one or more trusted hosts (THs) operating at the root, or lowest stratum in the group. The group name is used in the subject and issuer fields of the TH self-signed trusted certificate for these hosts. The host name is used in the subject and issuer fields of the self-signed certificates for all other hosts.</p>
+
+<p>All group hosts are configured to provide an unbroken path, called a certificate trail, from each host, possibly via intermediate hosts and ending at a TH. When a host starts up, it recursively retrieves the certificates along the trail in order to verify group membership and avoid masquerade and middleman attacks.</p>
+
+<p>Secure groups can be configured as hierarchies where a TH of one group can be a client of one or more other groups operating at a lower stratum. A certificate trail consist of a chain of hosts starting at a client, leading through secondary servers of progressively lower stratum and ending at a TH. In one scenario, groups RED and GREEN can be cryptographically distinct, but both be clients of group BLUE operating at a lower stratum. In another scenario, group CYAN can be a client of multiple groups YELLOW and MAGENTA, both operating at a lower stratum. There are many other scenarios, but all must be configured to include only acyclic certificate trails.</p>
+
+<h4 id="ident">Identity Schemes and Cryptotypes</h4>
+
+<p>All configurations include a public/private host key pair and matching certificate. Absent an identity scheme, this is a Trusted Certificate (TC) scheme. There are three identity schemes, IFF, GQ and MV described on the <a href="http://www.eecis.udel.edu/%7emills/ident.html">Identity Schemes</a> page. With these schemes all servers in the group have encrypted server identity keys, while clients have nonencrypted client identity parameters. The client parameters can be obtained from a trusted agent (TA), usually one of the THs of the lower stratum group. Further information on identity schemes is on the <a href="http://www.eecis.udel.edu/~mills/ident.html">Autokey Identity Schemes</a> page.</p>
+
+<p>A specific combination of authentication and identity schemes is called a
+	cryptotype, which applies to clients and servers separately. A group can be
+	configured using more than one cryptotype combination, although not all combinations
+	are interoperable. Note however that some cryptotype combinations may successfully
+	intemperate with each other, but may not represent good security practice. The
+	server and client cryptotypes are defined by the the following codes.</p>
+
+<dl>
+<dt>NONE</dt>
+<dd>A client or server is type NONE if authentication is not available or not configured. Packets exchanged between client and server have no MAC.</dd>
+
+<dt>AUTH</dt>
+<dd>A client or server is type AUTH&nbsp;if the <tt>key</tt> option is specified with the <tt>server</tt> configuration command and the client and server keys are compatible. Packets exchanged between clients and servers have a MAC.</dd>
+
+<dt>PC</dt>
+<dd>A client or server is type PC if the <tt>autokey</tt> option is specified with the <tt>server</tt> configuration command and compatible host key and private certificate files are present. Packets exchanged between clients and servers have a MAC.</dd>
+
+<dt>TC</dt>
+<dd>A client or server is type TC  if the <tt>autokey</tt> option is specified with the <tt>server</tt> configuration command and compatible host key and public certificate files are present. Packets exchanged between clients and servers have a MAC.</dd>
+
+<dt>IDENT</dt>
+			<dd>A client or server is type IDENT  if the <tt>autokey</tt> option is specified with the <tt>server</tt> configuration command and compatible host key, public certificate and identity scheme files are present. Packets exchanged between clients and servers have a MAC.</dd>
+
+</dl>
+
+<p>The compatible cryptotypes for clients and servers are listed in the following table.</p>
+
+<table width="100%" border="1" cellpadding="4">
+
+<tr>
+<td align="center">Client/Server</td>
+<td align="center">NONE</td>
+<td align="center">AUTH</td>
+<td align="center">PC</td>
+<td align="center">TC</td>
+<td align="center">IDENT</td>
+</tr>
+
+<tr>
+<td align="center">NONE</td>
+<td align="center">yes</td>
+<td align="center">yes*</td>
+<td align="center">yes*</td>
+<td align="center">yes*</td>
+<td align="center">yes*</td>
+</tr>
+
+<tr>
+<td align="center">AUTH</td>
+<td align="center">no</td>
+<td align="center">yes</td>
+<td align="center">no</td>
+<td align="center">no</td>
+<td align="center">no</td>
+</tr>
+
+<tr>
+<td align="center">PC</td>
+<td align="center">no</td>
+<td align="center">no</td>
+<td align="center">yes</td>
+<td align="center">no</td>
+<td align="center">no</td>
+</tr>
+
+<tr>
+<td align="center">TC</td>
+<td align="center">no</td>
+<td align="center">no</td>
+<td align="center">no</td>
+<td align="center">yes</td>
+<td align="center">yes</td>
+</tr>
+
+<tr>
+<td align="center">IDENT</td>
+<td align="center">no</td>
+<td align="center">no</td>
+<td align="center">no</td>
+<td align="center">no</td>
+<td align="center">yes</td>
+</tr>
+
+</table>
+
+<p>* These combinations are not valid if the restriction list includes the <tt>notrust</tt> option.</p>
+
+<h4 id="cfg">Configuration</h4>
+	
+<p>Autokey has an intimidating number of configuration options, most of which are not necessary in typical scenarios. The simplest scenario consists of a TH where the host name of the TH is also the name of the group. For the simplest identity scheme TC, the TH generates host key and trusted certificate files using the <tt>ntp-keygen -T</tt> command, while the remaining group hosts use the same command with no options to generate the host key and public certificate files. All hosts use the <tt>crypto</tt> configuration command with no options. Configuration with passwords is described in the <a href="keygen.html">ntp-keygen</a> page. All group hosts are configured as an acyclic tree with root the TH.</p>
+
+<p>When an identity scheme is included, for example IFF, the TH generates host
+	key, trusted certificate and private server identity key files using the <tt>ntp-keygen
+	-T -I -i <i>group</i></tt> command, where <tt><i>group</i></tt> is the group
+	name. The remaining group hosts use the same command as above. All hosts
+	use the <tt>crypto ident group<i></i></tt> configuration command.</p>
+
+<p>Hosts with no dependent clients can retrieve client parameter files from an
+	archive or web page. The <tt>ntp-keygen</tt> can export these data using the <tt>-e</tt> option.
+	Hosts with dependent clients other than the TH must retrieve copies of the server
+	key files using secure means. The <tt>ntp-keygen</tt> can export these data
+	using the <tt>-q</tt> option. In either case the data are installed as a file
+	and then renamed using the name given as the first line in the file, but without
+	the filestamp.</p>
+
+<h4 id="exam">Examples</h4>
+
+<div align="center">
+<img src="pic/group.gif" alt="gif">
+</div>
+
+<p>Consider a scenario involving three secure groups RED, GREEN and BLUE. RED and BLUE are typical of national laboratories providing certified time to the Internet at large. As shown ion the figure, RED TH mort and BLUE TH macabre run NTP symmetric mode with each other for monitoring or backup. For the purpose of illustration, assume both THs are primary servers. GREEN is typical of a large university providing certified time to the campus community. GREEN TH howland is a broadcast client of both RED and BLUE. BLUE uses the IFF scheme, while both RED and GREEN use the GQ scheme, but with different keys. YELLOW is a client of GREEN and for purposes of illustration a TH for YELLOW.</p>
+
+<p>The BLUE TH macabre uses configuration commands</p>
+
+<p><tt>crypto pw qqsv ident blue</tt><br>
+<tt>peer mort autokey</tt><br>
+<tt>broadcast <i>address</i> autokey</tt></p>
+
+<p>where <tt>qqsv</tt> is the password for macabre files and <i>address</i> is the broadcast address for the local LAN. It generates BLUE files using the commands</p>
+
+<p><tt>ntp-keygen -p qqsv -T -G -i blue</tt><br>
+<tt>ntp-keygen -p qqsv -e &gt;ntpkey_gqpar_blue</tt></p>
+
+<p>The first line generates the host, trusted certificate and private GQ server keys file. The second generates the public GQ client parameters file, which can have any nonconflicting mnemonic name.</p>
+
+<p>The RED TH mort uses configuration commands</p>
+
+<p><tt>crypto pw xxx ident red</tt><br>
+<tt>peer macabre autokey</tt><br>
+<tt>broadcast <i>address</i> autokey</tt></p>
+
+<p>where <tt>xxx</tt> is the password for mort files. It generates RED files using the commands</p>
+
+<p><tt>ntp-keygen -p xxx -T -I -i red</tt><br>
+<tt>ntp-keygen -p xxx -e &gt;ntpkey_iffpar_red</tt></p>
+
+<p> The GREEN TH howland uses configuration commands</p>
+
+<p><tt>crypto pw yyy ident green</tt><br>
+<tt>broadcastclient</tt></p>
+
+<p>where <tt>yyy</tt> is the password for howland files. It generates GREEN files using the commands</p>
+
+<p><tt>ntp-keygen -p yyy -T -G -i green</tt><br>
+<tt>ntp-keygen -p yyy -e &gt;ntpkey_gqpar_green</tt><br>
+<tt>ntp-keygen -p yyy -q zzz &gt;zzz_ntpkey_gqkey_green</tt></p>
+
+<p>The first two lines serve the same purpose as the preceding examples. The
+	third line generates a copy of the private GREEN server file for use on another
+	server in the same group, say YELLOW, but encrypted with the <tt>zzz</tt> password.</p>
+
+<p>A client of GREEN, for example YELLOW, uses the configuration commands</p>
+
+<p><tt>crypto pw abc ident green</tt><br>
+<tt>server howland autokey</tt></p>
+
+<p>where <tt>abc</tt> is the password for its files. It generates files using the command</p>
+
+<p><tt>ntp-keygen -p abc</tt></p>
+
+<p>The client retrieves the client file for that group from a public archive or web page using nonsecure means. In addition, each server in a group retrieves the private server keys file from the TH of that group, but it is encrypted and so must be sent using secure means. The files are installed in the keys directory with name taken from the first line in the file, but without the filestamp.</p>
+
+<p>Note that if servers of different groups, in this case RED and BLUE, share the same broadcast media, each server must have client files for all groups other than its own, while each client must have client files for all groups. Note also that this scenario is for illustration only and probably would not be wise for practical use, as if one of the TH reference clocks fails, the certificate trail becomes cyclic. In such cases the symmetric path between RED and BLUE, each in a different group, would not be a good idea.</p>
+
+<h4 id="cmd">Authentication Commands</h4>
+
+<dl>
+
+<dt id=automax><tt>automax [<i>logsec</i>]</tt></dt>
+<dd>Specifies the interval between regenerations of the session key list used with the Autokey protocol, as a power of 2 in seconds. Note that the size of the key list for each association depends on this interval and the current poll interval. The default interval is 12 (about 1.1 h). For poll intervals above the specified interval, a session key list with a single entry will be regenerated for every message sent.</dd>
+
+<dt id="controlkey"><tt>controlkey <i>keyid</i></tt></dt>
+<dd>Specifies the key ID to use with the <a
+	href="ntpq.html"><tt>ntpq</tt></a> utility, which uses the
+	standard protocol defined in RFC-1305. The <tt><i>keyid</i></tt>
+	argument is the key ID for a <a href="#trustedkey">trusted
+	key</a>, where the value can be in the range 1 to 65534,
+	inclusive.</dd>
+
+<dt id="crypto"><tt>crypto [randfile <i>file</i>] [host <i>name</i>] [ident <i>name</i>] [pw <i>password</i>]</tt></dt>
+<dd>This command requires the OpenSSL library. It activates public key cryptography
+	and loads the required host key and public certificate. If one or more files
+	are left unspecified, the default names are used as described below. Unless
+	the complete path and name of the file are specified, the location of a file
+	is relative to the keys directory specified in the <tt>keysdir</tt> configuration
+	command or default <tt>/usr/local/etc</tt>. Following are the options.</dd>
+
+<dd><dl>
+
+<dt><tt>digest</tt> <tt>MD2</tt> | <tt>MD4</tt> | <tt>MD5</tt> | <tt>MDC2</tt> | <tt>RIPEMD160</tt> | <tt>SHA</tt> | <tt>SHA1</tt></dt>
+<dd>Specify the message digest algorithm, with default MD5. If the OpenSSL library
+	is installed, <tt><i>name</i></tt> can be be any message digest algorithm supported
+	by the library  not exceeding 160 bits in length. However, all Autokey
+	participants in an Autokey subnet must use the same algorithm. Note that
+	the Autokey message digest algorithm is separate and distinct form the symmetric
+	key message digest algorithms. Note: If compliance with FIPS 140-2 is required,
+	the algorithm must be ether <tt>SHA</tt> or <tt>SHA1</tt>.</dd>
+
+<dt><tt>host <i>name</i></tt></dt>
+<dd>Specifies the string used when constructing the names for the host, sign
+	and certificate files generated by the <tt>ntp-keygen</tt> program  with the <tt>-s <i>name</i></tt> option.</dd>
+
+<dt><tt>ident <i>name</i></tt></dt>
+<dd>Specifies the string used in constructing the identity files generated by the <tt>ntp-keygen</tt> program with the <tt>-i <i>name</i></tt> option.</dd>
+
+<dt><tt>pw <i>password</i></tt></dt>
+<dd>Specifies the password to decrypt files previously encrypted by the <tt>ntp-keygen</tt> program with the <tt>-p</tt> option.</dd>
+
+<dt><tt>randfile <i>file</i></tt></dt>
+<dd>Specifies the location of the random seed file used by the OpenSSL library. The defaults are described on the <tt>ntp-keygen</tt> page.</dd>
+
+</dl></dd>
+
+<dt id="keys"><tt>keys <i>keyfile</i></tt></dt>
+<dd>Specifies the complete path to the MD5 key file containing the keys and key IDs used by <tt>ntpd</tt>, <tt>ntpq</tt> and <tt>ntpdc</tt> when operating with symmetric key cryptography. This is the same operation as the <tt>-k </tt>command line option. Note that the directory path for Autokey media is specified by the <tt>keysdir</tt> command.</dd>
+
+<dt id="keysdir"><tt>keysdir <i>path</i></tt>K</dt>
+<dd>This command specifies the default directory path for Autokey cryptographic keys, parameters and certificates. The default is <tt>/usr/local/etc/</tt>. Note that the path for the symmetric keys file is specified by the <tt>keys</tt> command.</dd>
+
+<dt id="requestkey"><tt>requestkey <i>keyid</i></tt></dt>
+<dd>Specifies the key ID to use with the
+	<a href="ntpdc.html"><tt>ntpdc</tt></a> utility program, which
+	uses a proprietary protocol specific to this implementation of
+	<tt>ntpd</tt>. The <tt><i>keyid</i></tt> argument is a key ID
+	for a <a href="#trustedkey">trusted key</a>, in the range 1 to
+	65534, inclusive.</dd>
+
+<dt id="revoke"><tt>revoke [<i>logsec</i>]</tt></dt>
+<dd>Specifies the interval between re-randomization of certain cryptographic values used by the Autokey scheme, as a power of 2 in seconds. These values need to be updated frequently in order to deflect brute-force attacks on the algorithms; however, updating some values is a relatively expensive operation. The default interval is 17 (about 36 h). For poll intervals above the specified interval, the values will be updated for every message sent.</dd>
+
+<dt id="trustedkey"><tt>trustedkey [<i>keyid</i> | (<i>lowid</i> ... <i>highid</i>)] [...]</tt></dt>
+<dd>Specifies the key ID(s) which are trusted for the purposes of
+	authenticating peers with symmetric key cryptography.  Key IDs
+	used to authenticate <tt>ntpq</tt> and <tt>ntpdc</tt> operations
+	must be listed here and additionally be enabled with
+	<a href="#controlkey">controlkey</a> and/or
+	<a href="#requestkey">requestkey</a>. The authentication
+	procedure for time transfer require that both the local and
+	remote NTP servers employ the same key ID and secret for this
+	purpose, although different keys IDs may be used with different
+	servers. Ranges of trusted key IDs may be specified:
+	"<tt>trustedkey (1 ... 19) 1000 (100 ... 199)</tt>" enables the
+	lowest 120 key IDs which start with the digit 1. The spaces
+	surrounding the ellipsis are required when specifying a range.</dd>
+</dl>
+
+<h4 id="err">Error Codes</h4>
+
+<p>Errors can occur due to mismatched configurations, unexpected protocol restarts, expired certificates and unfriendly people. In most cases the protocol state machine recovers automatically by retransmission, timeout and restart, where necessary. Some errors are due to mismatched keys, digest schemes or identity schemes and must be corrected by installing the correct media and/or correcting the configuration file. One of the most common errors is expired certificates, which must be regenerated and signed at least once per year using the <a href="keygen.html"><tt>ntp-keygen</tt> - generate public and private keys</a> program.</p>
+
+<p>The following error codes are reported via the NTP control and monitoring protocol trap mechanism and to the <tt>cryptostats</tt> monitoring file if configured.</p>
+
+<dl>
+
+<dt>101 bad field format or length</dt>
+<dd>The packet has invalid version, length or format.</dd>
+
+<dt>102 bad timestamp</dt>
+<dd>The packet timestamp is the same or older than the most recent received. This could be due to a replay or a server clock time step.</dd>
+
+<dt>103 bad filestamp</dt>
+<dd>The packet filestamp is the same or older than the most recent received. This could be due to a replay or a key file generation error.</dd>
+
+<dt>104 bad or missing public key</dt>
+<dd>The public key is missing, has incorrect format or is an unsupported type.</dd>
+
+<dt>105 unsupported digest type</dt>
+<dd>The server requires an unsupported digest/signature scheme.</dd>
+
+<dt>106 unsupported identity type</dt>
+<dd>The client or server has requested an identity scheme the other does not support.</dd>
+
+<dt>107 bad signature length</dt>
+<dd>The signature length does not match the current public key.</dd>
+
+<dt>108 signature not verified</dt>
+<dd>The message fails the signature check. It could be bogus or signed by a different private key.</dd>
+
+<dt>109 certificate not verified</dt>
+<dd>The certificate is invalid or signed with the wrong key.</dd>
+
+<dt>110 host certificate expired</dt>
+<dd>The old server certificate has expired.</dd>
+
+<dt>111 bad or missing cookie</dt>
+<dd>The cookie is missing, corrupted or bogus.</dd>
+
+<dt>112 bad or missing leapseconds table</dt>
+<dd>The leapseconds table is missing, corrupted or bogus.</dd>
+
+<dt>113 bad or missing certificate</dt>
+<dd>The certificate is missing, corrupted or bogus.</dd>
+
+<dt>114 bad or missing group key</dt>
+<dd>The identity key is missing, corrupt or bogus.</dd>
+
+<dt>115 protocol error</dt>
+<dd>The protocol state machine has wedged due to unexpected restart.</dd>
+
+</dl>
+
+<h4 id="file">Files</h4>
+
+<p>See the <a href="keygen.html"><tt>ntp-keygen</tt></a> page. Note that provisions to load leap second values from the NIST files have been removed. These provisions are now available whether or not the OpenSSL library is available. However, the functions that can download these values from servers remains available.</p>
+
+<hr>
+
+<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
+
+</body>
 
 </html>
\ No newline at end of file
diff --git a/html/bugs.html b/html/bugs.html
new file mode 100644
index 0000000..2129db2
--- /dev/null
+++ b/html/bugs.html
@@ -0,0 +1,32 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+
+<html>
+
+	<head>
+		<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
+		<meta name="generator" content="HTML Tidy, see www.w3.org">
+		<title>NTP Bug Reporting Procedures</title>
+		<link href="scripts/style.css" type="text/css" rel="stylesheet">
+	</head>
+
+	<body>
+		<h3>NTP Bug Reporting Procedures</h3>
+		<img src="pic/hornraba.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/%7emills/pictures.html">from <i>Alice's Adventures in Wonderland</i>, Lewis Carroll</a>
+		<p>The rabbit toots to make sure you read this.</p>
+		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">04:05</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="250">Sunday, March 02, 2008</csobj></p>
+		.<br clear="left">
+		<hr>
+		<h4> Security Bug Reporting Procedures</h4>
+		<p>If you find or suspect a security related program bug in this distribution, please send a report to <a href="mailto:security@ntp.org">security@ntp.org</a>. Please do not contact developers directly.</p>
+		<h4>Non-Security Bug Reporting Procedures</h4>
+		<p>If you find or suspect a non-security related program bug in this distribution, please send a report to the NTP Public Service Project Bug Tracking System (Bugzilla) at <a href="http://bugs.ntp.org/">http://bugs.ntp.org/</a>. Bugs reported this way are immediately forwarded to the developers. Please do not contact the developers directly.</p>
+		<p>If you find or suspect an error in the program documentation pages, please
+			send a report directly to the editor David Mills at <a href="mailto:mills@udel.edu">mills@udel.edu</a>.
+			The master documentation pages are not controlled by the bug tracking system.
+			You are invited to contribute new or revised pages in similar style and format.</p>
+		<p>If you wish to send a report via electronic mail, please remember that your report will be held until one of our volunteers enters it in Bugzilla. The email address for these reports is <a href="mailto:bugs@ntp.org">bugs@ntp.org</a>.  You will need to register at <a href="http://bugs.ntp.org/">http://bugs.ntp.org/</a> so that you may participate directly in any e-mail discussion regarding your report.</p>
+		<hr>
+		<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
+	</body>
+
+</html>
\ No newline at end of file
diff --git a/html/build.html b/html/build.html
new file mode 100644
index 0000000..d0f1fe3
--- /dev/null
+++ b/html/build.html
@@ -0,0 +1,59 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+
+<html>
+
+	<head>
+		<meta http-equiv="content-type" content="text/html;charset=windows-1252">
+		<meta name="generator" content="HTML Tidy, see www.w3.org">
+		<title>Building and Installing the Distribution</title>
+		<link href="scripts/style.css" type="text/css" rel="stylesheet">
+	</head>
+
+	<body>
+		<h3>Building and Installing the Distribution</h3>
+		<img src="pic/beaver.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/%7emills/pictures.html">from <i>Pogo</i>, Walt Kelly</a>
+		<p>For putting out compiler fires.</p>
+		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">16:45</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="250">Sunday, March 02, 2008</csobj></p>
+		<br clear="left">
+		<h4>Related Links</h4>
+		<script type="text/javascript" language="javascript" src="scripts/install.txt"></script>
+		<h4>Table of Contents</h4>
+		<ul>
+			<li class="inline"><a href="#build">Building and Installing the Distribution</a>
+			<li class="inline"><a href="#unix">Building and Installing for Unix</a>
+			<li class="inline"><a href="#win">Building and Installing for Windows</a>
+			<li class="inline"><a href="#conf">Configuration</a>
+			<li class="inline"><a href="#prob">If You Have Problems</a>
+			<li class="inline"><a href="#make">Additional <tt>make</tt> Commands</a>
+		</ul>
+		<hr>
+		<h4 id="build">Building and Installing the Distribution</h4>
+		<p>It is not possible in a software distribution such as this to support every individual computer and operating system with a common executable, even with the same system but different versions and options. Therefore, it is necessary to configure, build and install for each system and version. In almost all cases, these procedures are completely automatic, The user types <tt>./configure</tt>, <tt>make</tt> and <tt>install</tt> in that order and the autoconfigure system does the rest. There are some exceptions, as noted below and on the <a href="hints.html">Hints and Kinks</a> pages.</p>
+		<p>If available, the OpenSSL library from <a href="http://www.openssl.org">http://www.openssl.org</a> is used to support public key cryptography. The library must be built and installed prior to building NTP. The procedures for doing that are included in the OpenSSL documentation. The library is found during the normal NTP configure phase and the interface routines compiled automatically. Only the <tt>libcrypto.a</tt> library file and <tt>openssl</tt> header files are needed. If the library is not available or disabled, this step is not required.</p>
+		<p>The <a href="config.html">Build Options</a> page describes a number of options that determine whether debug support is included, whether and which reference clock drivers are included and the locations of the executables and library files, if not the default. By default debugging options and all reference clock drivers are included.</p>
+		<h4 id="unix">Building and Installing for Unix</h4>
+		<p>This distribution uses common compilers and tools that come with most Unix distributions. Not all of these tools exist in the standard distribution of modern Unix versions (compilers are likely to be an add-on product). If this is the case, consider using the GNU tools and <tt>gcc</tt> compiler included as freeware in some systems. For a successful build, all of these tools should be accessible via the current path.</p>
+		<p>The first thing to do is uncompress the distribution and extract the source tree. In the distribution base directory use the <tt>./configure </tt>command to perform an automatic configuration procedure. This command inspects the hardware and software environment and configures the build process accordingly. Use the <tt>make</tt> command to compile and link the distribution and the <tt>install</tt> command to install the executables by default in <tt>/usr/local/bin</tt>.</p>
+		<p>If your site supports multiple architectures and uses NFS to share files, you can use a single source tree to build executables for multiple architectures. While running on a particular architecture, change to the base directory and create a subdirectory using a command like <tt>mkdir A.machine, </tt>which will create an architecture-specific directory, then change to this directory and mumble <tt>../configure</tt>. The remaining steps are the same whether building in the base directory or in the subdirectory.</p>
+		<h4 id="win">Building and Installing for Windows</h4>
+		<p>NTP supports Windows Vista, XP, NT4 and 2000 systems. See the <a href="hints/winnt.html">NTP 4.x for Windows NT</a> page for directions to compile the sources and install the executables. A precompiled executable is available.</p>
+		<h4 id="conf">Configuration</h4>
+		<p>You are now ready to configure the daemon. You will need to create a NTP configuration file by default in <tt>/etc/ntp.conf.</tt> Newbies should see the <a href="quick.html">Quick Start</a> page for orientation. Seasoned veterans can start with the <a href="ntpd.html"><tt>ntpd</tt> - Network Time Protocol (NTP) daemon</a> page and move on to the specific configuration option pages from there.</p>
+		<h4 id="prob">If You Have Problems</h4>
+		<p>If you have problems with your hardware and software environment (e.g. operating system-specific issues), browse the <a href="hints.html">Hints and Kinks</a> pages. For other problems a tutorial on debugging technique is in the <a href="debug.html">NTP Debugging Technique</a> page. A list of important system log messages is on the <a href="msyslog.html"><tt>ntpd</tt> System Log Messages</a> page.</p>
+		<p>The first line of general assistance is the NTP web site <a href="http://www.ntp.org">www.ntp.org</a> and the helpful documents resident there. Requests for assistance of a general nature and of interest to other timekeepers should be sent to the NTP newsgroup comp.protocols.time.ntp.</p>
+		<p>Users are invited to report bugs and offer suggestions via the <a href="bugs.html">NTPáBug Reporting Procedures</a> page.</p>
+		<h4 id="make">Additional <tt>make</tt> commands</h4>
+		<dl>
+			<dt><tt>make clean</tt>
+			<dd>Cleans out object files, programs and temporary files.
+			<dt><tt>make distclean</tt>
+			<dd>Does the work of <tt>clean</tt>, but cleans out all directories in preparation for a new distribution release.
+			<dt><tt>make dist</tt>
+			<dd>Does the work of <tt>make distclean</tt>, but constructs compressed tar files for distribution. You must have GNU automake to perform this function.
+		</dl>
+		<hr>
+		<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
+	</body>
+
+</html>
\ No newline at end of file
diff --git a/html/build/build.html b/html/build/build.html
deleted file mode 100644
index 0bb49af..0000000
--- a/html/build/build.html
+++ /dev/null
@@ -1,83 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-
-<html>
-
-    <head>
-        <meta name="generator" content="HTML Tidy, see www.w3.org">
-        <title>Building and Installing the Distribution</title>
-        <link href="scripts/style.css" type="text/css" rel="stylesheet">
-    </head>
-
-    <body>
-        <h3>Building and Installing the Distribution</h3>
-        <img src="../pic/beaver.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/%7emills/pictures.html">from <i>Pogo</i>, Walt Kelly</a>
-        <p>For putting out compiler fires.</p>
-        <p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="99">03:06 AM</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="270">Monday, October 13, 2003</csobj></p>
-        <br clear="left">
-        <h4>Related Links</h4>
-        <script type="text/javascript" language="javascript" src="scripts/links7.txt"></script>
-        <h4>Table of Contents</h4>
-        <ul>
-            <li class="inline"><a href="#build">Building and Installing the Distribution</a>
-            <li class="inline"><a href="#unix">Building and Installing under Unix</a>
-            <li class="inline"><a href="#comp">Compilation</a>
-            <li class="inline"><a href="#install">Installation</a>
-            <li class="inline"><a href="#config">Configuration</a>
-            <li class="inline"><a href="#prob">If You Have Problems</a>
-            <li class="inline"><a href="#win">Building and Installing under Windows NT</a>
-        </ul>
-        <hr>
-        <h4 id="build">Building and Installing the Distribution</h4>
-        <p>As a practical matter, every computer architecture and operating system version seems to be different than any other. The device drivers may be different, the input/output system may be idiosyncratic and the libraries may have different semantics. It is not possible in a software distribution such as this one to support every individual system with a common set of binaries, even with the same system but different versions. Therefore, it is necessary to individually configure the software build for each system and version, both at compile time and at run time. In almost all cases, these procedures are completely automatic and all the newbie user need do is type &quot;configure&quot;, &quot;make&quot; and &quot;install&quot; in that order and the autoconfigure system does the rest. There are some exceptions, as noted below and on the <a href="hints.html">Hints and Kinks</a> page.</p>
-        <p>If available, the OpenSSL library from <a href="http://www.openssl.org">http://www.openssl.org</a> is used to support public key cryptography. The library must be built and installed prior to building NTPv4. The procedures for doing that are included in the OpenSSL documentation. The library is found during the normal NTPv4 configure phase and the interface routines compiled automatically. Only the <tt>libcrypto.a</tt> library and associated header files are used. If the library is not available or disabled, this step is not required.</p>
-        <h4 id="unix">Building and Installing under Unix</h4>
-        <p>Make sure that you have all necessary tools for building executables. These tools include <tt>cc/gcc, make, awk, sed, tr, sh, grep, egrep</tt> and a few others. Not all of these tools exist in the standard distribution of modern Unix versions (compilers are likely to be an add-on product). If this is the case, consider using the GNU tools and <tt>gcc</tt> compiler. For a successful build, all of these tools should be accessible via the current path.</p>
-        <p>The first thing to do is uncompress the distribution and extract the source tree. In the distribution base directory use the <tt>./configure</tt> command to perform an automatic configuration procedure. This command inspects the hardware and software environment and tests for the presence of system header files and the contents of these files to determine if certain features are present. When one or more of these features are present, the code is compiled to use them; if not, no special code is compiled. However, even if the code is compiled to use these features, the code does a special test at run time to see if one or more are actually present and avoids using them if not present. In such cases a warning message is sent to the system log, but the daemon should still work properly.</p>
-        <p>The default build normally includes the debugging code, which can be useful in diagnosing problems found in initial test, and all reference clock drivers known to work with each machine and operating system. Unless memory space is at a premium, this is a sensible strategy and greatly simplifies debugging and support. If you need to delete either the debugging code or one or all reference clock drivers to save space, see the <a href="config.html">Configuration Options</a> page.</p>
-        <p>If your site supports multiple architectures and uses NFS to share files, you can use a single source tree to compile executables for all architectures. While running on a target architecture machine and in the distribution base directory create a subdirectory using a command like <tt>mkdir A.`config.guess`</tt>, which will create an architecture-specific directory with name peculiar to the architecture and operating system. Then change to this directory and emit a <tt>../configure</tt> command. The remaining steps are the same whether building in the base directory or in the subdirectory.</p>
-        <h4 id="comp">Compilation</h4>
-        <p>Use the <tt>make</tt> command to compile all source modules, construct the libraries and link the distribution. Expect few or no warnings using <tt>cc</tt> and a moderate level of warnings using <tt>gcc</tt>. Note: On some Unix platforms <tt>gcc</tt> may show quite a few complaints about system header files and type inconsistencies, especially with pointer variables. This is usually the case when the system header files are not up to ANSI standards or <tt>gcc </tt>expectations, when <tt>gcc</tt> is not installed properly, or when operating system updates and patches are applied and <tt>gcc</tt> is not reinstalled. While the autoconfigure process is quite thorough, the Unix programming cultures of the various workstation makers still remain idiosyncratic.</p>
-        <h4 id="install">Installation</h4>
-        <p>As root, use the <tt>make install</tt> command to install the binaries in the destination directory. Most commonly, these programs are installed in <tt>/usr/local/bin</tt>, but this can be overridden during configuration. You must of course have write permission on the install in the destination directory. This includes the following programs:</p>
-        <ul>
-            <li><a href="../ntpd.html"><tt>ntpd</tt> - Network Time Protocol (NTP) daemon</a>
-            <li><a href="../ntpq.html"><tt>ntpq</tt> - standard NTP query program</a>
-            <li><a href="../ntpdc.html"><tt>ntpdc</tt> - special NTP query program</a>
-            <li><a href="../ntpdate.html"><tt>ntpdate</tt> - set the date and time via NTP</a>
-            <li><a href="../ntptrace.html"><tt>ntptrace</tt> - trace a chain of NTP servers back to the primary source</a>
-        </ul>
-        <p>If the precision time kernel modifications are present, the following program is installed:</p>
-        <ul>
-            <li><a href="../ntptime.html"><tt>ntptime</tt> - read kernel time variables</a>
-        </ul>
-        <p>If the public key authentication functions are present, the following program is installed:</p>
-        <ul>
-            <li><a href="../keygen.html"><tt>ntp-keygen</tt> - generate public and private keys</a>
-        </ul>
-        <p>In some systems that include the capability to edit kernel variables, the following program is installed:</p>
-        <ul>
-            <li><a href="../tickadj.html"><tt>tickadj</tt> - set time-related kernel variables</a>
-        </ul>
-        <p>Cryptographic support, both symmetric and public key, requires one or more key files, commonly installed in <tt>/usr/local/etc</tt>. Public key cryptography requires a random seed file, usually called <tt>.rnd</tt>, installed in a dark place such as the root directory or <tt>/etc</tt>. Directions for generating keys is on the <a href="../authopt.html">Authentication Options</a> page.</p>
-        <h4 id="config">Configuration</h4>
-        <p>You are now ready to configure the daemon and start it. You will need to create a NTP configuration file <tt>ntp.conf</tt> and a cryptographic key file <tt>ntp.keys</tt>. The latter file is necessary only for remote configuration support, if needed. Newbies should see the <a href="quick.html">Quick Start</a> page for orientation. Seasoned veterans can start with the <a href="../ntpd.html"><tt>ntpd</tt> - Network Time Protocol (NTP) daemon</a> page and move on to the specific configuration option pages from there. A tutorial on NTP subnet design and configuration options is in the <a href="../notes.html">Notes on Configuring NTP and Setting up a NTP Subnet</a> page.</p>
-        <h4 id="prob">If You Have Problems</h4>
-        <p>If you have problems peculiar to the particular hardware and software environment (e.g. operating system-specific issues), browse the <a href="hints.html">Hints and Kinks</a> page. For other problems a tutorial on debugging technique is in the <a href="../debug.html">NTP Debugging Technique</a> page. As always, the first line of general assistance is the NTP web site <a href="http://www.ntp.org">www.ntp.org</a> and the FAQ resident there. Requests for assistance of a general nature and of interest to other timekeepers should be sent to the NTP newsgroup comp.protocols.time.ntp. Bug reports of a specific nature should be sent to <a href="mailto:bugs@mail.ntp.org">bugs@ntp.org</a>. Bug reports of a specific nature on features implemented by the programmer corps mentioned in the <a href="../copyright.html">Copyright</a> page should be sent directly to the implementor listed in that page, with copy to bugs@ntp.org.</p>
-        <p>Please include the version of the source distribution (e.g., ntp-4.0.70a) in your bug report, as well as billboards from the relevant utility programs and debug trace, if available. Please include the output of <tt>config.guess</tt> in your bug report. It will look something like:</p>
-        <p><tt>pdp11-dec-fuzzos3.4</tt></p>
-        <h4>Additional <tt>make</tt> commands</h4>
-        <dl>
-            <dt><tt>make clean</tt>
-            <dd>Cleans out object files, programs and temporary files.
-            <dt><tt>make distclean</tt>
-            <dd>Does the work of <tt>clean</tt>, but cleans out all directories in preparation for a new distribution release.
-            <dt><tt>make dist</tt>
-            <dd>Does the work of <tt>make distclean</tt>, but constructs compressed tar files for distribution. You must have GNU automake to perform this function.
-        </dl>
-        <h4 id="win">Building and Installing under Windows NT</h4>
-        <p>See <tt><a href="hints/winnt.html">hints/winnt.htm</a></tt> for directions to compile the sources and install the executables.</p>
-        <hr>
-        <script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
-    </body>
-
-</html>
\ No newline at end of file
diff --git a/html/build/config.html b/html/build/config.html
deleted file mode 100644
index 961779d..0000000
--- a/html/build/config.html
+++ /dev/null
@@ -1,168 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-
-<html>
-
-    <head>
-        <meta name="generator" content="HTML Tidy, see www.w3.org">
-        <title>Configuration Options</title>
-        <link href="scripts/style.css" type="text/css" rel="stylesheet">
-    </head>
-
-    <body>
-        <h3>Configuration Options</h3>
-        <img src="../pic/pogo3a.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/%7emills/pictures.html">from <i>Pogo</i>, Walt Kelly</a>
-        <p>Gnu autoconfigure tools are in the backpack.</p>
-        <p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="99">12:56 AM</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="266">Saturday, March 20, 2004</csobj></p>
-        <br clear="left">
-        <h4>Table of Contents</h4>
-        <ul>
-            <li class="inline"><a href="#basic">Basic Configuration Options - the <tt>configure</tt> utility</a>
-            <li class="inline"><a href="#opt">Options</a>
-            <li class="inline"><a href="#dir">Directory and File Names</a>
-            <li class="inline"><a href="#host">Host Type</a>
-            <li class="inline"><a href="#pkg">Optional Packages</a>
-            <li class="inline"><a href="#feat">Optional Features</a>
-            <li class="inline"><a href="#radio">Radio Clocks</a>
-            <li class="inline"><a href="#parse">PARSE Clocks</a>
-        </ul>
-        <hr>
-        <h4 id="basic">Basic Configuration Options - the <tt>configure</tt> utility</h4>
-        <p>The following options are for compiling and installing a working version of the NTP distribution. In most cases, the build process is completely automatic. In some cases where memory space is at a premium, or the binaries are to be installed in a different place, it is possible to tailor the configuration to remove such features as reference clock driver support, debugging support, and so forth.</p>
-        <p>Configuration options are specified as arguments to the <tt>configure</tt> script. Following is a summary of the current options, as of the 4.0.99m version:</p>
-        <p>Usage: <tt>configure [options] [host]</tt><br>
-        </p>
-        <h4 id="opt">Options</h4>
-        <p><tt>[defaults in brackets after descriptions]</tt> Configuration:</p>
-        <pre>
- --cache-file=FILE      cache test results in FILE
- --help                 print this message
- --no-create            do not create output files
- --quiet, --silent      do not print `checking...' messages
- --version              print the version of autoconf that created
-configure
-</pre>
-        <h4 id="dir">Directory and File Names</h4>
-        <pre>
- --prefix=PREFIX        install architecture-independent files in PREFIX [/usr/local]
- --exec-prefix=EPREFIX  install architecture-dependent files in EPREFIX [same as prefix]
- --bindir=DIR           user executables in DIR [EPREFIX/bin]
- --sbindir=DIR          system admin executables in DIR [EPREFIX/sbin]
- --libexecdir=DIR       program executables in DIR [EPREFIX/libexec]
- --datadir=DIR          read-only architecture-independent data in DIR [PREFIX/share]
- --sysconfdir=DIR       read-only single-machine data in DIR [PREFIX/etc]
- --sharedstatedir=DIR   modifiable architecture-independent data in DIR [PREFIX/com]
- --localstatedir=DIR    modifiable single-machine data in DIR [PREFIX/var]
- --libdir=DIR           object code libraries in DIR [EPREFIX/lib]
- --includedir=DIR       C header files in DIR [PREFIX/include]
- --oldincludedir=DIR    C header files for non-gcc in DIR [/usr/include]
- --infodir=DIR          info documentation in DIR [PREFIX/info]
- --mandir=DIR           man documentation in DIR [PREFIX/man]
- --srcdir=DIR           find the sources in DIR [configure dir or ..]
- --x-includes=DIR       X include files are in DIR
- --x-libraries=DIR      X library files are in DIR
- --program-prefix=PREFIX           prepend PREFIX to installed program names
- --program-suffix=SUFFIX           append SUFFIX to installed program names
- --program-transform-name=PROGRAM  run sed PROGRAM on installed program names
-</pre>
-        <h4 id="host">Host Type</h4>
-        <pre>
- --build=BUILD          configure for building on BUILD [BUILD=HOST]
- --host=HOST            configure for HOST [guessed]
- --target=TARGET        configure for TARGET [TARGET=HOST]
-</pre>
-        <h4 id="pkg">Optional Packages</h4>
-        <pre>
- --with-PACKAGE[=ARG]   use PACKAGE [ARG=yes]
- --without-PACKAGE      do not use PACKAGE (same as --with-PACKAGE=no)
-
- openssl-libdir=DIR     OpenSSL object code libraries in DIR [/usr/lib/usr/local/lib/usr/local/ssl/lib]
- openssl-incdir=DIR     OpenSSL header files in DIR [/usr/include/usr/local/include/usr/local/ssl/include]
- crypto=autokey         Use autokey cryptography
- crypto=rsaref          Use the RSAREF library
- electricfence          Compile with ElectricFence malloc debugger
-</pre>
-        <h4 id="feat">Optional Features</h4>
-        <pre>
- --disable-FEATURE      do not include FEATURE (same as
- --enable-FEATURE=no)
- --enable-FEATURE[=ARG] include FEATURE [ARG=yes]
-
- accurate-adjtime       The adjtime() call is accurate
- clockctl               use /dev/clockctl (non root control of system clock)
- debugging              Include debugging code [enable]
- des                    Include support for DES keys [enable]
- dst-minutes=VALUE      Minutes per DST adjustment [60]
- gdt-surveying          Include GDT survey code [disable]
- hourly-todr-sync       If we should sync TODR hourly
- kernel-fll-bug         If we should avoid a (Solaris) kernel FLL bug
- kmem                   Read /dev/kmem for 'tick' and/or 'tickadj'
- md5                    Include support for MD5 keys [enable]
- ntpdate-step           If ntpdate should step the time
- slew-always            Always slew the time
- step-slew              Step and slew the time
- tick=VALUE             Force a value for 'tick'
- tickadj=VALUE          Force a value for 'tickadj'
- udp-wildcard           Use UDP wildcard delivery
-</pre>
-        <h4 id="radio">Radio Clocks</h4>
-        <p>(these are ordinarily enabled, if supported by the machine and operating system):</p>
-        <pre>
- all-clocks             Include drivers for all suitable non-PARSE clocks [enable]
- ACTS                   NIST dialup clock
- ARBITER                Arbiter 1088A/B GPS receiver
- ARCRON_MSF             Arcron MSF receiver
- AS2201                 Austron 2200A or 2201A GPS receiver
- ATOM                   ATOM PPS interface
- AUDIO-CHU              CHU audio decoder
- BANCOMM                Datum/Bancomm BC635/VME interface (requires an explicit --enable-BANCOMM request)
- CHRONOLOG              Chrono-log K-series WWVB receiver
- CHU                    CHU modem decoder
- DATUM                  Datum Programmable Time System
- DUMBCLOCK              Dumb generic hh:mm:ss local clock
- FG                     Forum Graphic GPS
- GPSVME                 TrueTime GPS receiver with VME interface (requires an explicit --enable-GPSVME request)
- HEATH                  HeathKit GC-1000 Most Accurate Clock
- HOPFPCI                HOPF 6039 PCI board
- HOPFSERIAL             HOPF serial clock device
- HPGPS                  HP 58503A GPS Time &amp; Frequency receiver
- IRIG                   IRIG (Audio) Clock
- JUPITER                Rockwell Jupiter GPS receiver
- LEITCH                 Leitch CSD 5300 Master Clock System Driver
- LOCAL-CLOCK            Local clock driver
- MSFEES                 EES M201 MSF receiver
- MX4200                 Magnavox MX4200 GPS receiver
- NMEA                   NMEA GPS receiver
- ONCORE                 Motorola VP/UT Oncore GPS receiver
- PALISADE               Palisade clock
- PCF                    Conrad parallel port radio clock
- PST                    PST/Traconex 1020 WWV/H receiver
- PTBACTS                PTB dialup clock support
- SHM                    Clock attached through shared memory (requires an explicit --enable-SHM request)
- SPECTRACOM             Spectracom 8170/Netclock/2 WWVB receiver
- TRAK                   TRAK 8810 GPS station clock
- TPRO                   KSI/Odetics TPRO/S IRIG Interface
- TRUETIME               Kinemetrics/TrueTime (generic) receiver
- ULINK                  Ultralink WWVB receiver
- USNO                   US Naval Observatory dialup clock
- WWV                    WWV audio receiver
-</pre>
-        <h4 id="parse">PARSE Clocks</h4>
-        <pre>
- parse-clocks           Include drivers for all suitable PARSE clocks [enable]
- COMPUTIME              Diem Computime Radio Clock
- DCF7000                ELV/DCF7000 Clock
- HOPF6021               HOPF 6021 Radio Clock support
- MEINBERG               Meinberg clocks
- RAWDCF                 DCF77 raw time code
- RCC8000                RCC 8000 Radio Clock support
- SCHMID                 SCHMID DCF77 clock support
- TRIMTAIP               Trimble GPS/TAIP Protocol
- TRIMTSIP               Trimble GPS/TSIP Protocol
- VARITEXT               VARITEXT clock
- WHARTON                Wharton 400A Series clock
-</pre>
-        <hr>
-        <script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
-    </body>
-
-</html>
\ No newline at end of file
diff --git a/html/build/hints.html b/html/build/hints.html
deleted file mode 100644
index b9e230b..0000000
--- a/html/build/hints.html
+++ /dev/null
@@ -1,23 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-
-<html>
-
-    <head>
-        <title>Hints and Kinks</title>
-        <link href="scripts/style.css" type="text/css" rel="stylesheet">
-    </head>
-
-    <body>
-        <h3>Hints and Kinks</h3>
-        <img src="../pic/alice35.gif" align="left" alt="gif"><a href="http://www.eecis.udel.edu/%7emills/pictures.html"> from <i>Alice's Adventures in Wonderland</i>, Lewis Carroll</a>
-        <p>Mother in law has all the answers.</p>
-        <p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="99">12:56 AM</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="266">Saturday, March 20, 2004</csobj></p>
-        <br clear="left">
-        <hr>
-        <p>This is an index for a set of troubleshooting notes contained in individual text files in the <tt>./hints</tt> directory. They were supplied by various volunteers in the form of mail messages, patches or just plain word of mouth. Each note applies to a specific computer and operating system and gives information found useful in setting up the NTP distribution or site configuration. The notes are very informal and subject to errors; no attempt has been made to verify the accuracy of the information contained in them.</p>
-        <p>Additions or corrections to this list or the information contained in the notes is solicited. The most useful submissions include the name of the computer manufacturer (and model numbers where appropriate), operating system (specific version(s) where appropriate), problem description, problem solution and submitter's name and electric address. If the submitter is willing to continue debate on the problem, please so advise. See the <a href="hints/">directory listing</a>.</p>
-        <hr>
-        <script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
-    </body>
-
-</html>
\ No newline at end of file
diff --git a/html/build/hints/netbsd b/html/build/hints/netbsd
deleted file mode 100644
index f5f628d..0000000
--- a/html/build/hints/netbsd
+++ /dev/null
@@ -1,37 +0,0 @@
-Starting with NetBSD-1.6, it is possible to delegate the system clock 
-control to a non root user. This enable running ntpd in a chroot 
-jail under a non privilegied UID/GID, using ntpd -i and -u flags.
-
-The delegation is done through the clockctl(4) pseudodevice driver. 
-This driver makes privilegied system calls such as ntp_adjtime(2)
-available through ioctl(2) on the /dev/clockctl device. If a user
-is able to write to /dev/clockctl, then (s)he can control the system 
-clock.
-
-In order to use this feature, make sure that:
-
-1) Your kernel is compiled with the following option:
-pseudo-device	clockctl
-This is true for GENERIC kernels on most ports. Please check 
-http://wwW.netbsd.org/Documentation/kernel/
-if you need information about building a kernel.
-
-2) You have a ntpd user on your system. Here is the /etc/master.passwd
-entry for ntpd user on NetBSD-1.6:
-ntpd:*:15:15::0:0:& pseudo-user:/var/chroot/ntpd:/sbin/nologin
-And here is the /etc/group entry for group 15:
-ntpd:*:15:
-
-3) /dev/clockctl exists and is writtable by user ntpd. Default 
-NetBSD-1.6 setting is:
-crw-rw----  1 root  ntpd  61, 0 Apr 1  2002 /dev/clockctl
-Major device number and date is likely to be different on your system.
-If you need to create the device, issue the following command:
-cd /dev && ./MAKEDEV clockctl
-
-Here is an example of how to run ntpd chrooted in /var/chroot/ntpd, 
-running with ntpd UID and ntpd GID:
-ntpd -i /var/chroot/ntpd -u ntpd:ntpd
-Note that -i and -u options are enabled at configure time if your 
-system supports system clock control by an unprivilegied user. If this
-is not the case, then the -i and -u options will not be available.
diff --git a/html/build/hints/vxworks.html b/html/build/hints/vxworks.html
deleted file mode 100644
index 95ad222..0000000
--- a/html/build/hints/vxworks.html
+++ /dev/null
@@ -1,82 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-
-<html>
-
-    <head>
-        <title>vxWorks Port of NTP</title>
-        <link href="scripts/style.css" type="text/css" rel="stylesheet">
-    </head>
-
-    <body link="#00008B" vlink="#8B0000">
-        <h1>VxWorks port of NTP</h1>
-        <p>Creating a port for vxWorks posed some problems. This port may help as a starting point for similar ports to real-time OS's and other embeddable kernels, particularly where main() is not allowed, and where the configure scripts need to be altered.</p>
-        <h1><b>Configuration issues</b></h1>
-        <p>I decided to do as little invasive surgery as possible on the NTP code, so I brought the vxWorks header tree in line with the standard unix tree. The following changes were needed, as a side effect these changes will allow for easy porting of other autoconfigure enabled code.</p>
-        <p>Where I have 386 you will need to put in your target type. The vxWorks tree entry point is /usr/wind. If these are the same for your system, you should be able to cut and paste the changes.</p>
-        <p><blink>WARNING: Check you are not overwriting files, before entering the following: there should be no conflict, but check first... </blink></p>
-        <p>export CC=&quot;cc386 -nostdlib -m486 -DCPU=I80486 -I/usr/wind/target/h&quot;<br>
-            export RANLIB=ranlib386<br>
-            export AR=ar386<br>
-            export VX_KERNEL=/usr/wind/target/config/ims_std_bsp/vxWorks<br>
-            cd /usr/wind/target/sys<br>
-            ln -s ../signal.h<br>
-            ln -s ../time.h<br>
-            ln -s socket.h sockio.h<br>
-            ln -s ../selectLib.h select.h<br>
-            ln -s ../timers.h<br>
-            touch file.h param.h resource.h utsname.h var.h ../netdb.h ../a.out.h ../termios.h<br>
-            echo &quot; ******ADD #include \&quot;sys/times.h\&quot; to sys/time.h &quot;</p>
-        <p>The configure script must be changed in the following way to get the linking tests to work, once in the correct directory issue the following commands:<br>
-            sed -e 's%main.*()%vxmain()%' configure &gt; configure.vxnew<br>
-            mv configure.vxnew configure<br>
-            chmod 755 configure</p>
-        <p>The new version 4 of NTP requires some maths functions so it links in the maths library (-lm) in the ntpd <a href="../../ntpd/Makefile.am">Makefile.am</a> change the line &quot;ntpd_LDADD = $(LDADD) -lm&quot; by removing the &quot;-lm&quot;.<br>
-            You are now ready to compile</p>
-        <p><br>
-            The <a href="../../configure.in">configure.in </a>file needed to be altered to allow for a host-target configuration to take place.</p>
-        <ul>
-            <li>The define SYS_VXWORKS was added to the compilation flags.
-            <li>Little endianess is set if the target is of type iX86.
-            <li>The size of char, integer, long values are all set. If Wind River ever changes these values they will need to be updated.
-            <li>clock_settime() is defined to be used for setting the clock.
-            <li>The Linking flags have -r added to allow for relinking into the vxWorks kernel
-        </ul>
-        <p>Unfortunately I have had to make use of the <a href="../../include/ntp_machine.h">ntp_machine.h </a>file to add in the checks that would have been checked at linking stage by autoconf, a better method should be devised.</p>
-        <ul>
-            <li>There is now a NO_MAIN_ALLOWED define that simulates command line args, this allows the use of the normal startup sysntax.
-            <li>POSIX timers have been added.
-            <li>Structures normally found in netdb.h have been added with, the corresponding code is in <a href="../../libntp/machines.c">machines.c </a>. Where possible the defines for these have been kept non-vxWorks specific.
-        </ul>
-        <p>Unfortunately there are still quite a few SYS_VXWORKS type defines in the source, but I have eliminated as many as possible. You have the choice of using the usrtime.a library avaliable from the vxworks archives or forgoing adjtime() and using the clock_[get|set]time().The <a href="../../include/ntp_machine.h">ntp_machine.h </a>file clearly marks how to do this.</p>
-        <h1><b>Compilation issues</b></h1>
-        <p>You will need autoconf and automake ... available free from the gnu archives worldwide.</p>
-        <p>The variable arch is the target architecture (e.g. i486)</p>
-        <p>mkdir A.vxworks (or whatever....)<br>
-            cd A.vxworks<br>
-            ../configure --target=arch-wrs-vxworks [any other options]<br>
-            make</p>
-        <p>Options I normally use are the --disable-all-clocks --enable-LOCAL-CLOCK flags. The program should proceed to compile without problem. The daemon ntpd, ntpdate, ntptrace, ntpdc, ntpq programs and of course the libraries are all fully ported. The other utilities are not, but they should be easy to port.</p>
-        <h1>Running the software</h1>
-        <p>Load in the various files, call them in the normal vxWorks function type manner. Here are some examples. Refer to the man pages for further information.</p>
-        <p>ld &lt; ntpdate/ntpdate<br>
-            ld &lt; ntpd/ntpd<br>
-            ld &lt; ntptrace/ntptrace<br>
-            ld &lt; ntpq/ntpq<br>
-            ld &lt; ntpdc/ntpdc<br>
-            ntpdate (&quot;-b&quot;, &quot;192.168.0.245&quot;)<br>
-            sp(ntpd, &quot;-c&quot;, &quot;/export/home/casey/ntp/ntp.conf&quot;)<br>
-            ntpdc(&quot;-c&quot;, &quot;monlist&quot;, &quot;192.168.0.244&quot;)<br>
-            ntpq(&quot;-c&quot;, &quot;peers&quot;, &quot;192.168.0.244&quot;)<br>
-            ntptrace(&quot;192.168.0.244&quot;)<br>
-        </p>
-        <h1>Bugs and such</h1>
-        <p>Should you happen across any bugs, please let me know, or better yet fix them and submit a patch. Remember to make you patch general for Vxworks, not just for your particular architecture. <a href="http://www.ccii.co.za">CCII Systems (Pty) Ltd</a>, my ex employers, sponsored the time to this port. Please let me know how it goes, I would be most interested in offsets and configurations.</p>
-        <p><br>
-        </p>
-        <p>Casey Crellin<br>
-            <a href="mailto:casey@csc.co.za">casey@csc.co.za</a></p>
-        <p><br>
-        </p>
-    </body>
-
-</html>
\ No newline at end of file
diff --git a/html/build/hints/winnt.html b/html/build/hints/winnt.html
deleted file mode 100644
index 78de15d..0000000
--- a/html/build/hints/winnt.html
+++ /dev/null
@@ -1,281 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-
-<html>
-
-    <head>
-        <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
-        <title>NTP on Windows NT</title>
-        <link href="scripts/style.css" type="text/css" rel="stylesheet">
-    </head>
-
-    <body>
-        <h1>NTP 4.x for Windows NT</h1>
-
-        <h2>Introduction</h2>
-        The NTP 4 distribution runs as service on Windows NT 4.0, Windows 2000, Windows XP,
-        Windows .NET Server 2003. It will NOT run on Windows 95, 98, ME, etc.
-        The binaries work on multi-processor systems. This port has not been tested
-        on the Alpha platform. This release now uses OpenSSL for authentication.
-        IPv6 is not implemented yet for Win32 platforms.
-        <h2>Authentication Keys</h2>
-        With this release ntp-keygen is supported. See the <a href="../../keygen.html">
-        ntp keygen documentation</a> for details on how to use ntp-keygen.
-        <p>
-        ntpd can now use the generated keys in the same way as on Unix platforms. Please
-        refer to the <a href="../../authopt.html">Authentication Options</a> for details
-        on how to use these.
-        <p><B>NOTE:</B> ntpd and ntp-keygen both use OpenSSL which requires a random
-        character file called .rnd by default. Both of these programs will automatically
-        generate this file if they are not found. The programs will look for an
-        environmental variable called RANDFILE and use that for the name of the
-        random character file if the variable exists. If it does not exist it will look for an environmental
-        variable called HOME and use that directory to search for a filed called .rnd
-        in that directory. Finally, if neither RANDFILE nor HOME exists it will look
-        in C:\ for a .rnd file. In each case it will search for and create the file
-        if the environmental variable exists or in the C:\ directory if it doesn't.
-        Note that ntpd normally runs as a service so that the only way that it will
-        have either RANDFILE or HOME defined is if it is a System environmental
-        variable or if the service is run under a specific account name and that
-        account has one of those variables defined. Otherwise it will use the file
-        "c:\.rnd". This was done so that OpenSSL will work normally on Win32 systems.
-        This obviates the need to ship the OpenSSL.exe file and explain how to
-        generate the .rnd file. A future version may change this behavior.
-
-        <p>Refer to <a href="#Compiling">Compiling Requirements</a> and Instructions for how to compile the program.</p>
-        <h2>Reference Clocks</h2>
-        Reference clock support under Windows NT is tricky because the IO functions are
-        so much different. Some of the clock types have been built into the ntpd executable
-        and should work but have not been tested by the ntp project. If you have a clock
-        that runs on Win32 and the driver is there but not implemented on Win32 you will have
-        make the required configuration changes in config.h and then build ntpd from source
-        and test it. The following reference clocks are known to work and are supported
-        by Windows NT:
-        <p><a href="../../driver1.html">Type 1</a> Undisciplined Local Clock (LOCAL)<br>
-            <a href="../../driver29.html">Type 29</a> Trimble Navigation Palisade GPS (GPS_PALISADE)</p>
-        <h2>Functions Supported</h2>
-        All NTP functions are supported with some constraints. See the <a href="#ToDo">TODO list</a> below.
-        Note that the ntptrace executable is not supported and you should use the PERL script
-        version instead.
-        <h2>Accuracy</h2>
-        Greg Brackley has implemented a fantastic interpolation scheme that improves the precision of the NTP clock
-        using a realtime thread (is that poetic or what!) which captures a tick count from the 8253 counter after each
-        OS tick. The count is used to interpolate the time between operating system ticks.
-        <p>On a typical 200+ MHz system NTP achieves a precision of about 5 microseconds and synchronizes the clock 
-        to +/-500 microseconds using the <a href="http://www.trimble.com/products/ntp">Trimble Palisade</a> as UTC reference.
-        This allows distributed applications to use the 10 milliseconds ticks available to them with high confidence.</p>
-        <h2>Binaries</h2>
-        Recent InstallShield based executable versions of NTP for Windows NT (intel) are available from:
-        <ul>
-        <li><a href="http://www.trimble.com/oem/ntp">http://www.trimble.com/oem/ntp</a>
-        <li><a href="http://www.five-ten-sg.com/">http://www.five-ten-sg.com/</a>
-        <li><a href="http://www.meinberg.de/english/sw/ntp.htm">http://www.meinberg.de/english/sw/ntp.htm</a>
-        </ul>
-        <a name="ToDo"><h2>ToDo</h2></a>
-        These tasks are in no particular order of priority.
-        <ul>
-            <li>Create a proper install/uninstall program
-            <li>Add sntp to the list of supported programs
-            <li>Add support for Visual C++ 7.0 or later (.NET)
-            <li>Add IPv6 support
-            <li>See if precision can be improved by using CPU cycle counter for tick interpolation.
-            <li>Make precision time available to applications using NTP_GETTIME API
-        </ul>
-        <h2>Compiling Requirements</h2>
-        <ul>
-            <li>Windows NT 4.0 Windows 2000, Windows XP, or Windows.NET Server 2003
-            <li>Microsoft Visual C++ 6.0. <B>NOTE:</B> VC++ 7.0 (aka .NET) is not yet supported
-            but will probably work fine.
-            <li>Some way of uncompressing and untarring the gzipped tar file.
-            <li>OpenSSL must be built on the box before building NTP. Additional steps would
-            be required to not use OpenSSL.
-        </ul>
-        <a name="Compiling"><h2>Compiling Instructions</h2></a>
-        <ol>
-            <li>Unpack and build OpenSSL according to the OpenSSL instructions for building on
-            Windows. An environment variable named OPENSSL must be set up to specify the base path 
-            of the OpenSSL directory to be used to build the NTP package
-            (e.g. <code>OPENSSL=C:\openssl-0.9.8b</code>).
-            <li>Unpack the ntp-*.tar.gz archive using utilities such as WinZip.
-            <li>Open the .\ports\winnt\ntp.dsw Visual C workspace
-            <li>Batch build all projects
-            <li>The built binaries can be found in the port\winnt\bin\Release subdirectory
-            <li>In addition you will need to install the OpenSSL libeay32.dll
-            <li>If you are shipping binaries in a kit it is strongly recommended that you
-            ship this file (winnt.html) along with the binaries.
-        </ol>
-        <h2>Configuration File</h2>
-        The default NTP configuration file path is %SystemRoot%<tt>\system32\drivers\etc\. </tt>(%SystemRoot% 
-        is an environmental variable that can be determined by typing &quot;set&quot; at the &quot;Command Prompt&quot; 
-        or from the &quot;System&quot; icon in the &quot;Control Panel&quot;).<br>
-        Refer to your system environment and <tt>c</tt>reate your<tt> ntp.conf</tt> file in the directory 
-        corresponding to your system&nbsp; installation.<br>
-        <tt>The older &lt;WINDIR&gt;\ntp.conf </tt>is still supported but you will get a log entry reporting that 
-        the first file wasn't found.
-        <h2>Installation Instructions</h2>
-        The <tt>instsrv</tt> program in the instsrv subdirectory of the distribution can be used to install 'ntpd' as 
-        a service and start automatically at boot time. Instsrv is automatically compiled with the rest of the distribution
-        if you followed the steps above.
-        <ol>
-            <li>Start a command prompt and enter &quot;instsrv.exe &lt;pathname_for_ntpd.exe&gt;&quot;
-            <li>Clicking on the &quot;Services&quot; icon in the &quot;Control Panel&quot; will display the list of 
-            currently installed services in a dialog box. The NetworkTimeProtocol service should show up in this list.
-            Select it in the list and hit the &quot;Start&quot; button in the dialog box. The NTP service should start.
-            <li>You can also stop and start the service by typing net start|stop NetworkTimeProtocol at the DOS prompt.
-            <li>View the event log by clicking on the &quot;Event Viewer&quot; icon in the &quot;Administrative Tools&quot; 
-            group, there should be several successful startup messages from NTP. NTP will keep running and restart 
-            automatically when the machine is rebooted.
-        </ol>
-        You can change the start mode (automatic/manual) and other startup parameters corresponding to the NTP service 
-        in the &quot;Services&quot; dialog box if you wish.
-        <h2>Removing NTP</h2>
-        You can also use <tt>instsrv</tt> to delete the NTP service by entering: &quot;instsrv.exe remove&quot;
-        <h2>Command Line Parameters and Registry Entries</h2>
-        Unlike the Unix environment, there is no clean way to run 'ntpdate' and reset the clock before starting 'ntpd' at boot time.<br>
-        NTP will step the clock up to 1000 seconds by default. While there is no reason that the system clock should be that much off 
-        during bootup if 'ntpd' was running before, you may wish to override this default and/or pass other command line directives.
-        <p>Use the registry editor to edit the value for the ntpd executable under LocalMachine\System\CurrentControlSet\Services\NTP.</p>
-        <p>Add the -g option to the ImagePath key, behind &quot;%INSTALLDIR&gt;\ntpd.exe&quot;. This will force NTP to accept 
-        large time errors (including 1.1.1980 00:00)</p>
-        <h2>Bug Reports</h2>
-        Send questions to <a href="news://comp.protocols.time.ntp">news://comp.protocols.time.ntp</a>
-        and bug reports should be entered in <a href="http://bugzilla.ntp.org/">Bugzilla</a> on the
-        NTP Web site.
-        <h2>Change Log</h2>
-        <h3>Last revision 2 July 2003&nbsp; Version 4.2.0</h3>
-        <b>by Danny Mayer (mayer@ntp.org>)</b>
-        <h3>Significant Changes:</h3>
-        This latest release of NTP constitutes a major upgrade to its ability to build and
-        run on Windows platforms and should now build and run cleanly. More importantly it
-        is now able to support all authentication in the same way as Unix boxes. This does
-        require the usage of OpenSSL which is now a prerequisite for build on Windows.
-        ntp-keygen is now supported and builds on Win32 platforms.
-
-        <h3>Last revision 16 February 1999&nbsp; Version 4.0.99e.</h3>
-        <b>by Sven Dietrich (sven_dietrich@trimble.com)</b>
-        <p><b>Significant Changes:</b></p>
-        <ul>
-            <li>Perl 5 is no longer needed to compile NTP. The configuration script which creates version.c 
-            with the current date and time was modified by Frederick Czajka [w2k@austin.rr.com] so that Perl
-            is no longer required.
-        </ul>
-        <h3>Last revision 15 November 1999&nbsp; Version 4.0.98f.</h3>
-        <b>by Sven Dietrich (sven_dietrich@trimble.com)</b>
-        <p><b>Significant Changes:</b></p>
-        <ul>
-            <li>Fixed I/O problem delaying packet responses which resulted in no-replys to NTPQ and others.
-            <li>The default configuration file path is <tt>&lt;WINDIR&gt;\system32\drivers\etc\ntp.conf. 
-            The old &lt;WINDIR&gt;\ntp.conf </tt>is still supported but you will get a log entry reporting 
-            that the first file wasn't found. The NTP 3.x legacy <tt>ntp.ini</tt> file is no longer supported.
-        </ul>
-        <b>Known Problems / TODO:</b>
-        <ul>
-            <li>MD5 and name resolution do not yet get along. If you define MD5, you cannot use DNS names, only IP numbers.
-        </ul>
-        <h3>Last revision 27 July 1999&nbsp; Version 4.0.95.</h3>
-        This version compiles under WINNT with Visual C 6.0.
-        <p>Greg Brackley and Sven Dietrich</p>
-        <p>Significant changes:<br>
-            -Visual Studio v6.0 support<br>
-            -Winsock 2.0 support<br>
-            -Use of I/O completion ports for sockets and comm port I/O<br>
-            -Removed the use of multimedia timers (from ntpd, others need removing)<br>
-            -Use of waitable timers (with user mode APC) and performance counters to fake getting a better time<br>
-            -Trimble Palisade NTP Reference Clock support<br>
-            -General cleanup, prototyping of functions<br>
-            -Moved receiver buffer code to a separate module (removed unused members from the recvbuff struct)<br>
-            -Moved io signal code to a separate module</p>
-        <h3>Last revision:&nbsp; 20-Oct-1996</h3>
-        This version corrects problems with building the XNTP<br>
-        version 3.5-86 distribution under Windows NT.
-        <p>The following files were modified:<br>
-            &nbsp;blddbg.bat<br>
-            &nbsp;bldrel.bat<br>
-            &nbsp;include\ntp_machine.h<br>
-            &nbsp;xntpd\ntp_unixclock.c<br>
-            &nbsp;xntpd\ntp_refclock.c<br>
-            &nbsp;scripts\wininstall\build.bat<br>
-            &nbsp;scripts\wininstall\setup.rul<br>
-            &nbsp;scripts\wininstall\readme.nt<br>
-            &nbsp;scripts\wininstall\distrib\ntpog.wri<br>
-            &nbsp;html\hints\winnt (this file)</p>
-        <p>In order to build the entire Windows NT distribution you<br>
-            need to modify the file scripts\wininstall\build.bat<br>
-            with the installation directory of the InstallShield<br>
-            software.&nbsp; Then, simply type &quot;bldrel&quot; for non-debug<br>
-            or &quot;blddbg&quot; for debug executables.</p>
-        <p>Greg Schueman<br>
-            &nbsp;&nbsp;&nbsp; &lt;schueman@acm.org&gt;</p>
-        <h3>Last revision:&nbsp; 07-May-1996</h3>
-        This set of changes fixes all known bugs, and it includes<br>
-        several major enhancements.
-        <p>Many changes have been made both to the build environment as<br>
-            well as the code.&nbsp; There is no longer an ntp.mak file, instead<br>
-            there is a buildntall.bat file that will build the entire<br>
-            release in one shot.&nbsp; The batch file requires Perl.&nbsp; Perl<br>
-            is easily available from the NT Resource Kit or on the Net.</p>
-        <p>The multiple interface support was adapted from Larry Kahn's<br>
-            work on the BIND NT port.&nbsp; I have not been able to test it<br>
-            adequately as I only have NT servers with one network<br>
-            interfaces on which to test.</p>
-        <p>Enhancements:<br>
-            * Event Logging now works correctly.<br>
-            * Version numbers now work (requires Perl during build)<br>
-            * Support for multiple network interface cards (untested)<br>
-            * NTP.CONF now default, but supports ntp.ini if not found<br>
-            * Installation procedure automated.<br>
-            * All paths now allow environment variables such as %windir%</p>
-        <p>Bug fixes:<br>
-            * INSTSRV replaced, works correctly<br>
-            * Cleaned up many warnings<br>
-            * Corrected use of an uninitialized variable in XNTPD<br>
-            * Fixed ntpdate -b option<br>
-            * Fixed ntpdate to accept names as well as IP addresses<br>
-            &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; (Winsock WSAStartup was called after a gethostbyname())<br>
-            * Fixed problem with &quot;longjmp&quot; in xntpdc/ntpdc.c that<br>
-            &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; caused a software exception on doing a Control-C in xntpdc.<br>
-            &nbsp;A Cntrl-C now terminates the program.</p>
-        <p>See below for more detail:</p>
-        <p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Note: SIGINT is not supported for any Win32 application including<br>
-            &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Windows NT and Windows 95. When a CTRL+C interrupt occurs, Win32<br>
-            &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; operating systems generate a new thread to specifically handle that<br>
-            &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; interrupt. This can cause a single-thread application such as UNIX,<br>
-            &nbsp;&nbsp;&nbsp;&nbsp;&nbsp; to become multithreaded, resulting in unexpected behavior.<br>
-            &nbsp;</p>
-        <p>Possible enhancements and things left to do:<br>
-            * Reference clock drivers for NT (at least Local Clock support)<br>
-            * Control Panel Applet<br>
-            * InstallShield based installation, like NT BIND has<br>
-            * Integration with NT Performance Monitor<br>
-            * SNMP integration<br>
-            * Fully test multiple interface support<br>
-            &nbsp;</p>
-        <p>Known problems:<br>
-            *&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; bug in ntptrace - if no Stratum 1 servers are available,<br>
-            &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; such as on an 
-            IntraNet, the application crashes.</p>
-        <h3>Last revision:&nbsp; 12-Apr-1995</h3>
-        This NTPv3 distribution includes a sample configuration file and the project<br>
-        makefiles for WindowsNT 3.5 platform using Microsoft Visual C++ 2.0 compiler.<br>
-        Also included is a small routine to install the NTP daemon as a &quot;service&quot;<br>
-        on a WindowsNT box. Besides xntpd, the utilities that have been ported are<br>
-        ntpdate and xntpdc. The port to WindowsNT 3.5 has been tested using a Bancomm<br>
-        TimeServe2000 GPS receiver clock that acts as a strata 1 NTP server with no<br>
-        authentication (it has not been tested with any refclock drivers compiled in).<br>
-        Following are the known flaws in this port:<br>
-        1) currently, I do not know of a way in NT to get information about multiple<br>
-        &nbsp;&nbsp; network interface cards. The current port uses just one socket bound to<br>
-        &nbsp;&nbsp; INADDR_ANY address. Therefore when dealing with a multihomed NT time server,<br>
-        &nbsp;&nbsp; clients should point to the default address on the server (otherwise the<br>
-        &nbsp;&nbsp; reply is not guaranteed to come from the same interface to which the<br>
-        &nbsp;&nbsp; request was sent). Working with Microsoft to get this resolved.<br>
-        2) There is some problem with &quot;longjmp&quot; in xntpdc/ntpdc.c that causes a<br>
-        &nbsp;&nbsp; software exception on doing a Control-C in xntpdc. Be patient!<br>
-        3) The error messages logged by xntpd currently contain only the numerical<br>
-        &nbsp;&nbsp; error code. Corresponding error message string has to be looked up in<br>
-        &nbsp;&nbsp; &quot;Books Online&quot; on Visual C++ 2.0 under the topic &quot;Numerical List of Error<br>
-        &nbsp;&nbsp; Codes&quot;.
-        <p>Last HTML Update: November 17, 1999<br>
-            <a href="mailto://sven_dietrich@trimble.com">Sven_Dietrich@Trimble.COM</a></p>
-    </body>
-
-</html>
diff --git a/html/build/patches.html b/html/build/patches.html
deleted file mode 100644
index 00b2923..0000000
--- a/html/build/patches.html
+++ /dev/null
@@ -1,36 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-
-<html>
-
-    <head>
-        <title>Patching Procedures</title>
-        <link href="scripts/style.css" type="text/css" rel="stylesheet">
-    </head>
-
-    <body>
-        <h3>Patching Procedures</h3>
-        <img src="../pic/alice38.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/%7emills/pictures.html"> rom <i>Alice's Adventures in Wonderland</i>, Lewis Carroll</a>
-        <p>The Mad Hatter needs patches.</p>
-        <p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="99">12:56 AM</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="266">Saturday, March 20, 2004</csobj></p>
-        <br clear="left">
-        <hr>
-        <p>A distribution so widely used as this one eventually develops numerous barnacles as the result of <a href="porting.html">porting</a> to new systems, idiosyncratic new features and just plain bugs. In order to help keep order and make maintenance bearable, we ask that proposed changes to the distribution be submitted in the following form.</p>
-        <ol>
-            <li>Please submit patches to <a href="mailto:bugs@mail.ntp.org">bugs@mail.ntp.org</a> in the form of either unified-diffs (<tt>diff -u</tt>) or context-diffs (<tt>diff -c</tt>).
-            <li>Please include the <strong>output</strong> from <tt>config.guess</tt> in the description of your patch. If <tt>config.guess</tt> does not produce any output for your machine, please fix that, too!
-            <li>Please base the patch on the root directory of the distribution. The preferred procedure here is to copy your patch to the root directory and mumble
-            <p><tt>patch -p &lt;your_patch&gt;</tt></p>
-            <li>Please avoid patching the RCS subdirectories; better yet, clean them out before submitting patches.
-            <li>If you have whole new files, as well as patches, wrap the files and patches in a shell script. If you need to compress it, use either GNU <tt>gzip</tt> or the stock Unix <tt>compress</tt> utility.
-            <li>Don't forget the documentation that may be affected by the patch. Send us patches for the <tt>./htm</tt> files as well.
-            <li>We would be glad to include your name, electric address and descriptive phrase in the <a href="../copyright.html">Copyright</a> page, if you wish.
-        </ol>
-        <p>Prior to ntp3-5.83 (releases up to and including ntp3.5f) a complete patch history back to the dark ages was kept in the <tt>./patches</tt> directory, which might have been helpful to see if the same problem occurred in another port, etc. Patches were saved in that directory with file name in the form <tt>patch.<i>nnn</i></tt>, where <i>nnn</i> was approaching 200. All patches in that directory have been made; so, if yours was there, it was in the distribution.</p>
-        <p>Since we have been getting multple patches for some bugs, plus many changes are implemented locally, no two maintainers here use the same tools, and since we're not using any bug-tracking software or even source code control, there is currently no tracking of specific changes.</p>
-        <p>The best way to see what's changed between two distributions is to run a <tt>diff</tt> against them.</p>
-        <p>Thanks for your contribution and happy chime.</p>
-        <hr>
-        <script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
-    </body>
-
-</html>
diff --git a/html/build/porting.html b/html/build/porting.html
deleted file mode 100644
index 976cc66..0000000
--- a/html/build/porting.html
+++ /dev/null
@@ -1,40 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-
-<html>
-
-    <head>
-        <title>Porting Hints</title>
-        <link href="scripts/style.css" type="text/css" rel="stylesheet">
-    </head>
-
-    <body>
-        <h3>Porting Hints</h3>
-        <img src="../pic/wingdorothy.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/%7emills/pictures.html">from <i>The Wizard of Oz</i>, L. Frank Baum</a>
-        <p>Porting Dorothy in Oz
-        </p>
-        <p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="99">12:56 AM</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="266">Saturday, March 20, 2004</csobj></p>
-        <br clear="left">
-        <hr>
-        <p>NOTE: The following procedures have been replaced by GNU <tt>automake</tt> and <tt>autoconfigure</tt>. This page is to be updated in the next release.</p>
-        <p>Porting to a new machine or operating system ordinarily requires updating the <tt>./machines</tt> directory and the <tt>./compilers</tt> directories in order to define the build environment and autoconfigure means. You will probably have to modify the <tt>ntp_machines.h</tt> file and <tt>&quot;l_stdlib.h&quot;</tt> files as well. The two most famous trouble spots are the I/O code in <tt>./ntpd/ntp_io.c</tt> and the clock adjustment code in <tt>./ntpd/ntp_unixclock.c</tt>.</p>
-        <p>These are the rules so that older bsd systems and the POSIX standard system can coexist together.</p>
-        <ol>
-            <li>If you use <tt>select</tt> then include <tt>&quot;ntp_select.h&quot;</tt>. <tt>select</tt> is not standard, since it is very system dependent as to where it is defined. The logic to include the right system dependent include file is in <tt>&quot;ntp_select.h&quot;</tt>.
-            <li>Always use POSIX definition of strings. Include <tt>&quot;ntp_string.h&quot;</tt> instead of <tt>&lt;string.h&gt;</tt>.
-            <li>Always include <tt>&quot;ntp_malloc.h&quot;</tt> if you use <tt>malloc</tt>.
-            <li>Always include <tt>&quot;ntp_io.h&quot;</tt> instead of <tt>&lt;sys/file.h&gt;</tt> or <tt>&lt;fnctl.h&gt;</tt> to get <tt>O_*</tt> flags.
-            <li>Always include <tt>&quot;ntp_if.h&quot;</tt> instead of <tt>&lt;net/if.h&gt;</tt>.
-            <li>Always include <tt>&quot;ntp_stdlib.h&quot;</tt> instead of <tt>&lt;stdlib.h&gt;</tt>.
-            <li>Define any special defines needed for a system in <tt>./include/ntp_machine.h</tt> based on system identifier. This file is included by the <tt>&quot;ntp_types.h&quot;</tt> file and should always be placed first after the <tt>&lt;&gt;</tt> defines.
-            <li>Define any special library prototypes left over from the system library and include files in the <tt>&quot;l_stdlib.h&quot;</tt> file. This file is included by the <tt>&quot;ntp_stdlib.h&quot;</tt> file and should ordinarily be placed last in the includes list.
-            <li>Don't define a include file by the same name as a system include file.
-        </ol>
-        <p><tt>&quot;l_stdlib.h&quot;</tt> can contain any extra definitions that are needed so that <tt>gcc</tt> will shut up. They should be controlled by a system identifier and there should be a separate section for each system. Really this will make it easier to maintain.</p>
-        <p>See <tt>include/ntp_machines.h</tt> for the various compile time options.</p>
-        <p>When you are satisfied the port works and that other ports are not adversely affected, please send <a href="patches.html">patches</a> for the system files you have changed, as well as any documentation that should be updated, including the advice herein.</p>
-        <p>Good luck.</p>
-        <hr>
-        <script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
-    </body>
-
-</html>
\ No newline at end of file
diff --git a/html/build/quick.html b/html/build/quick.html
deleted file mode 100644
index 1693b5d..0000000
--- a/html/build/quick.html
+++ /dev/null
@@ -1,30 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-
-<html>
-
-    <head>
-        <meta name="generator" content="HTML Tidy, see www.w3.org">
-        <title>Quick Start</title>
-        <link href="scripts/style.css" type="text/css" rel="stylesheet">
-    </head>
-
-    <body>
-        <h3>Quick Start</h3>
-        <img src="../pic/panda.gif" alt="gif" align="left">FAX test image for SATNET (1979).
-        <p>The baby panda was scanned at University College London and used as a FAX test image for a demonstration of the DARPA Atlantic SATNET Program and the first transatlantic Internet connection in 1978. The computing system used for that demonstration was called the <a href="http://www.eecis.udel.edu/%7emills/database/papers/fuzz.pdf">Fuzzball</a> . As it happened, this was also the first Internet multimedia presentation and the first to use NTP in regular operation. The image was widely copied and used for testing purpose throughout much of the 1980s.</p>
-        <p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="99">01:01 AM</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="266">Saturday, March 20, 2004</csobj></p>
-        <br clear="left">
-        <hr>
-        <p>For the rank amateur the sheer volume of the documentation collection must be intimidating. However, it doesn't take much to fly the <tt>ntpd</tt> daemon with a simple configuration where a workstation needs to synchronize to some server elsewhere in the Internet. The first thing that needs to be done is to build the distribution for the particular workstation and install in the usual place. The <a href="build.html">Building and Installing the Distribution</a> page describes how to do this.</p>
-        <p>While it is possible that certain configurations do not need a configuration file, most do require one. The file, called by default <tt>/etc/ntp.conf</tt>, need only contain one line specifying a remote server, for instance</p>
-        <p><tt>server foo.bar.com</tt></p>
-        <p>Choosing an appropriate remote server is somewhat of a black art, but a suboptimal choice is seldom a problem. There are about two dozen public time servers operated by National Institutes of Science and Technology (NIST), US Naval Observatory (USNO), Canadian Metrology Centre (CMC) and many others available on the Internet. Lists of public primary and secondary NTP servers maintained on the <a href="http://www.eecis.udel.edu/%7emills/ntp/servers.html">Public NTP TIme Servers</a> page, which is updated frequently.The lists are sorted by country and, in the case of the US, by state. Usually, the best choice is the nearest in geographical terms, but the terms of engagement specified in each list entry should be carefully respected.</p>
-        <p>During operation <tt>ntpd</tt> measures and corrects for incidental clock frequency error and writes the current value to a file called by default <tt>/etc/ntp.drift</tt>. If <tt>ntpd</tt> is stopped and restarted, it initializes the frequency from this file. In this way the potentially lengthy interval to relearn the frequency error is avoided.</p>
-        <p>That's all there is to it, unless some problem in network connectivity or local operating system configuration occurs. The most common problem is some firewall between the workstation and server. System administrators should understand NTP uses UDP port 123 as both the source and destination port and that NTP does not involve any operating system interaction other than to set the system clock. While almost all modern Unix systems have included NTP and UDP port 123 defined in the services file, this should be checked if <tt>ntpd</tt> fails to come up at all.</p>
-        <p>The best way to confirm NTP is working is using the <a href="../ntpq.html"><tt>ntpq</tt></a> utility, although the <a href="../ntpdc.html"><tt>ntpdc</tt></a> utility may be useful in extreme cases. See the documentation pages for further information. In the most extreme cases the <tt>-d</tt> option on the <tt>ntpd</tt> command line results in a blow-by-blow trace of the daemon operations. While the trace output can be cryptic, to say the least, it gives a general idea of what the program is doing and, in particular, details the arriving and departing packets and detected errors, if present.</p>
-        <p>Sometimes the <tt>ntpd</tt>. behavior may seem to violate the Principle of Least Astonishment, but there are good reasons for this. See the <a href="../ntpd.html">Network Time Protocol (NTP) daemon</a> page for revealing insights. See this page and its dependencies for additional configuration and control options. The <a href="../notes.html">Notes on Configuring NTP and Setting up a NTP Subnet</a> page contains an extended discussion of these options.</p>
-        <hr>
-        <script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
-    </body>
-
-</html>
\ No newline at end of file
diff --git a/html/build/scripts/footer.txt b/html/build/scripts/footer.txt
deleted file mode 100644
index 89216ce..0000000
--- a/html/build/scripts/footer.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-document.write("\
-<table><tr>\
-<td width='50%' ><img src='../icons/home.gif' align='middle' alt='gif'>\
-<a href='../index.html'>Home Page</a></td>\
-<td width='50%' ><img src='../icons/mail2.gif' align='middle' alt='gif'>\
-<a href='http://www.ntp.org/contact.html'>Contacts</a></i></td>\
-</tr></table>")
\ No newline at end of file
diff --git a/html/build/scripts/links10.txt b/html/build/scripts/links10.txt
deleted file mode 100644
index 7bf9d06..0000000
--- a/html/build/scripts/links10.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-document.write("<ul>\
-<li class='inline'><a href='refclock.html'>Reference Clock Drivers</a><br>\
-<li class='inline'><a href='prefer.html'>Mitigation Rules and the <tt>prefer</tt> Keyword</a><br>\
-<li class='inline'><a href='howto.html'>How to Write a Reference Clock Driver</a><br>\
-</ul>")
\ No newline at end of file
diff --git a/html/build/scripts/links11.txt b/html/build/scripts/links11.txt
deleted file mode 100644
index 1fce362..0000000
--- a/html/build/scripts/links11.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-document.write("<ul>\
-<li class='inline'><a href='refclock.html'>Reference Clock Drivers</a><br>\
-<li class='inline'><a href='pps.html'>Pulse-per-second (PPS) Signal Interfacing</a><br>\
-<li class='inline'><a href='ldisc.html'>Line Disciplines and Streams Modules</a><br>\
-</ul>")
\ No newline at end of file
diff --git a/html/build/scripts/links12.txt b/html/build/scripts/links12.txt
deleted file mode 100644
index 512cbcf..0000000
--- a/html/build/scripts/links12.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-document.write("<ul>\
-<li class='inline'><a href='debug.html'>NTP Debugging Techniques</a><br>\
-<li class='inline'><a href='rdebug.html'>Debugging Reference Clock Drivers</a><br>\
-<li class='inline'><a href='msyslog.html'><tt>ntpd</tt> System Log Messages</a><br>\
-</ul>")
\ No newline at end of file
diff --git a/html/build/scripts/links7.txt b/html/build/scripts/links7.txt
deleted file mode 100644
index 4a6f186..0000000
--- a/html/build/scripts/links7.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-document.write("<ul>\
-<li class='inline'><a href='../confopt.html'>Server Options</a><br>\
-<li class='inline'><a href='../authopt.html'>Authentication Options</a><br>\
-<li class='inline'><a href='../monopt.html'>Monitoring Options</a><br>\
-</ul>")
\ No newline at end of file
diff --git a/html/build/scripts/links9.txt b/html/build/scripts/links9.txt
deleted file mode 100644
index 38ffe90..0000000
--- a/html/build/scripts/links9.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-document.write("<ul>\
-<li class='inline'><a href='authopt.html'>Authentication Options</a><br>\
-<li class='inline'><a href='manyopt.html'>Automatic NTP Configuration Options</a><br>\
-<li class='inline'><a href='confopt.html'>Server Options</a><br>\
-<li class='inline'><a href='keygen.html'><tt>ntp-keygen</tt> - generate public and private keys</a>\
-<li class='inline'><a href='http://www.eecis.udel.edu/~mills/autokey.html'>Autonomous Authentication</a>\
-</ul>")
\ No newline at end of file
diff --git a/html/build/scripts/style.css b/html/build/scripts/style.css
deleted file mode 100644
index 096b18a..0000000
--- a/html/build/scripts/style.css
+++ /dev/null
@@ -1,64 +0,0 @@
-body {background: #FDF1E1;
-      color: #006600;
-      font-family: "verdana", sans-serif;
-      text-align: justify;
-      margin-left: 5px;}
-
-p, h4, hr, li {margin-top: .6em; margin-bottom: .6em}
-li.inline {text-align: left; margin-top: 0; margin-bottom: 0}
-
-ul, dl, ol, {margin-top: .6em; margin-bottom: .6em; margin-left 5em}
-
-dt {margin-top: .6em}
-dd {margin-bottom: .6em}
-
-div.header {text-align: center;
-            font-style: italic;}
-
-div.footer {text-align: center;         
-            font-size: 60%;}
-
-img.cell {align: left;}
-
-td.sidebar {width: 40px; align: center; valign: top;}
-img.sidebar {align: center; margin-top: 5px;}
-h4.sidebar {align: center;}
-
-p.top {background: #FDF1E1;
-       color: #006600;
-       position: absolute;
-       margin-left: -90px;
-       text-align: center;}
-
-a:link.sidebar {background: transparent;
-                color: #990033;
-                font-weight: bold;}
-
-a:visited.sidebar {background: transparent;
-                   color: #990033;
-                   font-weight: bold;}
-
-a:hover.sidebar {background: #FDF1E1;
-                 color: #006600;}
-
-img {margin: 5px;}
-
-div {text-align: center;}
-
-h1 {text-align: center;
-    font-size: 250%;}
-
-caption {background: #EEEEEE;
-         color: #339999;}
-         
-tx {text-align: center;}
-
-th {background: #FFFFCC;
-    color: #006600;
-    text-align: center;
-    text-decoration: underline;
-    padding-top: 5px;}
-
-th.caption {background: #EEEEEE;
-            color: #006600;
-            text-align: center;}
\ No newline at end of file
diff --git a/html/clockopt.html b/html/clockopt.html
index c4690a3..779cea6 100644
--- a/html/clockopt.html
+++ b/html/clockopt.html
@@ -11,12 +11,15 @@
 
 	<body>
 		<h3>Reference Clock Options</h3>
-		<img src="pic/stack1a.jpg" alt="gif" align="left">
-		<p>See the radios, all in a row.</p>
-		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">18:37</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="246">Thursday, July 28, 2005</csobj></p>
-		<br clear="left">
+		<img src="pic/stack1a.jpg" alt="gif" align="left">Master Time Facility at the <a href="http://www.eecis.udel.edu/%7emills/lab.html">UDel Internet Research Laboratory</a>
+		<p>Last update:
+			<!-- #BeginDate format:En2m -->04-Oct-2009  19:42<!-- #EndDate -->
+		UTC</p>
+<br clear="left">
 		<h4>Related Links</h4>
-		<script type="text/javascript" language="javascript" src="scripts/links7.txt"></script>
+		<script type="text/javascript" language="javascript" src="scripts/refclock.txt"></script>
+		<script type="text/javascript" language="javascript" src="scripts/audio.txt"></script>
+		<script type="text/javascript" language="javascript" src="scripts/clockopt.txt"></script>
 		<h4>Table of Contents</h4>
 		<ul>
 			<li class="inline"><a href="#ref">Reference Clock Support</a>
@@ -24,7 +27,7 @@
 		</ul>
 		<hr>
 		<h4 id="ref">Reference Clock Support</h4>
-		<p>The NTP Version 4 daemon supports some three dozen different radio, satellite and modem reference clocks plus a special pseudo-clock used for backup or when no other clock source is available. Detailed descriptions of individual device drivers and options can be found in the <a href="refclock.html">Reference Clock Drivers</a> page. Additional information can be found in the pages linked there, including the <a href="rdebug.html">Debugging Hints for Reference Clock Drivers</a> and <a href="howto.html">How To Write a Reference Clock Driver</a> pages. In addition, support for a PPS signal is available as described in <a href="pps.html">Pulse-per-second (PPS) Signal Interfacing</a> page. Many drivers support special line discipline/streams modules which can significantly improve the accuracy using the driver. These are described in the <a href="ldisc.html">Line Disciplines and Streams Drivers</a> page.</p>
+		<p>The NTP Version 4 daemon supports some three dozen different radio, satellite and modem reference clocks plus a special pseudo-clock used for backup or when no other clock source is available. Detailed descriptions of individual device drivers and options can be found in the <a href="refclock.html">Reference Clock Drivers</a> page. Additional information can be found in the pages linked there, including the <a href="rdebug.html">Debugging Hints for Reference Clock Drivers</a> and <a href="howto.html">How To Write a Reference Clock Driver</a> pages. In addition, support for a PPS signal is available as described in <a href="pps.html">Pulse-per-second (PPS) Signal Interfacing</a> page.</p>
 		<p>A reference clock will generally (though not always) be a radio timecode receiver which is synchronized to a source of standard time such as the services offered by the NRC in Canada and NIST and USNO in the US. The interface between the computer and the timecode receiver is device dependent, but is usually a serial port. A device driver specific to each reference clock must be selected and compiled in the distribution; however, most common radio, satellite and modem clocks are included by default. Note that an attempt to configure a reference clock when the driver has not been compiled or the hardware port has not been appropriately configured results in a scalding remark to the system log file, but is otherwise non hazardous.</p>
 		<p>For the purposes of configuration, <tt>ntpd</tt> treats reference clocks in a manner analogous to normal NTP peers as much as possible. Reference clocks are identified by a syntactically correct but invalid IP address, in order to distinguish them from normal NTP peers. Reference clock addresses are of the form <tt>127.127.<i>t.u</i></tt>, where <i><tt>t</tt></i> is an integer denoting the clock type and <i><tt>u</tt></i> indicates the unit number in the range 0-3. While it may seem overkill, it is in fact sometimes useful to configure multiple reference clocks of the same type, in which case the unit numbers must be unique.</p>
 		<p>The <tt>server</tt> command is used to configure a reference clock, where the <i><tt>address</tt></i> argument in that command is the clock address. The <tt>key</tt>, <tt>version</tt> and <tt>ttl</tt> options are not used for reference clock support. The <tt>mode</tt> option is added for reference clock support, as described below. The <tt>prefer</tt> option can be useful to persuade the server to cherish a reference clock with somewhat more enthusiasm than other reference clocks or peers. Further information on this option can be found in the <a href="prefer.html">Mitigation Rules and the <tt>prefer</tt> Keyword</a> page. The <tt>minpoll</tt> and <tt>maxpoll</tt> options have meaning only for selected clock drivers. See the individual clock driver document pages for additional information.</p>
@@ -32,7 +35,7 @@
 		<p>The stratum number of a reference clock is by default zero. Since the <tt>ntpd</tt> daemon adds one to the stratum of each peer, a primary server ordinarily displays an external stratum of one. In order to provide engineered backups, it is often useful to specify the reference clock stratum as greater than zero. The <tt>stratum</tt> option is used for this purpose. Also, in cases involving both a reference clock and a pulse-per-second (PPS) discipline signal, it is useful to specify the reference clock identifier as other than the default, depending on the driver. The <tt>refid</tt> option is used for this purpose. Except where noted, these options apply to all clock drivers.</p>
 		<h4 id="cmd">Reference Clock Commands</h4>
 		<dl>
-			<dt><tt>server 127.127.<i>t.u</i> [prefer] [mode <i>int</i>] [minpoll <i>int</i>] [maxpoll <i>int</i>]</tt>
+			<dt id="server"><tt>server 127.127.<i>t.u</i> [prefer] [mode <i>int</i>] [minpoll <i>int</i>] [maxpoll <i>int</i>]</tt>
 			<dd>This command can be used to configure reference clocks in special ways. The options are interpreted as follows:
 				<dl>
 					<dt><tt>prefer</tt>
@@ -43,7 +46,9 @@
 					<dt><tt>maxpoll <i>int</i></tt>
 					<dd>These options specify the minimum and maximum polling interval for reference clock messages in seconds, interpreted as dual logarithms (2 ^ x). For most directly connected reference clocks, both <tt>minpoll</tt> and <tt>maxpoll</tt> default to 6 (2^16 = 64 s). For modem reference clocks, <tt>minpoll</tt> defaults to 10 (2^10 = 1024 s = 17.1 m) and <tt>maxpoll</tt> defaults to 14 (2^14 = 16384 s = 4.5 h). The allowable range is 4 (16 s) to 17 (36.4 h) inclusive.
 				</dl>
-			<dt><tt>fudge 127.127.<i>t.u</i> [time1 <i>sec</i>] [time2 <i>sec</i>] [stratum <i>int</i>] [refid <i>string</i>] [mode <i>int</i>] [flag1 0|1] [flag2 0|1] [flag3 0|1] [flag4 0|1]</tt>
+			<dt id="fudge"><tt>fudge 127.127.<i>t.u</i> [time1 <i>sec</i>] [time2 <i>sec</i>]
+					[stratum <i>int</i>] [refid <i>string</i>] [flag1 0|1]
+					[flag2 0|1] [flag3 0|1] [flag4 0|1]</tt>
 			<dd>This command can be used to configure reference clocks in special ways. It must immediately follow the <tt>server</tt> command which configures the driver. Note that the same capability is possible at run time using the <tt><a href="ntpdc.html">ntpdc</a></tt> program. The options are interpreted as follows:
 				<dl>
 					<dt><tt>time1 <i>sec</i></tt>
@@ -55,8 +60,6 @@
 					<dd>Specifies the stratum number assigned to the driver, an integer between 0 and 15. This number overrides the default stratum number ordinarily assigned by the driver itself, usually zero.
 					<dt><tt>refid <i>string</i></tt>
 					<dd>Specifies an ASCII string of from one to four characters which defines the reference identifier used by the driver. This string overrides the default identifier ordinarily assigned by the driver itself.
-					<dt><tt>mode <i>int</i></tt>
-					<dd>Specifies a mode number which is interpreted in a device-specific fashion. For instance, it selects a dialing protocol in the ACTS driver and a device subtype in the <tt>parse</tt> drivers.
 					<dt><tt>flag1 flag2 flag3 flag4</tt>
 					<dd>These four flags are used for customizing the clock driver. The interpretation of these values, and whether they are used at all, is a function of the particular clock driver. However, by convention <tt>flag4</tt> is used to enable recording monitoring data to the <tt>clockstats</tt> file configured with the <tt>filegen</tt> command. Further information on the <tt>filegen</tt> command can be found in the <a href="monopt.html">Monitoring Options</a> page.
 				</dl>
diff --git a/html/comdex.html b/html/comdex.html
new file mode 100644
index 0000000..eddd596
--- /dev/null
+++ b/html/comdex.html
@@ -0,0 +1,32 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+
+<html>
+
+	<head>
+		<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
+		<meta name="generator" content="HTML Tidy, see www.w3.org">
+		<title>Command Index</title>
+		<link href="scripts/style.css" type="text/css" rel="stylesheet">
+	</head>
+
+	<body>
+		<h3>Command Index</h3>
+		<img src="pic/alice38.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/%7emills/pictures.html">from <i>Alice's Adventures in Wonderland</i>, Lewis Carrol</a>
+		<p>The Mad Hatter says &quot;Bring it on&quot;.</p>
+		<p>Last update:
+			<!-- #BeginDate format:En2m -->08-Apr-2009  2:56<!-- #EndDate --> 
+		UTC</p>
+<br clear="left">
+		<h4>Related Links</h4>
+		<script type="text/javascript" language="javascript" src="scripts/accopt.txt"></script>
+		<script type="text/javascript" language="javascript" src="scripts/authopt.txt"></script>
+		<script type="text/javascript" language="javascript" src="scripts/clockopt.txt"></script>
+		<script type="text/javascript" language="javascript" src="scripts/confopt.txt"></script>
+		<script type="text/javascript" language="javascript" src="scripts/miscopt.txt"></script>
+		<script type="text/javascript" language="javascript" src="scripts/monopt.txt"></script>
+		<hr>
+		<br>
+		<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
+	</body>
+
+</html>
\ No newline at end of file
diff --git a/html/config.html b/html/config.html
new file mode 100644
index 0000000..bf10299
--- /dev/null
+++ b/html/config.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+
+<html>
+
+	<head>
+		<meta http-equiv="content-type" content="text/html;charset=windows-1252">
+		<meta name="generator" content="HTML Tidy, see www.w3.org">
+		<title>Build Options</title>
+		<link href="scripts/style.css" type="text/css" rel="stylesheet">
+	</head>
+
+	<body>
+		<h3>Build Options</h3>
+		<img src="pic/pogo3a.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/~mills/pictures.html">from <i>Pogo</i>, Walt Kelly</a>
+		<p>Gnu autoconfigure tools are in the backpack.</p>
+		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">Monday,
+		December 15, 2008 20:54</csobj> UTC<csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="250"></csobj></p>
+<br clear="left">
+		<hr>
+		<p>Most modern software distributions include an autoconfigure utility which
+			customizes the build and install configuration according to the specific
+			hardware, operating system and file system conventions. For NTP this
+			utility is called <tt>configure</tt>, which is run before building and installing
+			the program components. For most installations no additional actions
+			are required other than running <tt>configure</tt> with no options.
+			However, it is possible to customize the build and install configuration
+			through the use of <tt>configure</tt> options.</p>
+		<p>The available options, together with
+			a concise description, can be displayed by running  <tt>configure</tt>		 	with
+			the <tt>--help</tt> option. Various options can be used to reduce the memory
+			footprint, adjust the scheduling priority, enable or disable debugging
+			support or reference clock driver support. The options can be used
+			to specify where to install the program components or where to find
+			various libraries if they are not in the default place.</p>
+<hr>
+		<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
+	</body>
+
+</html>
\ No newline at end of file
diff --git a/html/confopt.html b/html/confopt.html
index e2a04c4..05847c2 100644
--- a/html/confopt.html
+++ b/html/confopt.html
@@ -1,82 +1,198 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-
 <html>
-
-	<head>
-		<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
-		<meta name="generator" content="HTML Tidy, see www.w3.org">
-		<title>Server Options</title>
-		<link href="scripts/style.css" type="text/css" rel="stylesheet">
-	</head>
-
-	<body>
-		<h3>Server Options</h3>
-		<img src="pic/boom3a.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/~mills/pictures.html">from <i>Pogo</i>, Walt Kelly</a>
-		<p>The chicken is getting configuration advice.</p>
-		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">20:57</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="270">Monday, October 10, 2005</csobj></p>
-		<br clear="left">
-		<h4>Related Links</h4>
-		<script type="text/javascript" language="javascript" src="scripts/links7.txt"></script>
-		<h4>Table of Contents</h4>
-		<ul>
-			<li class="inline"><a href="#cfg">Configuration Commands</a>
-			<li class="inline"><a href="#opt">Command Options</a>
-			<li class="inline"><a href="#aux">Auxilliary Commands</a>
-			<li class="inline"><a href="#bug">Bugs</a>
-		</ul>
-		<hr>
-		<p>Following is a description of the configuration commands in NTPv4. There are two classes of commands, configuration commands that configure an association with a remote server, peer or reference clock, and auxilliary commands that specify environmental variables that control various related operations.</p>
-		<h4 id="cfg">Configuration Commands</h4>
-		<p>The various modes are determined by the command keyword and the required IP address. Addresses are classed by type as (s) a remote server or peer (IPv4 class A, B and C), (b) the broadcast address of a local interface, (m) a multicast address (IPv4 class D), or (r) a reference clock address (127.127.x.x). The options that can be used with these commands are listed below.</p>
-		<p>If the Basic Socket Interface Extensions for IPv6 (RFC-2553) is detected, support for the IPv6 address family is generated in addition to the default support of the IPv4 address family. IPv6 addresses can be identified by the presence of colons &quot;:&quot; in the address field. IPv6 addresses can be used almost everywhere where IPv4 addresses can be used, with the exception of reference clock addresses, which are always IPv4. Note that in contexts where a host name is expected, a <tt>-4</tt> qualifier preceding the host name forces DNS resolution to the IPv4 namespace, while a <tt>-6</tt> qualifier forces DNS resolution to the IPv6 namespace.</p>
-		<p>There are three types of associations: persistent, preemptable and ephemeral. Persistent associations are mobilized by a configuration command and never demobilized. Preemptable associations, which are new to NTPv4, are mobilized by a configuration command which includes the <tt>prempt</tt> flag and are demobilized by timeout or error. Ephemeral associations are mobilized upon arrival of designated messages and demobilized by timeout or error.</p>
+<head>
+<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
+<meta name="generator" content="HTML Tidy, see www.w3.org">
+<title>Server Options</title>
+<link href="scripts/style.css" type="text/css" rel="stylesheet">
+</head>
+<body>
+<h3>Server Options</h3>
+<img src="pic/boom3a.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/~mills/pictures.html">from <i>Pogo</i>,
+Walt Kelly</a>
+<p>The chicken is getting configuration advice.</p>
+<p>Last update:
+	<!-- #BeginDate format:En2m -->25-Nov-2009  4:46<!-- #EndDate -->
+</p>
+<br clear="left">
+<h4>Related Links</h4>
+<script type="text/javascript" language="javascript" src="scripts/command.txt"></script>
+<script type="text/javascript" language="javascript" src="scripts/confopt.txt"></script>
+<h4>Table of Contents</h4>
+<ul>
+	<li class="inline"><a href="#cfg">Configuration Commands</a></li>
+	<li class="inline"><a href="#opt">Command Options</a></li>
+	<li class="inline"><a href="#aux">Auxilliary Commands</a></li>
+	<li class="inline"><a href="#bug">Bugs</a></li>
+</ul>
+<hr>
+<p>Following is a description of the configuration commands in NTPv4. There are
+	two classes of commands, configuration commands that configure an association
+	with a remote server, peer or reference clock, and auxilliary commands that
+	specify environmental variables that control various related operations. </p>
+<p>The various modes described on the <a href="assoc.html">Association Management</a> page
+	are determined by the command keyword and the DNS name or IP address. Addresses
+	are classed by type as (s) a remote server or peer (IPv4 class A, B and C),
+	(b) the IP broadcast address of a local interface, (m) a multicast address (IPv4
+	class D), or (r) a reference clock address (127.127.x.x). For type m addresses
+	the IANA has assigned the multicast group address IPv4 224.0.1.1 and IPv6 ff05::101
+	(site local) exclusively to NTP, but other nonconflicting addresses can be used. </p>
+<p>If the Basic Socket Interface Extensions for IPv6 (RFC-2553) is detected,
+	support for the IPv6 address family is generated in addition to the default
+	IPv4 address family. IPv6 addresses can be identified by the presence of colons &quot;:&quot; in
+	the address field. IPv6 addresses can be used almost everywhere where IPv4 addresses
+	can be used, with the exception of reference clock addresses, which are always
+	IPv4. Note that in contexts where a host name is expected, a <tt>-4</tt> qualifier
+	preceding the host name forces DNS resolution to the IPv4 namespace, while a <tt>-6</tt> qualifier
+	forces DNS resolution to the IPv6 namespace.</p>
+<h4 id="cfg">Configuration Commands</h4>
+<dl>
+	<dt id="server"><tt>server <i>address</i> [options ...]</tt><br>
+		<tt>peer <i>address</i> [options ...]</tt><br>
+		<tt>broadcast <i>address</i> [options ...]</tt><br>
+		<tt>manycastclient <i>address</i> [options ...]</tt><br>
+		<tt>pool <i>address</i> [options ...]</tt><br>
+		<tt>unpeer [<i>address</i> | <i>associd</i>]</tt></dt>
+	<dd>These commands specify the time server name or address to be used and the
+		mode in which to operate. The <i>address</i> can be either a DNS name or a
+		IPv4 or IPv6 address in standard notation. In general, multiple commands of
+		each type can be used for different server and peer addresses or multicast
+		groups.
 		<dl>
-			<dt><tt>server <i>address</i> [options ...]</tt><br>
-				<tt>peer <i>address</i> [</tt><tt>options ...]<br>
-					broadcast <i>address</i> [options ...]</tt><br>
-				<tt>manycastclient <i>address</i> [options ...]</tt>
-			<dd>These four commands specify the time server name or address to be used and the mode in which to operate. The <i>address</i> can be either a DNS name or a IP address in dotted-quad notation. Additional information on association behavior can be found in the <a href="assoc.html">Association Management</a> page.
-				<dl>
-					<dt><tt>server</tt>
-					<dd>For type s and r addresses (only), this command normally mobilizes a persistent client mode association with the specified remote server or local reference clock. If the <tt>preempt</tt> flag is specified, a preemptable association is mobilized instead. In client mode the client clock can synchronize to the remote server or local reference clock, but the remote server can never be synchronized to the client clock. This command should NOT be used for type <tt>b</tt> or <tt>m</tt> addresses. <dt><tt>peer</tt>
-					<dd>For type s addresses (only), this command mobilizes a persistent symmetric-active mode association with the specified remote peer. In this mode the local clock can be synchronized to the remote peer or the remote peer can be synchronized to the local clock. This is useful in a network of servers where, depending on various failure scenarios, either the local or remote peer may be the better source of time. This command should NOT be used for type <tt>b</tt>, <tt>m</tt> or <tt>r</tt> addresses.
-					<dt><tt>broadcast</tt>
-					<dd>For type <tt>b</tt> and <tt>m</tt> addresses (only), this command mobilizes a persistent broadcast mode association. Multiple commands can be used to specify multiple local broadcast interfaces (subnets) and/or multiple multicast groups. Note that local broadcast messages go only to the interface associated with the subnet specified, but multicast messages go to all interfaces.
-					<dd>In broadcast mode the local server sends periodic broadcast messages to a client population at the <i><tt>address</tt></i> specified, which is usually the broadcast address on (one of) the local network(s) or a multicast address assigned to NTP. The IANA has assigned the multicast group address IPv4 224.0.1.1 and IPv6 ff05::101 (site local) exclusively to NTP, but other nonconflicting addresses can be used to contain the messages within administrative boundaries. Ordinarily, this specification applies only to the local server operating as a sender; for operation as a broadcast client, see the <tt>broadcastclient</tt> or <tt>multicastclient</tt> commands below.
-					<dt><tt>manycastclient</tt>
-					<dd>For type <tt>m</tt> addresses (only), this command mobilizes a preemptable manycast client mode association for the multicast group address specified. In this mode a specific address must be supplied which matches the address used on the <tt>manycastserver</tt> command for the designated manycast servers. The NTP multicast address 224.0.1.1 assigned by the IANA should NOT be used, unless specific means are taken to avoid spraying large areas of the Internet with these messages and causing a possibly massive implosion of replies at the sender.
-					<dd>The <tt>manycastclient</tt> command specifies that the host is to operate in client mode with the remote servers that are discovered as the result of broadcast/multicast messages. The client broadcasts a request message to the group address associated with the specified <i><tt>address</tt></i> and specifically enabled servers respond to these messages. The client selects the servers providing the best time and continues as with the <tt>server </tt>command. The remaining servers are discarded as if never heard.
-				</dl>
-		</dl>
-		<h4 id="opt">Command Options</h4>
-		<dl>
-			<dt><tt>autokey</tt>
-			<dd>All packets sent to and received from the server or peer are to include authentication fields encrypted using the autokey scheme described in the <a href="authopt.html">Authentication Options</a> page. This option is valid with all commands.<dt><tt>burst</tt>
-			<dd>When the server is reachable, send a burst of eight packets instead of the usual one. The packet spacing is normally 2 s; however, the spacing between the first and second packets can be changed with the <a href="miscopt.html"><tt>calldelay</tt></a> command to allow additional time for a modem or ISDN call to complete. This option is valid with only the <tt>server</tt> command and is a recommended option with this command when the <tt>maxpoll</tt> option is 11 or greater. <dt><tt>iburst</tt>
-			<dd>When the server is unreachable, send a burst of eight packets instead of the usual one. The packet spacing is normally 2 s; however, the spacing between the first and second packets can be changed with the <a href="miscopt.html"><tt>calldelay</tt></a> command to allow additional time for a modem or ISDN call to complete. This option is valid with only the <tt>server</tt> command and is a recommended option with this command.<dt><tt>key</tt> <i><tt>key</tt></i>
-			<dd>All packets sent to and received from the server or peer are to include authentication fields encrypted using the specified <i><tt>key</tt></i> identifier with values from 1 to 65534, inclusive. The default is to include no encryption field. This option is valid with all commands.<dt><tt>minpoll <i>minpoll</i></tt><br>
-				<tt>maxpoll <i>maxpoll</i></tt>
-			<dd>These options specify the minimum and maximum poll intervals for NTP messages, in seconds as a power of two. The maximum poll interval defaults to 10 (1,024 s), but can be increased by the <tt>maxpoll</tt> option to an upper limit of 17 (36.4 h). The minimum poll interval defaults to 6 (64 s), but can be decreased by the <tt>minpoll</tt> option to a lower limit of 4 (16 s). These option are valid only with the <tt>server</tt> and <tt>peer</tt> commands.<dt><tt>noselect</tt>
-			<dd>Marks the server as unused, except for display purposes. The server is discarded by the selection algorithm. This option is valid only with the <tt>server</tt> and <tt>peer</tt> commands.<dt><tt>preempt</tt>
-			<dd>Specifies the association as preemptable rather than the default persistent. This option is valied only with the <tt>server</tt> command.<dt><tt>prefer</tt>
-			<dd>Marks the server as preferred. All other things being equal, this host will be chosen for synchronization among a set of correctly operating hosts. See the <a href="prefer.html">Mitigation Rules and the <tt>prefer</tt> Keyword</a> page for further information. This option is valid only with the <tt>server</tt> and <tt>peer</tt> commands.<dt><tt>true</tt>
-			<dd>Force the association to assume truechimer status; that is, always survive the selection and clustering algorithms. This option can be used with any association, but is most useful for reference clocks with large jitter on the serial port and precision pulse-per-second (PPS) signals. Caution: this option defeats the algorithms designed to cast out falsetickers and can allow these sources to set the system clock. This option is valid only with the <tt>server</tt> and <tt>peer</tt> commands.<dt><tt>ttl <i>ttl</i></tt>
-			<dd>This option is used only with broadcast server and manycast client modes. It specifies the time-to-live <i><tt>ttl</tt></i> to use on broadcast server and multicast server and the maximum <i><tt>ttl</tt></i> for the expanding ring search with manycast client packets. Selection of the proper value, which defaults to 127, is something of a black art and should be coordinated with the network administrator.
-			<dt><tt>version <i>version</i></tt>
-			<dd>Specifies the version number to be used for outgoing NTP packets. Versions 1-4 are the choices, with version 4 the default. This option is valid only with the <tt>server,</tt> <tt>peer</tt> and <tt>broadcast</tt> commands.
-		</dl>
-		<h4 id="aux">Auxilliary Commands</h4>
-		<dl>
-			<dt><tt>broadcastclient [novolley]</tt>
-			<dd>This command enables reception of broadcast server messages to any local interface (type <tt>b</tt>) address. Ordinarily, upon receiving a message for the first time, the broadcast client measures the nominal server propagation delay using a brief client/server exchange with the server, after which it continues in listen-only mode. If the <tt>novolley</tt> keyword is present, the exchange is not used and the value specified in the <tt>broadcastdelay</tt> command is used or, if the <tt>broadcastdelay</tt> command is not used, the default 4.0 ms. Note that, in order to avoid accidental or malicious disruption in this mode, both the server and client should operate using symmetric key or public key authentication as described in the <a href="authopt.html">Authentication Options</a> page. Note that the <tt>novolley</tt> keyword is incompatible with public key authentication.<dt><tt>manycastserver <i>address</i> [...]</tt>
-			<dd>This command enables reception of manycast client messages to the multicast group address(es) (type <tt>m</tt>) specified. At least one address is required. The NTP multicast address 224.0.1.1 assigned by the IANA should NOT be used, unless specific means are taken to limit the span of the reply and avoid a possibly massive implosion at the original sender. Note that, in order to avoid accidental or malicious disruption in this mode, both the server and client should operate using symmetric key or public key authentication as described in the <a href="authopt.html">Authentication Options</a> page.
-			<dt><tt>multicastclient <i>address</i> [...]</tt>
-			<dd>This command enables reception of multicast server messages to the multicast group address(es) (type <tt>m</tt>) specified. Upon receiving a message for the first time, the multicast client measures the nominal server propagation delay using a brief client/server exchange with the server, then enters the broadcast client mode, in which it synchronizes to succeeding multicast messages. Note that, in order to avoid accidental or malicious disruption in this mode, both the server and client should operate using symmetric key or public key authentication as described in the <a href="authopt.html">Authentication Options</a> page.
-		</dl>
-		<h4 id="bug">Bugs</h4>
-		<p>The syntax checking is not picky; some combinations of ridiculous and even hilarious options and modes may not be detected.</p>
-		<hr>
-		<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
-	</body>
-
+			<dt><tt>server</tt></dt>
+			<dd>For type s and r addresses (only), this command mobilizes a persistent
+				client mode association with the specified remote server or local reference
+				clock. If the <tt>preempt</tt> flag is specified, a preemptable client mode
+				association is mobilized instead.</dd>
+			<dt><tt>peer</tt></dt>
+			<dd>For type s addresses (only), this command mobilizes a persistent symmetric-active
+				mode association with the specified remote peer.</dd>
+			<dt><tt>broadcast</tt></dt>
+			<dd>For type b and m addressees (only), this command mobilizes a persistent
+				broadcast or multicast server mode association. Note that type
+				b messages go only to the interface specified, but type m messages go to
+				all interfaces.</dd>
+			<dt><tt>manycastclient</tt></dt>
+			<dd>For type m addresses (only), this command mobilizes a manycast client
+				mode association for the multicast group address specified. In this mode
+				the address must match the address specified on the <tt>manycastserver</tt> command
+				of one or more designated manycast servers.</dd>
+			<dt><tt>pool</tt></dt>
+			<dd>For type s messages (only) this command mobilizes a client mode association
+				for servers implementing the pool automatic server discovery scheme described
+				on the <a href="assoc.html">Association Management</a> page. The address
+				is a DNS name in the form <tt><i>area</i>.pool.ntp.org</tt>, where <tt><i>area</i></tt> is
+				a qualifier designating the server geographic area such as <tt>us</tt> or <tt>europe</tt>.</dd>
+			<dt><tt>unpeer</tt></dt>
+			<dd>This command removes a previously configured association. An address or association ID can
+				be used to identify the association.  Either an IP address or DNS name can be used.  This
+				command is most useful when supplied via <tt><a href="ntpq.html">ntpq</a></tt> runtime
+				configuration commands <tt>:config</tt> and <tt>config-from-file</tt>.</dd>
+		</dl></dd>
+</dl>
+<h4 id="opt">Command Options</h4>
+<dl>
+	<dt><tt>autokey</tt></dt>
+	<dd>Send and receive packets authenticated by the Autokey scheme described
+		in the <a href="authopt.html">Authentication Options</a> page. This option
+		is mutually exclusive with the <tt>key</tt> option.</dd>
+	<dt><tt>burst</tt></dt>
+	<dd>When the server is reachable, send a burst of eight packets instead of the
+		usual one. The packet spacing is normally 2 s; however, the spacing between
+		the first and second packets can be changed with the <a href="miscopt.html"><tt>calldelay</tt></a> command
+		to allow additional time for a modem or ISDN call to complete. This option
+		is valid only with  the <tt>server</tt> command and type s addressesa.
+		It is a recommended option when the <tt>maxpoll</tt> option is greater than
+		10 (1024 s).</dd>
+	<dt><tt>iburst</tt></dt>
+	<dd>When the server is unreachable, send a burst of eight packets instead of
+		the usual one. The packet spacing is normally 2 s; however, the spacing between
+		the first and second packets can be changed with the <a href="miscopt.html"><tt>calldelay</tt></a> command
+		to allow additional time for a modem or ISDN call to complete. This option
+		is valid only with the <tt>server</tt> command and type s addresses. It is
+		a recommended option with this command.</dd>
+	<dt><tt>key</tt> <i><tt>key</tt></i></dt>
+	<dd>Send and receive packets authenticated by the symmetric key scheme described
+		in the <a href="authopt.html">Authentication Options</a> page. 
+		The <i><tt>key</tt></i> specifies the key identifier with values from 1 to
+		65534, inclusive. This option is mutually exclusive with the <tt>autokey</tt> option.</dd>
+	<dt><tt>minpoll <i>minpoll<br>
+		</i></tt><tt>maxpoll <i>maxpoll</i></tt></dt>
+	<dd>These options specify the minimum and maximum poll intervals for NTP messages,
+		in seconds as a power of two. The maximum poll interval defaults to 10
+		(1024 s), but can be increased by the <tt>maxpoll</tt> option to an upper limit
+		of 17 (36 h). The minimum poll interval defaults to 6 (64 s), but can
+		be decreased by the <tt>minpoll</tt> option to a lower limit of 3 (8 s).</dd>
+	<dt><tt>mode <i>option</i></tt></dt>
+	<dd>Pass the <tt><i>option</i></tt> to a reference clock driver, where <tt><i>option</i></tt> is
+		an integer in the range from 0 to 255, inclusive. This option is valid
+		only with type r addresses.</dd>
+	<dt><tt>noselect</tt></dt>
+	<dd>Marks the server or peer to be ignored by the selection algorithm but visible
+		to the monitoring program. This option is ignored with the <tt>broadcast</tt> command.</dd>
+	<dt><tt>preempt</tt></dt>
+	<dd>Specifies the association as preemptable rather than the default persistent.
+		This option is ignored with the <tt>broadcast</tt> command and is most useful
+		with the <tt>manycastclient</tt> and <tt>pool</tt> commands.</dd>
+	<dt><tt>prefer</tt></dt>
+	<dd>Mark the server as preferred. All other things being equal, this host will
+		be chosen for synchronization among a set of correctly operating hosts. See
+		the <a href="prefer.html">Mitigation Rules and the <tt>prefer</tt> Keyword</a> page
+		for further information. This option is valid only with the <tt>server</tt> and <tt>peer</tt> commands.</dd>
+	<dt><tt>true</tt></dt>
+	<dd>Mark the association to assume truechimer status; that is, always survive
+		the selection and clustering algorithms. This option can be used with any association,
+		but is most useful for reference clocks with large jitter on the serial port
+		and precision pulse-per-second (PPS) signals. Caution: this option defeats
+		the algorithms designed to cast out falsetickers and can allow these sources
+		to set the system clock. This option is valid only with the <tt>server</tt> and <tt>peer</tt> commands.</dd>
+	<dt><tt>ttl <i>ttl</i></tt></dt>
+	<dd>This option specifies the time-to-live <i><tt>ttl</tt></i> for the <tt>broadcast</tt> command
+		and the maximum <i><tt>ttl</tt></i> for the expanding ring search used by the <tt>manycastclient</tt> command.
+		Selection of the proper value, which defaults to 127, is something of a black art and should be coordinated with the network administrator. This option is invalid with type r addresses.</dd>
+	<dt><tt>version <i>version</i></tt></dt>
+	<dd>Specifies the version number to be used f
+or outgoing NTP packets. Versions
+		1-4 are the choices, with version 4 the default.</dd>
+	<dt><tt>xleave</tt></dt>
+	<dd>Operate in interleaved mode (symmetric and broadcast modes only). (see <a href="xleave.html">NTP
+			Interleaved Modes</a>)</dd>
+</dl>
+<h4 id="aux">Auxilliary Commands</h4>
+<dl>
+	<dt id="broadcastclient"><tt>broadcastclient</tt></dt>
+	<dd>Enable reception of broadcast server messages to any local interface (type
+		b address). Ordinarily, upon receiving a broadcast message for the first
+		time, the broadcast client measures the nominal server propagation delay using
+		a brief client/server exchange, after which it continues in listen-only mode.
+		If a nonzero value is specified in the <tt>broadcastdelay</tt> command, the
+		value becomes the delay and the volley is not executed. Note: the <tt>novolley</tt> option
+		has been deprecated for future enhancements. Note that, in order to avoid
+		accidental or malicious disruption in this mode, both the server and client
+		should operate using symmetric key or public key authentication as described
+		in the <a href="authopt.html">Authentication
+		Options</a> page. Note that the <tt>novolley</tt> keyword is incompatible with
+		public key authentication.</dd>
+	<dt id="manycastserver"><tt>manycastserver <i>address</i> [...]</tt></dt>
+	<dd>Enable reception of manycast client messages (type m)to the multicast group
+		address(es) (type m) specified. At least one address is required. Note that,
+		in order to avoid accidental or malicious disruption, both the server and client
+		should operate using symmetric key or public key authentication as described
+		in the <a href="authopt.html">Authentication Options</a> page.</dd>
+	<dt id="multicastclient"><tt>multicastclient <i>address</i> [...]</tt></dt>
+	<dd>Enable reception of multicast server messages to the multicast group address(es)
+		(type m) specified. Upon receiving a message for the first time, the multicast
+		client measures the nominal server propagation delay using a brief client/server
+		exchange with the server, then enters the broadcast client mode, in which it
+		synchronizes to succeeding multicast messages. Note that, in order to avoid
+		accidental or malicious disruption in this mode, both the server and client
+		should operate using symmetric key or public key authentication as described
+		in the <a href="authopt.html">Authentication Options</a> page.</dd>
+</dl>
+<h4 id="bug">Bugs</h4>
+<p>The syntax checking is not picky; some combinations of ridiculous and even
+	hilarious options and modes may not be detected.</p>
+<hr>
+<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
+</body>
 </html>
diff --git a/html/copyright.html b/html/copyright.html
index cf34979..36e0285 100644
--- a/html/copyright.html
+++ b/html/copyright.html
@@ -10,16 +10,17 @@
 
 	<body>
 		<h3>Copyright Notice</h3>
-		<img src="pic/sheepb.jpg" alt="jpg" align="left"> &quot;Clone me,&quot; says Dolly sheepishly
-		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">20:31</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="285">Saturday, January 06, 2007</csobj></p>
-		<br clear="left">
+		<img src="pic/sheepb.jpg" alt="jpg" align="left"> &quot;Clone me,&quot; says Dolly sheepishly.
+		<p>Last update:
+			<!-- #BeginDate format:En2m -->1-Jan-2011  08:34<!-- #EndDate --> 
+		UTC</csobj></p>
+<br clear="left">
 		<hr>
-		<p>The following copyright notice applies to all files collectively called the Network Time Protocol Version 4 Distribution. Unless specifically declared otherwise in an individual file, this notice applies as if the text was explicitly included in the file.<br>
-		</p>
+		<p>The following copyright notice applies to all files collectively called the Network Time Protocol Version 4 Distribution. Unless specifically declared otherwise in an individual file, this notice applies as if the text was explicitly included in the file.</p>
 		<pre>
 ***********************************************************************
 *                                                                     *
-* Copyright (c) David L. Mills 1992-2009                              *
+* Copyright (c) University of Delaware 1992-2011                      *
 *                                                                     *
 * Permission to use, copy, modify, and distribute this software and   *
 * its documentation for any purpose with or without fee is hereby     *
@@ -37,15 +38,17 @@
 </pre>
 		<p>The following individuals contributed in part to the Network Time Protocol Distribution Version 4 and are acknowledged as authors of this work.</p>
 		<ol>
+			<li class="inline"><a href="mailto:%20takao_abe@xurb.jp">Takao Abe &lt;takao_abe@xurb.jp&gt;</a> Clock driver for JJY receivers
 			<li class="inline"><a href="mailto:%20mark_andrews@isc.org">Mark Andrews &lt;mark_andrews@isc.org&gt;</a> Leitch atomic clock controller
 			<li class="inline"><a href="mailto:%20altmeier@atlsoft.de">Bernd Altmeier &lt;altmeier@atlsoft.de&gt;</a> hopf Elektronik serial line and PCI-bus devices
 			<li class="inline"><a href="mailto:%20vbais@mailman1.intel.co">Viraj Bais &lt;vbais@mailman1.intel.com&gt;</a> and <a href="mailto:%20kirkwood@striderfm.intel.com">Clayton Kirkwood &lt;kirkwood@striderfm.intel.com&gt;</a> port to WindowsNT 3.5
 			<li class="inline"><a href="mailto:%20michael.barone@lmco.com">Michael Barone &lt;michael,barone@lmco.com&gt;</a> GPSVME fixes
-			<li class="inline"><a href="mailto:%20Jean-Francois.Boudreault@viagenie.qc.ca">Jean-Francois Boudreault &lt;Jean-Francois.Boudreault@viagenie.qc.ca&gt;</a>IPv6 support
 			<li class="inline"><a href="mailto:%20karl@owl.HQ.ileaf.com">Karl Berry &lt;karl@owl.HQ.ileaf.com&gt;</a> syslog to file option
 			<li class="inline"><a href="mailto:%20greg.brackley@bigfoot.com">Greg Brackley &lt;greg.brackley@bigfoot.com&gt;</a> Major rework of WINNT port. Clean up recvbuf and iosignal code into separate modules.
 			<li class="inline"><a href="mailto:%20Marc.Brett@westgeo.com">Marc Brett &lt;Marc.Brett@westgeo.com&gt;</a> Magnavox GPS clock driver
 			<li class="inline"><a href="mailto:%20Piete.Brooks@cl.cam.ac.uk">Piete Brooks &lt;Piete.Brooks@cl.cam.ac.uk&gt;</a> MSF clock driver, Trimble PARSE support
+			<li class="inline"><a href="mailto:%20nelson@bolyard.me">Nelson B Bolyard &lt;nelson@bolyard.me&gt;</a> update and complete broadcast and crypto features in sntp
+			<li class="inline"><a href="mailto:%20Jean-Francois.Boudreault@viagenie.qc.ca">Jean-Francois Boudreault &lt;Jean-Francois.Boudreault@viagenie.qc.ca&gt;</a> IPv6 support
 			<li class="inline"><a href="mailto:%20reg@dwf.com">Reg Clemens &lt;reg@dwf.com&gt;</a> Oncore driver (Current maintainer)
 			<li class="inline"><a href="mailto:%20clift@ml.csiro.au">Steve Clift &lt;clift@ml.csiro.au&gt;</a> OMEGA clock driver
 			<li class="inline"><a href="mailto:casey@csc.co.za">Casey Crellin &lt;casey@csc.co.za&gt;</a> vxWorks (Tornado) port and help with target configuration
@@ -53,7 +56,9 @@
 			<li class="inline"><a href="mailto:%20dundas@salt.jpl.nasa.gov">John A. Dundas III &lt;dundas@salt.jpl.nasa.gov&gt;</a> Apple A/UX port
 			<li class="inline"><a href="mailto:%20duwe@immd4.informatik.uni-erlangen.de">Torsten Duwe &lt;duwe@immd4.informatik.uni-erlangen.de&gt;</a> Linux port
 			<li class="inline"><a href="mailto:%20dennis@mrbill.canet.ca">Dennis Ferguson &lt;dennis@mrbill.canet.ca&gt;</a> foundation code for NTP Version 2 as specified in RFC-1119
-			<li class="inline"><a href="mailto:%20jhay@icomtek.csir.co.za">John Hay &lt;jhay@@icomtek.csir.co.za&gt;</a> IPv6 support and testing
+			<li class="inline"><a href="mailto:%20jhay@icomtek.csir.co.za">John Hay &lt;jhay@icomtek.csir.co.za&gt;</a> IPv6 support and testing
+			<li class="inline"><a href="mailto:%20davehart@davehart.com">Dave Hart &lt;davehart@davehart.com&gt;</a> General maintenance, Windows port interpolation rewrite
+			<li class="inline"><a href="mailto:%20neoclock4x@linum.com">Claas Hilbrecht &lt;neoclock4x@linum.com&gt;</a> NeoClock4X clock driver
 			<li class="inline"><a href="mailto:%20glenn@herald.usask.ca">Glenn Hollinger &lt;glenn@herald.usask.ca&gt;</a> GOES clock driver
 			<li class="inline"><a href="mailto:%20iglesias@uci.edu">Mike Iglesias &lt;iglesias@uci.edu&gt;</a> DEC Alpha port
 			<li class="inline"><a href="mailto:%20jagubox.gsfc.nasa.gov">Jim Jagielski &lt;jim@jagubox.gsfc.nasa.gov&gt;</a> A/UX port
@@ -74,6 +79,7 @@
 			<li class="inline"><a href="mailto:%20tmoore@fievel.daytonoh.ncr.com">Tom Moore &lt;tmoore@fievel.daytonoh.ncr.com&gt;</a> i386 svr4 port
 			<li class="inline"><a href="mailto:%20kamal@whence.com">Kamal A Mostafa &lt;kamal@whence.com&gt;</a> SCO OpenServer port
 			<li class="inline"><a href="mailto:%20derek@toybox.demon.co.uk">Derek Mulcahy &lt;derek@toybox.demon.co.uk&gt;</a> and <a href="mailto:%20d@hd.org">Damon Hart-Davis &lt;d@hd.org&gt;</a> ARCRON MSF clock driver
+			<li class="inline"><a href="mailto:%20neal@ntp.org">Rob Neal &lt;neal@ntp.org&gt;</a> Bancomm refclock and config/parse code maintenance
 			<li class="inline"><a href="mailto:%20Rainer.Pruy@informatik.uni-erlangen.de">Rainer Pruy &lt;Rainer.Pruy@informatik.uni-erlangen.de&gt;</a> monitoring/trap scripts, statistics file handling
 			<li class="inline"><a href="mailto:%20dirce@zk3.dec.com">Dirce Richards &lt;dirce@zk3.dec.com&gt;</a> Digital UNIX V4.0 port
 			<li class="inline"><a href="mailto:%20wsanchez@apple.com">Wilfredo S&aacute;nchez &lt;wsanchez@apple.com&gt;</a> added support for NetInfo
@@ -88,7 +94,7 @@
 			<li class="inline"><a href="mailto:%20tsuruoka@nc.fukuoka-u.ac.jp">Tomoaki TSURUOKA &lt;tsuruoka@nc.fukuoka-u.ac.jp&gt;</a>TRAK clock driver
 			<li class="inline"><a href="mailto:%20vixie@vix.com">Paul A Vixie &lt;vixie@vix.com&gt;</a> TrueTime GPS driver, generic TrueTime clock driver
 			<li class="inline"><a href="mailto:%20Ulrich.Windl@rz.uni-regensburg.de">Ulrich Windl &lt;Ulrich.Windl@rz.uni-regensburg.de&gt;</a> corrected and validated HTML documents according to the HTML DTD
-		</ol>
+	</ol>
 		<hr>
 		<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
 	</body>
diff --git a/html/debug.html b/html/debug.html
index c732c42..783472b 100644
--- a/html/debug.html
+++ b/html/debug.html
@@ -13,136 +13,60 @@
 		<h3>NTP Debugging Techniques</h3>
 		<img src="pic/pogo.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/%7emills/pictures.html">from <i>Pogo</i>, Walt Kelly</a>
 		<p>We make house calls and bring our own bugs.</p>
-		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">18:38</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="246">Thursday, July 28, 2005</csobj></p>
-		<br clear="left">
-		<h4>More Help</h4>
-		<script type="text/javascript" language="javascript" src="scripts/links12.txt"></script>
+		<p>Last update:
+			<!-- #BeginDate format:En2m -->16-Jul-2009  19:36<!-- #EndDate -->
+			UTC</p>
+	<h4>More Help</h4>
+		<script type="text/javascript" language="javascript" src="scripts/install.txt"></script>
 		<hr>
-		<p>Once the NTP software distribution has been compiled and installed and the configuration file constructed, the next step is to verify correct operation and fix any bugs that may result. Usually, the command line that starts the daemon is included in the system startup file, so it is executed only at system boot time; however, the daemon can be stopped and restarted from root at any time. Usually, no command-line arguments are required, unless special actions described in the <a href="ntpd.html"><tt>ntpd</tt> - Network Time Protocol (NTP) daemon</a> page are required. Once started, the daemon will begin sending and receiving messages, as specified in the configuration file.</p>
 		<h4>Initial Startup</h4>
-		<p>When started for the first time, the frequency file, usually called <tt>ntp.drift</tt>, has not yet been created. The daemon switches to a special training routine designed to quickly determine the system clock frequency offset of the particular machine. The routine first measures the current clock offset and sets the clock, then continues for up to twenty minutes before measuring the clock offset, which might involve setting the clock again. The two measurements are used to compute the initial frequency offset and the daemon continues in regular operation, during which the frequency offset is continuously updated. Once each hour the daemon writes the current frequency offset to the <tt>ntp.drift</tt> file. When restarted after that, the daemon reads the frequency offset from the <tt>ntp.drift</tt> file and avoids the training routine.</p>
-		<p>Note that the daemon requires at least four packet exchanges when first started in any case. This is required in order for the mitigation algorithms to insure valid and accurate measurements and defend against network delay spikes and accidental or malicious errors induced by the servers selected in the configuration file. It normally takes less than four minutes to set the clock when first started, but this can be reduced to less than ten seconds with the <tt>iburst</tt> configuration option.</p>
-		<p>The best way to verify correct operation is using the <a href="ntpq.html"><tt>ntpq</tt> - standard NTP query program</a> and <a href="ntpdc.html"><tt>ntpdc</tt> - special NTP query program</a> utility programs, either on the server itself or from another machine elsewhere in the network. The <tt>ntpq</tt> program implements the management functions specified in the NTP specification <a href="http://www.eecis.udel.edu/%7emills/database/rfc/rfc1305/rfc1305c.ps">RFC-1305, Appendix A</a>. The <tt>ntpdc</tt> program implements additional functions not provided in the standard. Both programs can be used to inspect the state variables defined in the specification and, in the case of <tt>ntpdc</tt>, additional ones intended for serious debugging. In addition, the <tt>ntpdc</tt> program can be used to selectively reconfigure and enable or disable some functions while the daemon is running.</p>
-		<p>In extreme cases with elusive bugs, the daemon can operate in two modes, depending on the presence of the <tt>-d</tt> command-line debug switch. If not present, the daemon detaches from the controlling terminal and proceeds autonomously. If one or more <tt>-d</tt> switches are present, the daemon does not detach and generates special output useful for debugging. In general, interpretation of this output requires reference to the sources. However, a single <tt>-d</tt> does produce only mildly cryptic output and can be very useful in finding problems with configuration and network troubles. With a little experience, the volume of output can be reduced by piping the output to <tt>grep</tt> and specifying the keyword of the trace you want to see.</p>
-		<p>Some problems are immediately apparent when the daemon first starts running. The most common of these are the lack of a UDP port for NTP (123) in the Unix <tt>/etc/services</tt> file (or equivalent in some systems). <b>Note that NTP does not use TCP in any form. Also note that NTP&nbsp;requires 123 for both source and destination ports.</b> These facts should be pointed out to firewall administrators.</p>
-		<p>Other problems are apparent in the system log, which ordinarily shows the startup banner, some cryptic initialization data and the computed precision value. Error messages at startup and during regular operation are sent to the system log. In real emergencies the daemon will sent a terminal error message to the system log and then cease operation.</p>
-		<p>The next most common problem is incorrect DNS names. Check that each DNS name used in the configuration file exists and that the address responds to the Unix <tt>ping</tt> command. The Unix <tt>traceroute</tt> or Windows <tt>tracert</tt> utility can be used to verify a partial or complete path exists. Most problems reported to the NTP&nbsp;newsgroup are not NTP&nbsp;problems, but problems with the network or firewall configuration.</p>
-		<p>When first started, the daemon polls the servers listed in the configuration file at 64-s intervals. In order to allow a sufficient number of samples for the NTP algorithms to reliably discriminate between truechimer servers and possible falsetickers, at least four valid messages from at least one server or peer listed in the configuration file is required before the daemon can set the clock. However, if the difference between the client time and server time is greater than the panic threshold, which defaults to 1000 s, the daemon sends a message to the system log and shuts down without setting the clock. It is necessary to set the local clock to within the panic threshold first, either manually by eyeball and wristwatch and the Unix <tt>date</tt> command, or by the <tt>ntpdate</tt> or <tt>ntpd -q</tt> commands. The panic threshold can be changed by the <tt>tinker panic</tt> command discribed on the <a href="miscopt.html">Miscellaneous Options</a> page. The panic threshold can be disabled for the first measurement by the <tt>-g</tt> command line option described on the <a href="ntpd.html"><tt>ntpd</tt> - Network Time Protocol (NTP) daemon</a> page.</p>
-		<p>If the difference between local time and server time is less than the panic threshold but greater than the step threshold, which defaults to 128 ms, the daemon will perform a step adjustment; otherwise, it will gradually slew the clock to the nominal time. Step adjustments are extremely rare in ordinary operation, usually as the result of reboot or hardware failure. The step threshold can be changed to 300 s using the <tt>-x</tt> command line option described on the <tt>ntpd</tt> page. This is usually sufficient to avoid a step after reboot or when the operator has set the system clock to within five minutes by eyeball-and-wristwatch. In extreme cases the step threshold can be changed by the <tt>tinker step</tt> command discribed on the <a href="miscopt.html">Miscellaneous Options</a> page. If set to zero, the clock will never be stepped; however, users should understand the implications for doing this in a distributed data network where all processing must be tightly synchronized. See the <a href="http://www.eecis.udel.edu/%7emills/leap.html">NTP Timescale and Leap Seconds</a> page for further information. If a step adjustment is made, the clock discipline algorithm will start all over again, requiring another round of at least four messages as before. This is necessary so that all servers and peers operate on the same set of time values.</p>
-		<p>The clock discipline algorithm is designed to avoid large noise spikes that might occur on a congested network or access line. If an offset sample exceeds the step threshold, it is ignored and a timer started. If a later sample is below the step threshold, the counter is reset and operation continues normally. However, if the counter is greater than the stepout interval, which defaults to 900 s, the next sample will step the time as directed. The stepout threshold can be changed by the <tt>tinker stepout</tt> command discribed on the Miscellaneous Options page.</p>
-		<p>If for some reason the hardware clock oscillator frequency error is very large, say over 400 PPM, the time offset when the daemon is started for the first time may increase over time until exceeding the step threshold, which requires a frequency adjustment and another step correction. However, due to provisions that reduce vulnerability to noise spikes, the second correction will not be done until after the stepout threshold. When the frequency error is very large, it may take a number of cycles like this until converging to the nominal frequency correction and writing the <tt>ntp.drift</tt> file. If the frequency error is over 500 PPM, convergence will never occur and occasional step adjustments will occur indefinitely.</p>
+		<p>This page discusses <tt>ntpd</tt> program monitoring and debugging techniques using the <a href="ntpq.html"><tt>ntpq</tt> - standard NTP query program</a>, either on the local server or from a remote machine. In special circumstances the <a href="ntpdc.html"><tt>ntpdc</tt> - special NTP query program</a>, can be useful, but its use is not covered here. The <tt>ntpq</tt> program implements the management functions specified in the NTP specification <a href="http://www.eecis.udel.edu/%7emills/database/rfc/rfc1305/rfc1305c.ps">RFC-1305, Appendix A</a>. It is used to read and write the variables defined in the NTP Version 4 specification now navigating the standards process. In addition, the program can be used to send remote configuration commands to the server.</p>
+		<p>The <tt>ntpd</tt> daemon can operate in two modes, depending on the presence of the <tt>-d</tt> command-line option. Without the option the daemon detaches from the controlling terminal and proceeds autonomously. With one or more <tt>-d</tt> options the daemon does not detach and generates special trace output useful for debugging. In general, interpretation of this output requires reference to the sources. However, a single <tt>-d</tt> does produce only mildly cryptic output and can be very useful in finding problems with configuration and network troubles.</p>
+		<p>Some problems are immediately apparent when the daemon first starts running. The most common of these are the lack of a UDP port for NTP (123) in the Unix <tt>/etc/services</tt> file (or equivalent in some systems). <b>Note that NTP does not use TCP in any form. Also note that NTP requires port 123 for both source and destination ports.</b> These facts should be pointed out to firewall administrators.</p>
+		<p>Other problems are apparent in the system log, which ordinarily shows the startup banner, some cryptic initialization data and the computed precision value. Event messages at startup and during regular operation are sent to the optional <tt>protostats</tt> monitor file, as described on the <a href="decode.html">Event Messages and Status Words</a> page. These and other error messages are sent to the system log, as described on the <a href="msyslog.html"><tt>ntpd</tt> System Log Messages</a> page. In real emergencies the daemon will sent a terminal error message to the system log and then cease operation.</p>
+		<p>The next most common problem is incorrect DNS names. Check that each DNS name used in the configuration file exists and that the address responds to the Unix <tt>ping</tt> command. The Unix <tt>traceroute</tt> or Windows <tt>tracert</tt> utility can be used to verify a partial or complete path exists. Most problems reported to the NTP newsgroup are not NTP problems, but problems with the network or firewall configuration.</p>
 		<h4>Verifying Correct Operation</h4>
-		<p>After starting the daemon, run the <tt>ntpq</tt> program using the <tt>-n</tt> switch, which will avoid possible distractions due to name resolution problems. Use the <tt>pe</tt> command to display a billboard showing the status of configured peers and possibly other clients poking the daemon. After operating for a few minutes, the display should be something like:</p>
-		<pre>
-ntpq&gt; pe
-     remote      refid       st t when poll reach delay offset jitter
-=====================================================================
--isipc6.cairn.ne .GPS1.        1 u  18  64  377  65.592 -5.891  0.044
-+saicpc-isiepc2. pogo.udel.edu 2 u 241 128  370  10.477 -0.117  0.067
-+uclpc.cairn.net pogo.udel.edu 2 u  37  64  177 212.111 -0.551  0.187
-*pogo.udel.edu   .GPS1.        1 u  95 128  377   0.607  0.123  0.027
-</pre>
-		<p>The host names or addresses shown in the <tt>remote</tt> column correspond to the server and peer entries listed in the configuration file; however, the DNS names might not agree if the names listed are not the canonical DNS names. IPv4 addresses are shown in dotted quad notation, while IPv6 addresses are shown alarmingly. The <tt>refid</tt> column shows the current source of synchronization, while the <tt>st</tt> column reveals the stratum, <tt>t</tt> the type (<tt>u</tt> = unicast, <tt>m</tt> = multicast, <tt>l</tt> = local, <tt>-</tt> = don't know), and <tt>poll</tt> the poll interval in seconds. The <tt>when</tt> column shows the time since the peer was last heard in seconds, while the <tt>reach</tt> column shows the status of the reachability register (see RFC-1305) in octal. The remaining entries show the latest delay, offset and jitter in milliseconds. Note that in NTP Version 4 what used to be the <tt>dispersion</tt> column has been replaced by the <tt>jitter</tt> column.</p>
-		<p>As per the NTP specification RFC-1305, when the <tt>stratum</tt> is between 0 and 15 for a NTP server, the <tt>refid</tt> field shows the server DNS name or, if not found, the IP address in dotted-quad. When the <tt>stratum</tt> is any value for a reference clock, this field shows the identification string assigned to the clock. However, until the client has synchronized to a server, or when the <tt>stratum</tt> for a NTP server is 0 (appears as 16 in the billboards), the status cannot be determined. As a help in debugging, the <tt>refid</tt> field is set to a four-character string called the kiss code. The current kiss codes are as as follows.</p>
-		<p>Peer Kiss Codes</p>
-		<p><tt>ACST</tt></p>
-		<dl>
-			<dd>The association belongs to a anycast server.
-			<dt><tt>AUTH</tt>
-			<dd>Server authentication failed. Please wait while the association is restarted.
-			<dt><tt>AUTO</tt>
-			<dd>Autokey sequence failed. Please wait while the association is restarted.
-			<dt><tt>BCST</tt>
-			<dd>The association belongs to a broadcast server.
-			<dt><tt>CRYP</tt>
-			<dd>Cryptographic authentication or identification failed. The details should be in the system log file or the <tt>cryptostats</tt> statistics file, if configured. No further messages will be sent to the server.
-			<dt><tt>DENY</tt>
-			<dd>Access denied by remote server. No further messages will be sent to the server.
-			<dt><tt>DROP</tt>
-			<dd>Lost peer in symmetric mode. Please wait while the association is restarted.
-			<dt><tt>RSTR</tt>
-			<dd>Access denied due to local policy. No further messages will be sent to the server.
-			<dt><tt>INIT</tt>
-			<dd>The association has not yet synchronized for the first time.
-			<dt><tt>MCST</tt>
-			<dd>The association belongs to a manycast server.
-			<dt><tt>NKEY</tt>
-			<dd>No key found. Either the key was never installed or is not trusted.
-			<dt><tt>RATE</tt>
-			<dd>Rate exceeded. The server has temporarily denied access because the client exceeded the rate threshold.
-			<dt><tt>RMOT</tt>
-			<dd>Somebody is tinkering with the association from a remote host running <tt>ntpdc</tt>. Not to worry unless some rascal has stolen your keys.
-			<dt><tt>STEP</tt>
-			<dd>A step change in system time has occurred, but the association has not yet resynchronized.
-		</dl>
-		<p>System Kiss Codes</p>
-		<dl>
-			<dt><tt>INIT</tt>
-			<dd>The system clock has not yet synchronized for the first time.
-			<dt><tt>STEP</tt>
-			<dd>A step change in system time has occurred, but the system clock has not yet resynchronized.
-		</dl>
-		<p>The tattletale symbol at the left margin displays the synchronization status of each peer. The currently selected peer is marked <tt>*</tt>, while additional peers designated acceptable for synchronization are marked <tt>+</tt>. Peers marked <tt>*</tt> and <tt>+</tt> are included in the weighted average computation to set the local clock; the data produced by peers marked with other symbols are discarded. See the <tt>ntpq</tt> page for the meaning of these symbols.</p>
-		<p>Additional details for each peer separately can be determined by the following procedure. First, use the <tt>as</tt> command to display an index of association identifiers, such as</p>
-		<pre>
-ntpq&gt; as
-ind assID status  conf reach auth condition  last_event cnt
-===========================================================
-  1 50252  f314   yes   yes   ok    outlyer   reachable  1
-  2 50253  f414   yes   yes   ok   candidat   reachable  1
-  3 50254  f414   yes   yes   ok   candidat   reachable  1
-  4 50255  f614   yes   yes   ok   sys.peer   reachable  1
-</pre>
-		<p>Each line in this billboard is associated with the corresponding line in the <tt>pe</tt> billboard above. The <tt>assID</tt> shows the unique identifier for each mobilized association, while the <tt>status</tt> column shows the peer status word in hex, as defined in the NTP specification. Next, use the <tt>rv</tt> command and the respective <tt>assID</tt> identifier to display a detailed synopsis for the selected peer, such as</p>
-		<pre>
-ntpq&gt; rv 50253
-status=f414 reach, conf, auth, sel_candidat, 1 event, event_reach,
-srcadr=saicpc-isiepc2.cairn.net, srcport=123, dstadr=140.173.1.46,
-dstport=123, keyid=3816249004, stratum=2, precision=-27,
-rootdelay=10.925, rootdispersion=12.848, refid=pogo.udel.edu,
-reftime=bd11b225.133e1437  Sat, Jul  8 2000 13:59:01.075, delay=10.550,
-offset=-1.357, jitter=0.074, dispersion=1.444, reach=377, valid=7,
-hmode=1, pmode=1, hpoll=6, ppoll=7, leap=00, flash=00 ok,
-org=bd11b23c.01385836  Sat, Jul  8 2000 13:59:24.004,
-rec=bd11b23c.02dc8fb8  Sat, Jul  8 2000 13:59:24.011,
-xmt=bd11b21a.ac34c1a8  Sat, Jul  8 2000 13:58:50.672,
-filtdelay=   10.45  10.50  10.63  10.40  10.48  10.43  10.49  11.26,
-filtoffset=  -1.18  -1.26  -1.26  -1.35  -1.35  -1.42  -1.54  -1.81,
-filtdisp=     0.51   1.47   2.46   3.45   4.40   5.34   6.33   7.28,
-hostname=&quot;miro.time.saic.com&quot;, signature=md5WithRSAEncryption, flags=0x83f01, initsequence=61, initkey=0x287b649c,
-timestamp=3172053041
-</pre>
-		<p>A detailed explanation of the fields in this billboard are beyond the scope of this discussion; however, most variables defined in the NTP Version 3 specification RFC-1305 are available along with others defined for NTPv4 on the <tt>ntpq</tt> page. This particular example was chosen to illustrate probably the most complex configuration involving symmetric modes and public-key cryptography. As the result of debugging experience, the names and values of these variables may change from time to time.</p>
-		<p>A useful indicator of miscellaneous problems is the <tt>flash</tt> value, which reveals the state of the various sanity tests on incoming packets. There are currently 12 bits, one for each test, numbered from the right, which is for test 1. If the test fails, the corresponding bit is set to one and zero otherwise. If any bit is set following each processing step, the packet is discarded. The meaning of each test is described on the <tt>ntpq</tt> page.</p>
-		<p>The three lines identified as <tt>filtdelay</tt>, <tt>filtoffset</tt> and <tt>filtdisp</tt> reveal the roundtrip delay, clock offset and dispersion for each of the last eight measurement rounds, all in milliseconds. Note that the dispersion, which is an estimate of the error, increases as the age of the sample increases. From these data, it is usually possible to determine the incidence of severe packet loss, network congestion, and unstable local clock oscillators. There are no hard and fast rules here, since every case is unique; however, if one or more of the rounds show large values or change radically from one round to another, the network is probably congested or lossy.</p>
-		<p>Once the daemon has set the local clock, it will continuously track the discrepancy between local time and NTP time and adjust the local clock accordingly. There are two components of this adjustment, time and frequency. These adjustments are automatically determined by the clock discipline algorithm, which functions as a hybrid phase/frequency feedback loop. The behavior of this algorithm is carefully controlled to minimize residual errors due to network jitter and frequency variations of the local clock hardware oscillator that normally occur in practice. However, when started for the first time, the algorithm may take some time to converge on the intrinsic frequency error of the host machine.</p>
-		<p>The state of the local clock itself can be determined using the <tt>rv</tt> command (without the argument), such as</p>
-		<pre>
-ntpq&gt; rv
-status=0644 leap_none, sync_ntp, 4 events, event_peer/strat_chg,
-version=&quot;ntpd 4.0.99j4-r Fri Jul  7 23:38:17 GMT 2000 (1)&quot;,
-processor=&quot;i386&quot;, system=&quot;FreeBSD3.4-RELEASE&quot;, leap=00, stratum=2,
-precision=-27, rootdelay=0.552, rootdispersion=12.532, peer=50255,
-refid=pogo.udel.edu,
-reftime=bd11b220.ac89f40a  Sat, Jul  8 2000 13:58:56.673, poll=6,
-clock=bd11b225.ee201472  Sat, Jul  8 2000 13:59:01.930, state=4,
-phase=0.179, frequency=44.298, jitter=0.022, stability=0.001,
-hostname=&quot;barnstable.udel.edu&quot;, signature=md5WithRSAEncryption,
-flags=0x80011, hostkey=3171372095, refresh=3172016539
-cert=&quot;grundoon.udel.edu grundoon.udel.edu 0x3 3233600829&quot;
-cert=&quot;whimsy.udel.edu whimsy.udel.edu 0x5 3233682156&quot;
-</pre>
-		<p>An explanation about most of these variables is in the RFC-1305 specification. The most useful ones include <tt>clock</tt>, which shows when the clock was last adjusted, and <tt>reftime</tt>, which shows when the server clock of <tt>refid</tt> was last adjusted. The <tt>version</tt>, <tt>processor</tt> and <tt>system</tt> values are very helpful when included in bug reports. The mean millisecond time offset (<tt>phase</tt>) and deviation (<tt>jitter</tt>) monitor the clock quality, while the mean PPM frequency offset (<tt>frequency</tt>) and deviation (<tt>stability</tt>) monitor the clock stability and serve as a useful diagnostic tool. It has been the experience of NTP operators over the years that these data represent useful environment and hardware alarms. If the motherboard fan freezes up or some hardware bit sticks, the system clock is usually the first to notice it.</p>
-		<p>Among the new variables added for NTP Version 4 are the <tt>hostname</tt>, <tt>signature</tt>, <tt>flags, hostkey, refresh </tt>and<tt> cert</tt>, which are used for the Autokey public-key cryptography described on the <a href="authopt.html">Authentication Options</a> page. The numeric values show the filestamps, in NTP seconds, that the associated media files were created. These are useful in diagnosing problems with cryptographic key consistency and ordering principles.</p>
-		<p>When nothing seems to happen in the <tt>pe</tt> billboard after some minutes, there may be a network problem. One common network problem is an access controlled router on the path to the selected peer or an access controlled server using methods described on the <a href="accopt.html">Access Control Options</a> page. Another common problem is that the server is down or running in unsynchronized mode due to a local problem. Use the <tt>ntpq</tt> program to spy on the server variables in the same way you can spy on your own.</p>
-		<p>Normally, the daemon will adjust the local clock in small steps in such a way that system and user programs are unaware of its operation. The adjustment process operates continuously unless the apparent clock error exceeds the step threshold for a period longer than the stepout threshold, which for most Internet paths is a very rare event. If the event is simply an outlyer due to an occasional network delay spike, the correction is simply discarded; however, if the apparent time error persists for longer than the stepout threshold of about 17 minutes, the local clock is stepped or slewed to the new value as directed. This behavior is designed to resist errors due to severely congested network paths, as well as errors due to confused radio clocks upon the epoch of a leap second.</p>
+		<p>Unless using the <tt>iburst</tt> option, the client normally takes a few
+			minutes to synchronize to a server. If the client time at startup happens
+			to be more than 1000 s distant from NTP time, the daemon exits with a message
+			to the system log directing the operator to manually set the time within 1000
+			s and restart. If the time is less than 1000 s but more than 128 s distant,
+			a step correction occurs and the daemon restarts automatically.</p>
+		<p>When started for the first time and a frequency file is not present, the
+			daemon enters a special mode in order to calibrate the frequency. This takes
+			900 s during which the time is not disciplined. When calibration is complete,
+			the daemon creates the frequency file and enters normal mode to amortize whatever
+			residual offset remains.</p>
+		<p>The <tt>ntpq</tt> commands <tt>pe</tt>, <tt>as</tt> and <tt>rv</tt> are
+			normally sufficient to verify correct operation and assess nominal performance.
+			The <a href="ntpq.html#pe"><tt>pe</tt></a> command displays a list showing
+			the DNS name or IP address for each association along with selected status
+			and statistics variables. The first character in each line is the tally code,
+			which shows which associations are candidates to set the system clock and
+			of these which one is the system peer. The encoding is shown in the <tt>select</tt>
+			field of the <a href="decode.html#peer">peer status word</a>.</p>
+		<p>The <a href="ntpq.html#as"><tt>as</tt></a> command displays a list of associations and association identifiers. Note the <tt>condition</tt> column, which reflects the tally code. The <a href="ntpq.html#pe"><tt>rv</tt></a> command displays the <a href="ntpq.html#system">system variables</a> billboard, including the <a href="decode.html#sys">system status word</a>. The <a href="ntpq.html#rv"><tt>rv <i>assocID</i></tt></a> command, where <tt><i>assocID</i></tt> is the association ID, displays the <a href="ntpq.html#peer">peer variables</a> billboard, including the <a href="decode.html#peer">peer status word</a>. Note that, except for explicit calendar dates, times are in milliseconds and frequencies are in parts-per-million (PPM).</p>
+		<p>A detailed explanation of the system, peer and clock variables in the billboards is beyond the scope of this page; however, a comprehensive explanation for each one is in the NTPv4 protocol specification. The following observations will be useful in debugging and monitoring.</p>
+		<ol>
+			<li>The server has successfully synchronized to its sources if the <tt>leap</tt> peer
+				variable has value other than 3 (11b) The client has successfully synchronized
+				to the server when the <tt>leap</tt> system variable has value other than
+				3.
+			<li>The <tt>reach</tt> peer variable is an 8-bit shift register displayed in octal format. When a valid packet is received, the rightmost bit is lit. When a packet is sent, the register is shifted left one bit with 0 replacing the rightmost bit. If the <tt>reach</tt> value is nonzero, the server is reachable; otherwise, it is unreachable. Note that, even if all servers become unreachable, the system continues to show valid time to dependent applications.
+			<li>A useful indicator of miscellaneous problems is the <tt>flash</tt> peer variable, which shows the result of 13 sanity tests. It contains the <a href="decode.html#flash">flash status word</a> bits, commonly called flashers, which displays the current errors for the association. These bits should all be zero for a valid server.
+			<li>The three peer variables <tt>filtdelay</tt>, <tt>filtoffset</tt> and <tt>filtdisp</tt> show the delay, offset and jitter statistics for each of the last eight measurement rounds. These statistics and their trends are valuable performance indicators for the server, client and the network. For instance, large fluctuations in delay and jitter suggest network congestion. Missing clock filter stages suggest packet losses in the network.
+			<li>The synchronization distance, defined as one-half the delay plus the dispersion, represents the maximum error statistic. The jitter represents the expected error statistic. The maximum error and expected error calculated from the peer variables represents the quality metric for the server. The maximum error and expected error calculated from the system variables represents the quality metric for the client. If the root synchronization distance for any server exceeds 1.5 s, called the select threshold, the server is considered invalid.</ol>
 		<h4>Large Frequency Errors</h4>
-		<p>The frequency tolerance of computer clock oscillators can vary widely, which can put a strain on the daemon's ability to compensate for the intrinsic frequency error. While the daemon can handle frequency errors up to 500 parts-per-million (PPM), or 43 seconds per day, values much above 100 PPM reduce the headroom and increase the time to learn the particular value and record it in the <tt>ntp.drift</tt> file. In extreme cases before the particular oscillator frequency error has been determined, the residual system time offsets can sweep from one extreme to the other of the 128-ms tracking window only for the behavior to repeat at 900-s intervals until the measurements have converged.</p>
-		<p>In order to determine if excessive frequency error is a problem, observe the nominal <tt>filtoffset</tt> values for a number of rounds and divide by the poll interval. If the result is something approaching 500 PPM, there is a good chance that NTP will not work properly until the frequency error is reduced by some means. A common cause is the hardware time-of-year (TOY) clock chip, which must be disabled when NTP disciplines the software clock. For some systems this can be done using the <tt><a href="tickadj.html">tickadj</a></tt> utility and the <tt>-s</tt> command line argument. For other systems this can be done using a command in the system startup file.</p>
-		<p>If the TOY chip is not the cause, the problem may be that the hardware clock frequency may simply be too slow or two fast. In some systems this might require tweaking a trimmer capacitor on the motherboard. For other systems the clock frequency can be adjusted in increments of 100 PPM using the <tt>tickadj</tt> utility and the <tt>-t</tt> command line argument. Note that the <tt>tickadj</tt> alters certain kernel variables and, while the utility attempts to figure out an acceptable way to do this, there are many cases where <tt>tickadj</tt> is incompatible with a running kernel.</p>
+		<p>The frequency tolerance of computer clock oscillators varies widely, sometimes above 500 PPM. While the daemon can handle frequency errors up to 500 PPM, or 43 seconds per day, values much above 100 PPM reduce the headroom, especially at the lowest poll intervals. To determine the particular oscillator frequency, start <tt>ntpd</tt>  using the <tt>noselect</tt> option with the  <tt>server</tt> configuration command.</p>
+		<p>Record the time of day and offset displayed by the <tt>ntpq</tt> <a href="ntpq.html#pe"><tt>pe</tt></a> command. Wait for an hour or so and record the time of day and offset. Calculate the frequency as the offset difference divided by the time difference. If the frequency is much above 100 PPM, the <a href="tickadj.html">tickadj</a> program might be useful to adjust the kernel clock frequency below that value. For systems that do not support this program, this might be one using a command in the system startup file.</p>
 		<h4>Access Controls</h4>
 		<p>Provisions are included in <tt>ntpd</tt> for access controls which deflect unwanted traffic from selected hosts or networks. The controls described on the <a href="accopt.html">Access Control Options</a> include detailed packet filter operations based on source address and address mask. Normally, filtered packets are dropped without notice other than to increment tally counters. However, the server can be configured to send a &quot;kiss-o'-death&quot; (KOD) packet to the client either when explicitly configured or when cryptographic authentication fails for some reason. The client association is permanently disabled, the access denied bit (TEST4) is set in the flash variable and a message is sent to the system log.</p>
-		<p>The access control provisions include a limit on the packet rate from a host or network. If an incoming packet exceeds the limit, it is dropped and a KOD sent to the source. If this occurs after the client association has synchronized, the association is not disabled, but a message is sent to the system log. See the <a href="accopt.html">Access Control Options</a> page for further informatin.</p>
+		<p>The access control provisions include a limit on the packet rate from a
+			host or network. If an incoming packet exceeds the limit, it is dropped and
+			a KOD sent to the source. If this occurs after the client association has
+			synchronized, the association is not disabled, but a message is sent to the
+			system log. See the <a href="accopt.html">Access Control Options</a> page
+			for further information.</p>
 		<h4>Large Delay Variations</h4>
 		<p>In some reported scenarios an access line may show low to moderate network delays during some period of the day and moderate to high delays during other periods. Often the delay on one direction of transmission dominates, which can result in large time offset errors, sometimes in the range up to a few seconds. It is not usually convenient to run <tt>ntpd</tt> throughout the day in such scenarios, since this could result in several time steps, especially if the condition persists for greater than the stepout threshold.</p>
 		<p>Specific provisions have been built into <tt>ntpd</tt> to cope with these problems. The scheme is called &quot;huff-'n-puff and is described on the <a href="miscopt.html">Miscellaneous Options</a> page. An alternative approach in such scenarios is first to calibrate the local clock frequency error by running <tt>ntpd</tt> in continuous mode during the quiet interval and let it write the frequency to the <tt>ntp.drift</tt> file. Then, run <tt>ntpd -q</tt> from a cron job each day at some time in the quiet interval. In systems with the nanokernel or microkernel performance enhancements, including Solaris, Tru64, Linux and FreeBSD, the kernel continuously disciplines the frequency so that the residual correction produced by <tt>ntpd</tt> is usually less than a few milliseconds.</p>
@@ -159,9 +83,9 @@ cert=&quot;whimsy.udel.edu whimsy.udel.edu 0x5 3233682156&quot;
 			<li>Verify the <tt>/etc/services</tt> file host machine is configured to accept UDP packets on the NTP port 123. NTP is specifically designed to use UDP and does not respond to TCP.
 			<li>Check the system log for <tt>ntpd</tt> messages about configuration errors, name-lookup failures or initialization problems. Common system log messages are summarized on the <a href="msyslog.html"><tt>ntpd</tt> System Log Messages</a> page. Check to be sure that only one copy of <tt>ntpd</tt> is running.
 			<li>Verify using <tt>ping</tt> or other utility that packets actually do make the round trip between the client and server. Verify using <tt>nslookup</tt> or other utility that the DNS server names do exist and resolve to valid Internet addresses.
-			<li>Check that the remote NTP&nbsp;server is up and running. The usual evidence that it is not is a <tt>Connection refused</tt> message.
+			<li>Check that the remote NTP server is up and running. The usual evidence that it is not is a <tt>Connection refused</tt> message.
 			<li>Using the <tt>ntpdc</tt> program, verify that the packets received and packets sent counters are incrementing. If the sent counter does not increment and the configuration file includes configured servers, something may be wrong in the host network or interface configuration. If this counter does increment, but the received counter does not increment, something may be wrong in the network or the server NTP daemon may not be running or the server itself may be down or not responding.
-			<li>If both the sent and received counters do increment, but the <tt>reach</tt> values in the <tt>pe</tt> billboard with <tt>ntpq</tt> continues to show zero, received packets are probably being discarded for some reason. If this is the case, the cause should be evident from the <tt>flash</tt> variable as discussed above and on the <tt>ntpq</tt> page. It could be that the server has disabled access for the client address, in which case the refid field in the <tt>ntpq pe</tt> billboard will show a kiss code. See earlier on this page for a list of kiss codes and their meaning.
+			<li>If both the sent and received counters do increment, but the <tt>reach</tt> values in the <tt>pe</tt> billboard with <tt>ntpq</tt> continues to show zero, received packets are probably being discarded for some reason. If this is the case, the cause should be evident from the <tt>flash</tt> variable as discussed above and on the <tt>ntpq</tt> page. It could be that the server has disabled access for the client address, in which case the <tt>refid</tt> field in the <tt>ntpq pe</tt> billboard will show a kiss code. See earlier on this page for a list of kiss codes and their meaning.
 			<li>If the <tt>reach</tt> values in the <tt>pe</tt> billboard show the servers are alive and responding, note the tattletale symbols at the left margin, which indicate the status of each server resulting from the various grooming and mitigation algorithms. The interpretation of these symbols is discussed on the <tt>ntpq</tt> page. After a few minutes of operation, one or another of the reachable server candidates should show a * tattletale symbol. If this doesn't happen, the intersection algorithm, which classifies the servers as truechimers or falsetickers, may be unable to find a majority of truechimers among the server population.
 			<li>If all else fails, see the FAQ and/or the discussion and briefings at the NTP Project page.
 		</ol>
diff --git a/html/decode.html b/html/decode.html
new file mode 100644
index 0000000..130fe8a
--- /dev/null
+++ b/html/decode.html
@@ -0,0 +1,879 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+	<head>
+<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
+<meta name="generator" content="HTML Tidy, see www.w3.org">
+<title>ntpd Event Messages and Status Words</title>
+<link href="scripts/style.css" type="text/css" rel="stylesheet">
+</head>
+<body>
+<h3>Event Messages and Status Words</h3>
+<img src="pic/alice47.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/%7emills/pictures.html">from <i>Alice's Adventures in Wonderland</i>, Lewis Carroll</a>
+
+<p>Caterpillar knows all the error codes, which is more than most of us do.</p>
+
+<p>Last update:
+<!-- #BeginDate format:En2m -->30-Apr-2010  23:13<!-- #EndDate -->
+UTC</p>
+<br clear="left">
+
+<h4>Related Links</h4>
+
+<p><script type="text/javascript" language="javascript" src="scripts/install.txt"></script></p>
+
+<h4>Table of Contents</h4>
+
+<ul>
+<li class="inline"><a href="#intro">Introduction</a></li>
+<li class="inline"><a href="#sys">System Status Word</a></li>
+<li class="inline"><a href="#peer">Peer Status Word</a></li>
+<li class="inline"><a href="#clock">Clock Status Word</a></li>
+<li class="inline"><a href="#flash">Flash Status Word</a></li>
+<li class="inline"><a href="#kiss">Kiss Codes</a></li>
+<li class="inline"><a href="#crypto">Crypto Messages</a></li>
+</ul>
+
+<hr>
+
+<h4 id="intro">Introduction</h4>
+
+<p>This page lists the status words, event messages and error codes used for <tt>ntpd</tt> reporting and monitoring. Status words are used to display the current status of the running program. There is one system status word and a peer status word for each association. There is a clock status word for each association that supports a reference clock. There is a flash code for each association which shows errors found in the last packet received (pkt) and during protocol processing (peer). These are commonly viewed using the <tt>ntpq</tt> program.</p>
+
+<p>Significant changes in program state are reported as events. There is one
+	set of system events and a set of peer events for each association. In addition,
+	there is a set of clock events for each association that supports a reference
+	clock. Events are normally reported to the <tt>protostats</tt> monitoring file
+	and optionally to the system log. In addition, if the trap facility is configured,
+	events can be reported to a remote program that can page an administrator.</p>
+
+<p>This page also includes a description of the error messages produced by the Autokey protocol. These messages are normally sent to the <tt>cryptostats</tt> monitoring file.</p>
+
+<p>In the following tables the Code Field is the status or event code assigned and the Message Field a short string used for display and event reporting. The Description field contains a longer explanation of the status or event. Some messages include additional information useful for error diagnosis and performance assessment.</p>
+
+<h4 id="sys">System Status Word</h4>
+
+<p>The system status word consists of four fields LI (0-1), Source (2-7), Count (8-11) and Code (12-15). It is reported in the first line of the <tt>rv</tt> display produced by the <tt>ntpq</tt> program.</p>
+
+<table width="50%" border="1" cellspacing="2" cellpadding="2">
+
+<tr>
+<td><div align="center">Leap</div></td>
+<td><div align="center">Source</div></td>
+<td><div align="center">Count</div></td>
+<td><div align="center">Code</div></td>
+</tr>
+
+</table>
+
+<p>The Leap Field displays the system leap indicator bits coded as follows:</p>
+
+<table width="100%" border="1" cellspacing="2" cellpadding="2">
+
+<tr>
+<td>Code</td>
+<td>Message</td>
+<td>Description</td>
+</tr>
+
+<tr>
+<td><tt>0</tt></td>
+<td><tt>leap_none</tt></td>
+<td>normal synchronized state</td>
+</tr>
+
+<tr>
+<td><tt>1</tt></td>
+<td><tt>leap_add_sec</tt></td>
+<td>insert second after 23:59:59 of the current day</td>
+</tr>
+
+<tr>
+<td><tt>2</tt></td>
+<td><tt>leap_del_sec</tt></td>
+<td>delete second 23:59:59 of the current day</td>
+</tr>
+
+<tr>
+<td><tt>3</tt></td>
+<td><tt>leap_alarm</tt></td>
+<td>never synchronized</td>
+</tr>
+
+</table>
+
+<p>The Source Field displays the current synchronization source coded as follows:.</p>
+
+<table width="100%" border="1" cellspacing="2" cellpadding="2">
+
+<tr>
+<td>Code</td>
+<td>Message</td>
+<td>Description</td>
+</tr>
+
+<tr>
+<td><tt>0</tt></td>
+<td><tt>sync_unspec</tt></td>
+<td>not yet synchronized</td>
+</tr>
+
+<tr>
+<td><tt>1</tt></td>
+<td><tt>sync_pps</tt></td>
+<td>pulse-per-second signal (Cs, Ru, GPS, etc.)</td>
+</tr>
+
+<tr>
+<td><tt>2</tt></td>
+<td><tt>sync_lf_radio</tt></td>
+<td>VLF/LF radio (WWVB, DCF77, etc.)</td>
+</tr>
+
+<tr>
+<td><tt>3</tt></td>
+<td><tt>sync_hf_radio</tt></td>
+<td>MF/HF radio (WWV, etc.)</td>
+</tr>
+
+<tr>
+<td><tt>4</tt></td>
+<td><tt>sync_uhf_radio</tt></td>
+<td>VHF/UHF radio/satellite (GPS, Galileo, etc.)</td>
+</tr>
+
+<tr>
+<td><tt>5</tt></td>
+<td><tt>sync_local</tt></td>
+<td>local timecode (IRIG, LOCAL driver, etc.)</td>
+</tr>
+
+<tr>
+<td><tt>6</tt></td>
+<td><tt>sync_ntp</tt></td>
+<td>NTP</td>
+</tr>
+
+<tr>
+<td><tt>7</tt></td>
+<td><tt>sync_other</tt></td>
+<td>other (IEEE 1588, openntp, crony, etc.)</td>
+</tr>
+
+<tr>
+<td><tt>8</tt></td>
+<td><tt>sync_wristwatch</tt></td>
+<td>eyeball and wristwatch</td>
+</tr>
+
+<tr>
+<td><tt>9</tt></td>
+<td><tt>sync_telephone</tt></td>
+<td>telephone modem (ACTS, PTB, etc.)</td>
+</tr>
+
+</table>
+
+<p>The Count Field displays the number of events since the last time the code changed. Upon reaching 15, subsequent events with the same code are ignored.</p>
+
+<p>The Event Field displays the most recent event message coded as follows:</p>
+
+<table width="100%" border="1" cellspacing="2" cellpadding="2">
+
+<tr>
+<td>Code</td>
+<td>Message</td>
+<td>Description</td>
+</tr>
+
+<tr>
+<td><tt>00</tt></td>
+<td><tt>unspecified</tt></td>
+<td>unspecified</td>
+</tr>
+
+<tr>
+<td><tt>01</tt></td>
+<td><tt>freq_not_set</tt></td>
+<td>frequency file not available</td>
+</tr>
+
+<tr>
+<td><tt>02</tt></td>
+<td><tt>freq_set</tt></td>
+<td>frequency set from frequency file</td>
+</tr>
+
+<tr>
+<td><tt>03</tt></td>
+<td><tt>spike_detect</tt></td>
+<td>spike detected</td>
+</tr>
+
+<tr>
+<td><tt>04</tt></td>
+<td><tt>freq_mode</tt></td>
+<td>initial frequency training mode</td>
+</tr>
+
+<tr>
+<td><tt>05</tt></td>
+<td><tt>clock_sync</tt></td>
+<td>clock synchronized</td>
+</tr>
+
+<tr>
+<td><tt>06</tt></td>
+<td><tt>restart</tt></td>
+<td>program restart</td>
+</tr>
+
+<tr>
+<td><tt>07</tt></td>
+<td><tt>panic_stop</tt></td>
+<td>clock error more than 600 s</td>
+</tr>
+
+<tr>
+<td><tt>08</tt></td>
+<td><tt>no_system_peer</tt></td>
+<td>no system peer</td>
+</tr>
+
+<tr>
+<td><tt>09</tt></td>
+<td><tt>leap_armed</tt></td>
+<td>leap second armed from file or Autokey</td>
+</tr>
+
+<tr>
+<td><tt>0a</tt></td>
+<td><tt>leap_disarmed</tt></td>
+<td>leap second disarmed</td>
+</tr>
+
+<tr>
+<td><tt>0b</tt></td>
+<td><tt>leap_event</tt></td>
+<td>leap event</td>
+</tr>
+
+<tr>
+<td><tt>0c</tt></td>
+<td><tt>clock_step</tt></td>
+<td>clock stepped</td>
+</tr>
+
+<tr>
+<td><tt>0d</tt></td>
+<td><tt>kern</tt></td>
+<td>kernel information message</td>
+</tr>
+
+<tr>
+<td><tt>0e</tt></td>
+<td><tt>TAI...</tt></td>
+<td>leapsecond values update from file</td>
+</tr>
+
+<tr>
+<td><tt>0f</tt></td>
+<td><tt>stale leapsecond values</tt></td>
+<td>new NIST leapseconds file needed</td>
+</tr>
+<tr>
+<td><tt>10</tt></td>
+<td><tt>clockhop</tt></td>
+<td>spurious clock hop suppressed</td>
+</tr>
+
+</table>
+
+<h4 id="peer">Peer Status Word</h4>
+
+<p>The peer status word consists of four fields: Status (0-4), Select (5-7), Count (8-11) and Code (12-15). It is reported in the first line of the <tt>rv <i>associd</i></tt> display produced by the <tt>ntpq</tt> program.</p>
+
+<table width="50%" border="1" cellspacing="2" cellpadding="2">
+
+<tr>
+<td><div align="center">Status</div></td>
+<td><div align="center">Select</div></td>
+<td><div align="center">Count</div></td>
+<td><div align="center">Code</div></td>
+</tr>
+
+</table>
+
+<p>The Status Field displays the peer status code bits in hexadecimal; each bit is an independent flag.  (Note this field is 5 bits wide, and combines with the the 3-bit-wide Select Field to create the first full byte of the peer status word.)  The meaning of each bit in the Status Field is listed in the following table:</p>
+
+<table width="100%" border="1" cellspacing="2" cellpadding="2">
+
+<tr>
+<td>Code</td>
+<td>Message</td>
+<td>Description</td>
+</tr>
+
+<tr>
+<td><tt>08</tt></td>
+<td><tt>bcst</tt></td>
+<td>broadcast association</td>
+</tr>
+
+<tr>
+<td><tt>10</tt></td>
+<td><tt>reach</tt></td>
+<td>host reachable</td>
+</tr>
+
+<tr>
+<td><tt>20</tt></td>
+<td><tt>authenb</tt></td>
+<td>authentication enabled</td>
+</tr>
+
+<tr>
+<td><tt>40</tt></td>
+<td><tt>auth</tt></td>
+<td>authentication ok</td>
+</tr>
+
+<tr>
+<td><tt>80</tt></td>
+<td><tt>config</tt></td>
+<td>persistent association</td>
+</tr>
+
+</table>
+
+<p>The Select Field displays the current selection status. (The T Field in the following table gives the corresponding tally codes used in the <tt>ntpq peers</tt> display.) The values are coded as follows:</p>
+
+<table width="100%" border="1" cellspacing="2" cellpadding="2">
+
+<tr>
+<td>Code</td>
+<td>Message</td>
+<td>T</td>
+<td>Description</td>
+</tr>
+
+<tr>
+<td><tt>0</tt></td>
+<td><tt>sel_reject</tt></td>
+<td>&nbsp;</td>
+<td>discarded as not valid (TEST10-TEST13)</td>
+</tr>
+
+<tr>
+<td><tt>1</tt></td>
+<td><tt>sel_falsetick</tt></td>
+<td><tt>x</tt></td>
+<td>discarded by intersection algorithm</td>
+</tr>
+
+<tr>
+<td><tt>2</tt></td>
+<td><tt>sel_excess</tt></td>
+<td><tt>.</tt></td>
+<td>discarded by table overflow (not used)</td>
+</tr>
+
+<tr>
+<td><tt>3</tt></td>
+<td><tt>sel_outlyer</tt></td>
+<td><tt>-</tt></td>
+<td>discarded by the cluster algorithm</td>
+</tr>
+
+<tr>
+<td><tt>4</tt></td>
+<td><tt>sel_candidate</tt></td>
+<td><tt>+</tt></td>
+<td>included by the combine algorithm</td>
+</tr>
+
+<tr>
+<td><tt>5</tt></td>
+<td><tt>sel_backup</tt></td>
+<td><tt>#</tt></td>
+<td>backup (more than <tt>tos maxclock</tt> sources)</td>
+</tr>
+
+<tr>
+<td><tt>6</tt></td>
+<td><tt>sel_sys.peer</tt></td>
+<td><tt>*</tt></td>
+<td>system peer</td>
+</tr>
+
+<tr>
+<td><tt>7</tt></td>
+<td><tt>sel_pps.peer</tt></td>
+<td><tt>o</tt></td>
+<td>PPS peer (when the prefer peer is valid)</td>
+</tr>
+
+</table>
+
+<p>The Count Field displays the number of events since the last time the code changed. Upon reaching 15, subsequent events with the same code are ignored. </p>
+
+<p>The Event Field displays the most recent event message coded as follows:</p>
+
+<table width="100%" border="1" cellspacing="2" cellpadding="2">
+
+<tr>
+<td>Code</td>
+<td>Message</td>
+<td>Description</td>
+</tr>
+
+<tr>
+<td><tt>01</tt></td>
+<td><tt>mobilize</tt></td>
+<td>association mobilized</td>
+</tr>
+
+<tr>
+<td><tt>02</tt></td>
+<td><tt>demobilize</tt></td>
+<td>association demobilized</td>
+</tr>
+
+<tr>
+<td><tt>03</tt></td>
+<td><tt>unreachable</tt></td>
+<td>server unreachable</td>
+</tr>
+
+<tr>
+<td><tt>04</tt></td>
+<td><tt>reachable</tt></td>
+<td>server reachable</td>
+</tr>
+
+<tr>
+<td><tt>05</tt></td>
+<td><tt>restart</tt></td>
+<td>association restart</td>
+</tr>
+
+<tr>
+<td><tt>06</tt></td>
+<td><tt>no_reply</tt></td>
+<td>no server found (<tt>ntpdate</tt> mode)</td>
+</tr>
+
+<tr>
+<td><tt>07</tt></td>
+<td><tt>rate_exceeded</tt></td>
+<td>rate exceeded (kiss code <tt>RATE</tt>)</td>
+</tr>
+
+<tr>
+<td><tt>08</tt></td>
+<td><tt>access_denied</tt></td>
+<td>access denied (kiss code <tt>DENY</tt>)</td>
+</tr>
+
+<tr>
+<td><tt>09</tt></td>
+<td><tt>leap_armed</tt></td>
+<td>leap armed from server LI code</td>
+</tr>
+
+<tr>
+<td><tt>0a</tt></td>
+<td><tt>sys_peer</tt></td>
+<td>become system peer</td>
+</tr>
+
+<tr>
+<td><tt>0b</tt></td>
+<td><tt>clock_event</tt></td>
+<td>see clock status word</td>
+</tr>
+
+<tr>
+<td><tt>0c</tt></td>
+<td><tt>bad_auth</tt></td>
+<td>authentication failure</td>
+</tr>
+
+<tr>
+<td><tt>0d</tt></td>
+<td><tt>popcorn</tt></td>
+<td>popcorn spike suppressor</td>
+</tr>
+
+<tr>
+<td><tt>0e</tt></td>
+<td><tt>interleave_mode</tt></td>
+<td>entering interleave mode</td>
+</tr>
+
+<tr>
+<td><tt>0f</tt></td>
+<td><tt>interleave_error</tt></td>
+<td>interleave error (recovered)</td>
+</tr>
+
+<tr>
+<td><tt>10</tt></td>
+<td><tt>TAI...</tt></td>
+<td>leapsecond values update from server</td>
+</tr>
+
+</table>
+
+<h4 id="clock">Clock Status Word</h4>
+
+<p>The clock status word consists of four fields: Unused (0-7), Count (8-11) and Code (12-15). It is reported in the first line of the <tt>clockvar <i>associd</i></tt> display produced by the <tt>ntpq</tt> program.</p>
+<table width="50%" border="1" cellspacing="2" cellpadding="2">
+
+<tr>
+<td><div align="center">Unused</div></td>
+<td><div align="center">Count</div></td>
+<td><div align="center">Code</div></td>
+</tr>
+
+</table>
+
+<p>The Count Field displays the number of events since the last <tt>lockvar</tt> command, while the Event Field displays the most recent event message coded as follows:</p>
+
+<table width="100%" border="1" cellspacing="2" cellpadding="2">
+
+<tr>
+<td>Code</td>
+<td>Message</td>
+<td>Description</td>
+</tr>
+
+<tr>
+<td><tt>00</tt></td>
+<td><tt>clk_unspe</tt></td>
+<td>nominal</td>
+</tr>
+
+<tr>
+<td><tt>01</tt></td>
+<td><tt>clk_noreply</tt></td>
+<td>no reply to poll</td>
+</tr>
+
+<tr>
+<td><tt>02</tt></td>
+<td><tt>clk_badformat</tt></td>
+<td>bad timecode format</td>
+</tr>
+
+<tr>
+<td><tt>03</tt></td>
+<td><tt>clk_fault</tt></td>
+<td>hardware or software fault</td>
+</tr>
+
+<tr>
+<td><tt>04</tt></td>
+<td><tt>clk_bad_signal</tt></td>
+<td>signal loss</td>
+</tr>
+
+<tr>
+<td><tt>05</tt></td>
+<td><tt>clk_bad_date</tt></td>
+<td>bad date format</td>
+</tr>
+
+<tr>
+<td><tt>06</tt></td>
+<td><tt>clk_bad_time</tt></td>
+<td>bad time format</td>
+</tr>
+
+</table>
+
+<p>When the clock driver sets the code to a new value, a <tt>clock_alarm</tt> (11) peer event is reported.</p>
+
+<h4 id="flash">Flash Status Word</h4>
+
+<p>The flash status word is displayed by the <tt>ntpq</tt> program <tt>rv</tt> command. It consists of a number of bits coded in hexadecimal as follows:</p>
+
+<table width="100%" border="1" cellspacing="2" cellpadding="2">
+
+<tr>
+<td>Code</td>
+<td>Tag</td>
+<td>Message</td>
+<td>Description</td>
+</tr>
+
+<tr>
+<td><tt>0001</tt></td>
+<td>TEST1</td>
+<td><tt>pkt_dup</tt></td>
+<td>duplicate packet</td>
+</tr>
+
+<tr>
+<td><tt>0002</tt></td>
+<td>TEST2</td>
+<td><tt>pkt_bogus</tt></td>
+<td>bogus packet</td>
+</tr>
+
+<tr>
+<td><tt>0004</tt></td>
+<td>TEST3</td>
+<td><tt>pkt_unsync</tt></td>
+<td>protocol unsynchronized</td>
+</tr>
+
+<tr>
+<td><tt>0008</tt></td>
+<td>TEST4</td>
+<td><tt>pkt_denied</tt></td>
+<td>access denied</td>
+</tr>
+
+<tr>
+<td><tt>0010</tt></td>
+<td>TEST5</td>
+<td><tt>pkt_auth</tt></td>
+<td>bad authentication</td>
+</tr>
+
+<tr>
+<td><tt>0020</tt></td>
+<td>TEST6</td>
+<td><tt>pkt_stratum</tt></td>
+<td>bad synch or stratum</td>
+</tr>
+
+<tr>
+<td><tt>0040</tt></td>
+<td>TEST7</td>
+<td><tt>pkt_header</tt></td>
+<td>bad header</td>
+</tr>
+
+<tr>
+<td><tt>0080</tt></td>
+<td>TEST8</td>
+<td><tt>pkt_autokey</tt></td>
+<td>bad autokey</td>
+</tr>
+
+<tr>
+<td><tt>0100</tt></td>
+<td>TEST9</td>
+<td><tt>pkt_crypto</tt></td>
+<td>bad crypto</td>
+</tr>
+
+<tr>
+<td><tt>0200</tt></td>
+<td>TEST10</td>
+<td><tt>peer_stratum</tt></td>
+<td>peer bad synch or stratum</td>
+</tr>
+
+<tr>
+<td><tt>0400</tt></td>
+<td>TEST11</td>
+<td><tt>peer_dist</tt></td>
+<td>peer distance exceeded</td>
+</tr>
+
+<tr>
+<td><tt>0800</tt></td>
+<td>TEST12</td>
+<td><tt>peer_loop</tt></td>
+<td>peer synchronization loop</td>
+</tr>
+
+<tr>
+<td><tt>1000</tt></td>
+<td>TEST13</td>
+<td><tt>peer_unreach</tt></td>
+<td>peer unreachable</td>
+</tr>
+
+</table>
+
+<h4 id="kiss">Kiss Codes</h4>
+
+<p>Kiss codes are used in kiss-o'-death (koD) packets, billboard displays and log messages. They consist of a string of four zero-padded ASCII charactes. In practice they are informal and tend to change with time and implementation. Some of these codes can appear in the reference identifier field in <tt>ntpq</tt> billboards. Following is the current list:</p>
+
+<table width="100%" border="1" cellspacing="2" cellpadding="2">
+
+<tr>
+<td>Code</td>
+<td>Description</td>
+</tr>
+
+<tr>
+<td><tt>ACST</tt></td>
+<td>manycast server</td>
+</tr>
+
+<tr>
+<td><tt>AUTH</tt></td>
+<td>authentication error</td>
+</tr>
+
+<tr>
+<td><tt>AUTO</tt></td>
+<td>Autokey sequence error</td>
+</tr>
+
+<tr>
+<td><tt>BCST</tt></td>
+<td>broadcast server</td>
+</tr>
+
+<tr>
+<td><tt>CRYPT</tt></td>
+<td>Autokey protocol error</td>
+</tr>
+
+<tr>
+<td><tt>DENY</tt></td>
+<td>access denied by server</td>
+</tr>
+
+<tr>
+<td><tt>INIT</tt></td>
+<td>association initialized</td>
+</tr>
+
+<tr>
+<td><tt>MCST</tt></td>
+<td>multicast server</td>
+</tr>
+
+<tr>
+<td><tt>RATE</tt></td>
+<td>rate exceeded</td>
+</tr>
+
+<tr>
+<td><tt>TIME</tt></td>
+<td>association timeout</td>
+</tr>
+
+<tr>
+<td><tt>STEP</tt></td>
+<td>step time change</td>
+</tr>
+
+</table>
+
+<h4 id="crypto">Crypto Messages</h4>
+
+<p>These messages are sent to the <tt>cryptostats</tt> file when an error is detected in the Autokey protocol.</p>
+
+<table width="100%" border="1" cellspacing="2" cellpadding="2">
+
+<tr>
+<td>Code</td>
+<td>Message</td>
+<td>Description</td>
+</tr>
+
+<tr>
+<td><tt>01</tt></td>
+<td><tt>bad_format</tt></td>
+<td>bad extension field format or length</td>
+</tr>
+
+<tr>
+<td><tt>02</tt></td>
+<td><tt>bad_timestamp</tt></td>
+<td>bad timestamp</td>
+</tr>
+
+<tr>
+<td><tt>03</tt></td>
+<td><tt>bad_filestamp</tt></td>
+<td>bad filestamp</td>
+</tr>
+
+<tr>
+<td><tt>04</tt></td>
+<td><tt>bad_public_key</tt></td>
+<td>bad or missing public key</td>
+</tr>
+
+<tr>
+<td><tt>05</tt></td>
+<td><tt>bad_digest</tt></td>
+<td>unsupported digest type</td>
+</tr>
+
+<tr>
+<td><tt>06</tt></td>
+<td><tt>bad_identity</tt></td>
+<td>unsupported identity type</td>
+</tr>
+
+<tr>
+<td><tt>07</tt></td>
+<td><tt>bad_siglength</tt></td>
+<td>bad signature length</td>
+</tr>
+
+<tr>
+<td><tt>08</tt></td>
+<td><tt>bad signature</tt></td>
+<td>extension field signature not verified</td>
+</tr>
+
+<tr>
+<td><tt>09</tt></td>
+<td><tt>cert_not_verified</tt></td>
+<td>certificate signature not verified</td>
+</tr>
+
+<tr>
+<td><tt>0a</tt></td>
+<td><tt>cert_expired</tt></td>
+<td>host certificate expired</td>
+</tr>
+
+<tr>
+<td><tt>0b</tt></td>
+<td><tt>bad_cookie</tt></td>
+<td>bad or missing cookie</td>
+</tr>
+
+<tr>
+<td><tt>0c</tt></td>
+<td><tt>bad_leapseconds</tt></td>
+<td>bad or missing leapseconds values</td>
+</tr>
+
+<tr>
+<td><tt>0d</tt></td>
+<td><tt>cert_missing</tt></td>
+<td>bad or missing certificate</td>
+</tr>
+
+<tr>
+<td><tt>0e</tt></td>
+<td><tt>bad_group_key</tt></td>
+<td>bad or missing group key</td>
+</tr>
+
+<tr>
+<td><tt>0f</tt></td>
+<td><tt>proto_error</tt></td>
+<td>protocol error</td>
+</tr>
+
+</table>
+
+<hr>
+
+<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
+
+</body>
+</html>
\ No newline at end of file
diff --git a/html/description_files/description.jpg b/html/description_files/description.jpg
new file mode 100644
index 0000000..2153180
--- /dev/null
+++ b/html/description_files/description.jpg
diff --git a/html/drivers/driver1.html b/html/drivers/driver1.html
index afd85d2..9c58265 100644
--- a/html/drivers/driver1.html
+++ b/html/drivers/driver1.html
@@ -17,24 +17,9 @@
 			Reference ID: <tt>LCL</tt><br>
 			Driver ID: <tt>LOCAL</tt></p>
 		<h4>Description</h4>
-		<p>This driver is intended for use in an isolated network where no external source of synchronization such as a radio clock or modem is available. It allows a designated time server to act as a primary server to provide synchronization to other clients on the network. Pick a machine that has a good clock oscillator (Digital machines are good, Sun machines are not) and configure it with this driver. Set the clock using the best means available, like eyeball-and-wristwatch. Then, point all the other machines at this one or use broadcast (not multicast) mode to distribute time.</p>
-		<p>Another application for this driver is if a particular server clock is to be used as the clock of last resort when all other normal synchronization sources have gone away. This is especially useful if that server has an ovenized oscillator. For this you would configure this driver at a stratum greater than any other likely sources of time (say 3 or 4) to prevent the server taking over when legitimate sources are still available.</p>
-		<p>A third application for this driver is when an external discipline source is available, such as the NIST <tt>lockclock</tt> program, which synchronizes the local clock via a telephone modem and the NIST Automated Computer Time Service (ACTS), or the Digital Time Synchronization Service (DTSS), which runs on DCE machines. In this case the stratum should be set at zero, indicating a bona fide stratum-1 source. In the case of DTSS, the local clock can have a rather large jitter, depending on the interval between corrections and the intrinsic frequency error of the clock oscillator. In extreme cases, this can cause clients to exceed the 128-ms slew window and drop off the NTP subnet.</p>
-		<p>In the case where a NTP time server is synchronized to some device or protocol that is not external to the NTP daemon itself, some means should be provided to pass such things as error and health values to the NTP daemon for dissemination to its clients. If this is not done, there is a very real danger that the device or protocol could fail and with no means to tell NTP clients of the mishap. When ordinary Unix system calls like <tt>adjtime()</tt> are used to discipline the kernel clock, there is no obvious way this can be done without modifying the code for each case. However, when a modified kernel with the <tt>ntp_adjtime()</tt> system call&nbsp; is available, that routine can be used for the same purpose as the <tt>adjtime()</tt> routine and in addition provided with the estimated error, maximum error, and leap-indicator values. This is the preferred way to synchronize the kernel clock and pass information to the NTP clients.</p>
-		<p>In the default mode the behavior of the clock selection algorithm is modified when this driver is in use. The algorithm is designed so that this driver will never be selected unless no other discipline source is available. This can be overridden with the <tt>prefer</tt> keyword of the <tt>server</tt> configuration command, in which case only this driver will be selected for synchronization and all other discipline sources will be ignored. This behavior is intended for use when an external discipline source controls the system clock. See the <a href="../prefer.html">Mitigation Rules and the <tt>prefer</tt> Keyword</a> page for a detailed description of the exact behavior.</p>
-		<p>The stratum for this driver is set at 5 by default, but can be changed by the <tt>fudge</tt> configuration command and/or the <tt>ntpdc</tt> utility. The reference ID is <tt>LCL</tt> by default, but can be changed using the same mechanisms. <b>*NEVER*</b> configure this driver to operate at a stratum which might possibly disrupt a client with access to a bona fide primary server, unless the local clock oscillator is reliably disciplined by another source. <b>*NEVER NEVER*</b> configure a server which might devolve to an undisciplined local clock to use multicast mode.</p>
-		<p>This driver provides a mechanism to trim the local clock in both time and frequency, as well as a way to manipulate the leap bits. The <tt>fudge time1</tt> parameter adjusts the time (in seconds) and the <tt>fudge time2</tt> parameter adjusts the frequency (in parts per million). Both parameters are additive and operate only once; that is, each command (as from <tt>ntpdc</tt>) adds signed increments in time or frequency to the nominal local clock time and frequency.</p>
-		<h4>Operation with an External Reference Source</h4>
-		<p>There are special provisions for this driver to operate in conjunction with an external reference source, such as the <tt>LOCKCLOCK</tt> scheme used by the NIST&nbsp;time servers. In such schemes the system clock is disciplined by a source external to NTP, in the <tt>LOCKCLOCK</tt> case an ACTS&nbsp;telephone modem. To support <tt>LOCKCLOCK</tt> the NTP&nbsp;distribution should be built with the <tt>--enable-nist</tt> parameter in the configuration phase of the build procedure. This changes the system behavior as follows:</p>
-		<ol>
-			<li>The system clock is not disciplined in any way other than to call the <tt>ntp_adjtime()</tt>&nbsp;system call to obtain the kernel leap code, which becomes the driver leap code and. If the kernel leap code is 11 (not synchronized), the driver stratum is infinity; otherwise the stratum is set by the <tt>stratum</tt> subcommand on the <tt>fudge</tt> command applying to the driver.
-			<li>The NTP&nbsp;algorithms operate in the normal fashion with this driver and possibly other drivers and servers; however, the local clock driver as the <tt>prefer</tt> peer will always be selected, even if declared falseticker by the selection algorithm or fails to survive the clustering algorithm.
-			<li>If the driver leap code is 11, the system leap code is 11, system stratum infinity and system reference identifier <tt>DOWN</tt>. This provides a definitive status condition to dependent clients.
-		</ol>
-		<p>The local clock driver should be configured something like this:</p>
-		<p><tt>server 127.127.1.1 prefer</tt></p>
-		<p><tt>fudge 127.127.1.1 stratum 0 refid NIST</tt></p>
-		<p>The <tt>prefer</tt> keyword forces the driver to discipline the clock, even if other servers are configured and running correctly. This is convenient when a number of servers watch each other for monitoring and statistics gathering. In particular, the <tt>peerstats</tt> data and <tt>sysstats</tt> data can be collected at each server, aggregated for daily or weekly reports and sent by electric mail to a monitoring site. In addition, the full suite of cryptographic authentication algorithms is avialable to other servers and dependent clients.</p>
+		<p>Not: This driver is not recommended for new installations. A much more flexible replacement is available in the form of orphan mode described on the <a href="../assoc.html">Association Management page</a>.</p>
+		<p>This driver is intended for use in an isolated network where no external source of synchronization such as a radio clock or modem is available. It allows a designated time server to act as a primary server to provide synchronization to other clients on the network. Pick a machine that has a good clock oscillator (Digital machines are good, Sun machines are not) and configure it with this driver. Set the clock using the best means available, like eyeball-and-wristwatch. Then, point all the other machines at this one or use broadcast mode to distribute time.</p>
+		<p>Another application for this driver is if a particular server clock is to be used as the clock of last resort when all other normal synchronization sources have gone away. This is especially useful if that server has an ovenized oscillator. For this you would usually, but not necessarily, configure this driver at a stratum greater than any other likely sources of time, such as the default 5 for this driver, to prevent this driver taking over when legitimate sources elsewher in the network are  available. To further protect the Internet infrastructure from accidental or malicious exposure to this driver, the driver is desabled if another source is available and operating.</p>
 		<h4>Monitor Data</h4>
 		<p>No <tt>filegen clockstats</tt> monitor data are produced by this driver.</p>
 		<h4>Fudge Factors</h4>
diff --git a/html/drivers/driver10.html b/html/drivers/driver10.html
index 97b0495..20391d3 100644
--- a/html/drivers/driver10.html
+++ b/html/drivers/driver10.html
@@ -2,52 +2,52 @@
 
 <html>
 
-    <head>
-        <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
-        <meta name="GENERATOR" content="Mozilla/4.01 [en] (Win95; I) [Netscape]">
-        <title>Austron 2200A/2201A GPS Receivers</title>
-        <link href="scripts/style.css" type="text/css" rel="stylesheet">
-    </head>
+	<head>
+		<meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1">
+		<meta name="GENERATOR" content="Mozilla/4.01 [en] (Win95; I) [Netscape]">
+		<title>Austron 2200A/2201A GPS Receivers</title>
+		<link href="scripts/style.css" type="text/css" rel="stylesheet">
+	</head>
 
-    <body>
-        <h3>Austron 2200A/2201A GPS Receivers</h3>
-        <hr>
-        <h4>Synopsis</h4>
-        <p>Address: 127.127.10.<i>u</i><br>
-            Reference ID: <tt>GPS</tt><br>
-            Driver ID: <tt>GPS_AS2201</tt><br>
-            Serial Port: <tt>/dev/gps<i>u</i></tt>; 9600 baud, 8-bits, no parity<br>
-            Features: <tt>tty_clk</tt></p>
-        <h4>Description</h4>
-        <p>This driver supports the Austron 2200A/2201A GPS/LORAN Synchronized Clock and Timing Receiver connected via a serial port. It supports several special features of the clock, including the Input Buffer Module, Output Buffer Module, IRIG-B Interface Module and LORAN Assist Module. It requires the RS232 Buffered Serial Interface module for communication with the driver. For operation with multiple computers, it requires the <tt>ppsclock</tt> streams module described in the <a href="../ldisc.html">Line Disciplines and Streams Modules</a> page. The streams module requires a gadget box and 1-PPS level converter, such as described in the <a href="../pps.html">Pulse-per-second (PPS) Signal Interfacing</a> page.</p>
-        <p>For use with a single computer, the receiver can be connected directly to the receiver. For use with multiple computers, one of them is connected directly to the receiver and generates the polling messages. The other computers just listen to the receiver output directly or through a buffer amplifier. For computers that just listen, <tt>fudge flag2</tt> must be set and the <tt>ppsclock </tt>streams module configured on each of them.</p>
-        <p>This receiver is capable of a comprehensive and large volume of statistics and operational data. The specific data collection commands and attributes are embedded in the driver source code; however, the collection process can be enabled or disabled using the flag4 flag. If set, collection is enabled; if not, which is the default, it is disabled. A comprehensive suite of data reduction and summary scripts is in the ./scripts/stats directory</p>
-        of the ntp3 distribution.
-        <h4>Monitor Data</h4>
-        <p>When enabled by the <tt>flag4</tt> fudge flag, every received timecode is written as-is to the <tt>clockstats</tt> file.</p>
-        <h4>Fudge Factors</h4>
-        <dl>
-            <dt><tt>time1 <i>time</i></tt>
-            <dd>Specifies the time offset calibration factor, in seconds and fraction, with default 0.0.
-            <dt><tt>time2 <i>time</i></tt>
-            <dd>Not used by this driver.
-            <dt><tt>stratum <i>number</i></tt>
-            <dd>Specifies the driver stratum, in decimal from 0 to 15, with default 0.
-            <dt><tt>refid <i>string</i></tt>
-            <dd>Specifies the driver reference identifier, an ASCII string from one to four characters, with default <tt>GPS</tt>.
-            <dt><tt>flag1 0 | 1</tt>
-            <dd>Not used by this driver.
-            <dt><tt>flag2 0 | 1</tt>
-            <dd>Set for computers that listen-only.
-            <dt><tt>flag3 0 | 1</tt>
-            <dd>Not used by this driver.
-            <dt><tt>flag4 0 | 1</tt>
-            <dd>Enable verbose <tt>clockstats</tt> recording if set.
-        </dl>
-        <h4>Additional Information</h4>
-        <p><a href="../refclock.html">Reference Clock Drivers</a></p>
-        <hr>
-        <script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
-    </body>
+	<body>
+		<h3>Austron 2200A/2201A GPS Receivers</h3>
+		<hr>
+		<h4>Synopsis</h4>
+		<p>Address: 127.127.10.<i>u</i><br>
+			Reference ID: <tt>GPS</tt><br>
+			Driver ID: <tt>GPS_AS2201</tt><br>
+			Serial Port: <tt>/dev/gps<i>u</i></tt>; 9600 baud, 8-bits, no parity<br>
+			Features: <tt>tty_clk</tt></p>
+		<h4>Description</h4>
+		<p>This driver supports the Austron 2200A/2201A GPS/LORAN Synchronized Clock and Timing Receiver connected via a serial port. It supports several special features of the clock, including the Input Buffer Module, Output Buffer Module, IRIG-B Interface Module and LORAN Assist Module. It requires the RS232 Buffered Serial Interface module for communication with the driver.</p>
+		<p>For use with a single computer, the receiver can be connected directly to the receiver. For use with multiple computers, one of them is connected directly to the receiver and generates the polling messages. The other computers just listen to the receiver output directly or through a buffer amplifier. For computers that just listen, <tt>fudge flag2</tt> must be set and the <tt>ppsclock </tt>streams module configured on each of them.</p>
+		<p>This receiver is capable of a comprehensive and large volume of statistics and operational data. The specific data collection commands and attributes are embedded in the driver source code; however, the collection process can be enabled or disabled using the flag4 flag. If set, collection is enabled; if not, which is the default, it is disabled. A comprehensive suite of data reduction and summary scripts is in the ./scripts/stats directory</p>
+		of the ntp3 distribution.
+		<h4>Monitor Data</h4>
+		<p>When enabled by the <tt>flag4</tt> fudge flag, every received timecode is written as-is to the <tt>clockstats</tt> file.</p>
+		<h4>Fudge Factors</h4>
+		<dl>
+			<dt><tt>time1 <i>time</i></tt>
+			<dd>Specifies the time offset calibration factor, in seconds and fraction, with default 0.0.
+			<dt><tt>time2 <i>time</i></tt>
+			<dd>Not used by this driver.
+			<dt><tt>stratum <i>number</i></tt>
+			<dd>Specifies the driver stratum, in decimal from 0 to 15, with default 0.
+			<dt><tt>refid <i>string</i></tt>
+			<dd>Specifies the driver reference identifier, an ASCII string from one to four characters, with default <tt>GPS</tt>.
+			<dt><tt>flag1 0 | 1</tt>
+			<dd>Not used by this driver.
+			<dt><tt>flag2 0 | 1</tt>
+			<dd>Set for computers that listen-only.
+			<dt><tt>flag3 0 | 1</tt>
+			<dd>Not used by this driver.
+			<dt><tt>flag4 0 | 1</tt>
+			<dd>Enable verbose <tt>clockstats</tt> recording if set.
+		</dl>
+		<h4>Additional Information</h4>
+		<p><a href="../refclock.html">Reference Clock Drivers</a></p>
+		<hr>
+		<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
+	</body>
 
 </html>
\ No newline at end of file
diff --git a/html/drivers/driver11.html b/html/drivers/driver11.html
index b36f7f3..e7c370a 100644
--- a/html/drivers/driver11.html
+++ b/html/drivers/driver11.html
@@ -2,30 +2,28 @@
 
 <html>
 
-    <head>
-        <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
-        <meta name="GENERATOR" content="Mozilla/4.01 [en] (Win95; I) [Netscape]">
-        <title>Arbiter 1088A/B GPS Receiver</title>
-        <link href="scripts/style.css" type="text/css" rel="stylesheet">
-    </head>
+	<head>
+		<meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1">
+		<meta name="GENERATOR" content="Mozilla/4.01 [en] (Win95; I) [Netscape]">
+		<title>Arbiter 1088A/B GPS Receiver</title>
+		<link href="scripts/style.css" type="text/css" rel="stylesheet">
+	</head>
 
-    <body>
-        <h3>Arbiter 1088A/B GPS Receiver</h3>
-        <hr>
-        <h4>Synopsis</h4>
-        <p>Address: 127.127.11.<i>u</i><br>
-            Reference ID: <tt>GPS</tt><br>
-            Driver ID: <tt>GPS_ARBITER</tt><br>
-            Serial Port: <tt>/dev/gps<i>u</i></tt>; 9600 baud, 8-bits, no parity<br>
-            Features: <tt>tty_clk</tt></p>
-        <h4>
-            <p>Description</p>
-        </h4>
-        <p>This driver supports the Arbiter 1088A/B Satellite Controlled Clock. The claimed accuracy of this clock is 100 ns relative to the PPS output when receiving four or more satellites.</p>
-        <p>The receiver should be configured before starting the NTP daemon, in order to establish reliable position and operating conditions. It does not initiate surveying or hold mode. For use with NTP, the daylight savings time feature should be disables (<tt>D0</tt> command) and the broadcast mode set to operate in UTC (<tt>BU</tt> command).</p>
-        <p>The timecode format supported by this driver is selected by the poll sequence <tt>B5</tt>, which initiates a line in the following format to be repeated once per second until turned off by the <tt>B0</tt> command.</p>
-        <p>Format <tt>B5</tt> (24 ASCII printing characters):</p>
-        <pre>&lt;cr&gt;&lt;lf&gt;i yy ddd hh:mm:ss.000bbb
+	<body>
+		<h3>Arbiter 1088A/B GPS Receiver</h3>
+		<hr>
+		<h4>Synopsis</h4>
+		<p>Address: 127.127.11.<i>u</i><br>
+			Reference ID: <tt>GPS</tt><br>
+			Driver ID: <tt>GPS_ARBITER</tt><br>
+			Serial Port: <tt>/dev/gps<i>u</i></tt>; 9600 baud, 8-bits, no parity<br>
+			Features: <tt>tty_clk</tt></p>
+		<h4>Description</h4>
+		<p>This driver supports the Arbiter 1088A/B Satellite Controlled Clock. The claimed accuracy of this clock is 100 ns relative to the PPS output when receiving four or more satellites.</p>
+		<p>The receiver should be configured before starting the NTP daemon, in order to establish reliable position and operating conditions. It does not initiate surveying or hold mode. For use with NTP, the daylight savings time feature should be disables (<tt>D0</tt> command) and the broadcast mode set to operate in UTC (<tt>BU</tt> command).</p>
+		<p>The timecode format supported by this driver is selected by the poll sequence <tt>B5</tt>, which initiates a line in the following format to be repeated once per second until turned off by the <tt>B0</tt> command.</p>
+		<p>Format <tt>B5</tt> (24 ASCII printing characters):</p>
+		<pre>&lt;cr&gt;&lt;lf&gt;i yy ddd hh:mm:ss.000bbb
 
 on-time = &lt;cr&gt;
 i = synchronization flag (' ' = locked, '?' = unlocked)
@@ -34,10 +32,10 @@ ddd = day of year
 hh:mm:ss = hours, minutes, seconds
 .000 = fraction of second (not used)
 bbb = tailing spaces for fill</pre>
-        <p>The alarm condition is indicated by a '?' at i, which indicates the receiver is not synchronized. In normal operation, a line consisting of the timecode followed by the time quality character (TQ) followed by the receiver status string (SR) is written to the clockstats file.</p>
-        <p>The time quality character is encoded in IEEE P1344 standard:</p>
-        <p>Format <tt>TQ</tt> (IEEE P1344 estimated worst-case time quality)</p>
-        <pre>0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; clock locked, maximum accuracy
+		<p>The alarm condition is indicated by a '?' at i, which indicates the receiver is not synchronized. In normal operation, a line consisting of the timecode followed by the time quality character (TQ) followed by the receiver status string (SR) is written to the clockstats file.</p>
+		<p>The time quality character is encoded in IEEE P1344 standard:</p>
+		<p>Format <tt>TQ</tt> (IEEE P1344 estimated worst-case time quality)</p>
+		<pre>0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; clock locked, maximum accuracy
 F&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; clock failure, time not reliable
 4&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; clock unlocked, accuracy &lt; 1 us
 5&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; clock unlocked, accuracy &lt; 10 us
@@ -47,41 +45,41 @@ F&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; clock failure, time not reliable
 9&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; clock unlocked, accuracy &lt; 100 ms
 A&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; clock unlocked, accuracy &lt; 1 s
 B&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; clock unlocked, accuracy &lt; 10 s</pre>
-        <p>The status string is encoded as follows:</p>
-        <p>Format <tt>SR</tt> (25 ASCII printing characters)</p>
-        <pre>V=vv S=ss T=t P=pdop E=ee
+		<p>The status string is encoded as follows:</p>
+		<p>Format <tt>SR</tt> (25 ASCII printing characters)</p>
+		<pre>V=vv S=ss T=t P=pdop E=ee
 
 vv = satellites visible
 ss = relative signal strength
 t = satellites tracked
 pdop = position dilution of precision (meters)
 ee = hardware errors</pre>
-        <p>A three-stage median filter is used to reduce jitter and provide a dispersion measure. The driver makes no attempt to correct for the intrinsic jitter of the radio itself.</p>
-        <h4>Monitor Data</h4>
-        <p>When enabled by the <tt>flag4</tt> fudge flag, an additional line containing the latitude, longitude, elevation and optional deviation data is written to the <tt>clockstats</tt> file. The deviation data operates with an external pulse-per-second (PPS) input, such as a cesium oscillator or another radio clock. The PPS input should be connected to the B event channel and the radio initialized for deviation data on that channel. The deviation data consists of the mean offset and standard deviation of the external PPS signal relative the GPS signal, both in microseconds over the last 16 seconds.</p>
-        <h4>Fudge Factors</h4>
-        <dl>
-            <dt><tt>time1 <i>time</i></tt>
-            <dd>Specifies the time offset calibration factor, in seconds and fraction, with default 0.0.
-            <dt><tt>time2 <i>time</i></tt>
-            <dd>Not used by this driver.
-            <dt><tt>stratum <i>number</i></tt>
-            <dd>Specifies the driver stratum, in decimal from 0 to 15, with default 0.
-            <dt><tt>refid <i>string</i></tt>
-            <dd>Specifies the driver reference identifier, an ASCII string from one to four characters, with default <tt>GPS</tt>.
-            <dt><tt>flag1 0 | 1</tt>
-            <dd>Not used by this driver.
-            <dt><tt>flag2 0 | 1</tt>
-            <dd>Not used by this driver.
-            <dt><tt>flag3 0 | 1</tt>
-            <dd>Not used by this driver.
-            <dt><tt>flag4 0 | 1</tt>
-            <dd>Enable verbose <tt>clockstats</tt> recording if set.
-        </dl>
-        <h4>Additional Information</h4>
-        <p><a href="../refclock.html">Reference Clock Drivers</a></p>
-        <hr>
-        <script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
-    </body>
+		<p>A three-stage median filter is used to reduce jitter and provide a dispersion measure. The driver makes no attempt to correct for the intrinsic jitter of the radio itself.</p>
+		<h4>Monitor Data</h4>
+		<p>When enabled by the <tt>flag4</tt> fudge flag, an additional line containing the latitude, longitude, elevation and optional deviation data is written to the <tt>clockstats</tt> file. The deviation data operates with an external pulse-per-second (PPS) input, such as a cesium oscillator or another radio clock. The PPS input should be connected to the B event channel and the radio initialized for deviation data on that channel. The deviation data consists of the mean offset and standard deviation of the external PPS signal relative the GPS signal, both in microseconds over the last 16 seconds.</p>
+		<h4>Fudge Factors</h4>
+		<dl>
+			<dt><tt>time1 <i>time</i></tt>
+			<dd>Specifies the time offset calibration factor, in seconds and fraction, with default 0.0.
+			<dt><tt>time2 <i>time</i></tt>
+			<dd>Not used by this driver.
+			<dt><tt>stratum <i>number</i></tt>
+			<dd>Specifies the driver stratum, in decimal from 0 to 15, with default 0.
+			<dt><tt>refid <i>string</i></tt>
+			<dd>Specifies the driver reference identifier, an ASCII string from one to four characters, with default <tt>GPS</tt>.
+			<dt><tt>flag1 0 | 1</tt>
+			<dd>Not used by this driver.
+			<dt><tt>flag2 0 | 1</tt>
+			<dd>Not used by this driver.
+			<dt><tt>flag3 0 | 1</tt>
+			<dd>Not used by this driver.
+			<dt><tt>flag4 0 | 1</tt>
+			<dd>Enable verbose <tt>clockstats</tt> recording if set.
+		</dl>
+		<h4>Additional Information</h4>
+		<p><a href="../refclock.html">Reference Clock Drivers</a></p>
+		<hr>
+		<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
+	</body>
 
 </html>
\ No newline at end of file
diff --git a/html/drivers/driver18.html b/html/drivers/driver18.html
index 6acf5f2..a4dc769 100644
--- a/html/drivers/driver18.html
+++ b/html/drivers/driver18.html
@@ -5,12 +5,12 @@
 	<head>
 		<meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1">
 		<meta name="GENERATOR" content="Mozilla/4.01 [en] (Win95; I) [Netscape]">
-		<title>NIST Modem Time Service</title>
+		<title>NIST/USNO/PTB Modem Time Services</title>
 		<link href="scripts/style.css" type="text/css" rel="stylesheet">
 	</head>
 
 	<body>
-		<h3>Automated Computer Time Service (ACTS)</h3>
+		<h3>NIST/USNO/PTB Modem Time Services</h3>
 		<hr>
 		<h4>Synopsis</h4>
 		<p>Address: 127.127.18.<i>u</i><br>
diff --git a/html/drivers/driver19.html b/html/drivers/driver19.html
index 961ca09..e498969 100644
--- a/html/drivers/driver19.html
+++ b/html/drivers/driver19.html
@@ -2,58 +2,58 @@
 
 <html>
 
-    <head>
-        <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
-        <meta name="GENERATOR" content="Mozilla/4.01 [en] (Win95; I) [Netscape]">
-        <title>Heath WWV/WWVH Receiver</title>
-        <link href="scripts/style.css" type="text/css" rel="stylesheet">
-    </head>
+	<head>
+		<meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1">
+		<meta name="GENERATOR" content="Mozilla/4.01 [en] (Win95; I) [Netscape]">
+		<title>Heath WWV/WWVH Receiver</title>
+		<link href="scripts/style.css" type="text/css" rel="stylesheet">
+	</head>
 
-    <body>
-        <h3>Heath WWV/WWVH Receiver</h3>
-        <hr>
-        <h4>Synopsis</h4>
-        <p>Address: 127.127.19.<i>u</i><br>
-            Reference ID: <tt>WWV</tt><br>
-            Driver ID: <tt>WWV_HEATH</tt><br>
-            Serial Port: <tt>/dev/heath<i>u</i></tt>; 1200 baud, 8-bits, no parity<br>
-            Features: <tt>tty_clk</tt><br>
-            Requires: <tt>/usr/include/sys/termios.h</tt> header file with modem control</p>
-        <h4>Description</h4>
-        <p>This driver supports the Heath GC-1000 Most Accurate Clock, with RS232C Output Accessory. This is a WWV/WWVH receiver somewhat less robust than other supported receivers. Its claimed accuracy is 100 ms when actually synchronized to the broadcast signal, but this doesn't happen even most of the time, due to propagation conditions, ambient noise sources, etc. When not synchronized, the accuracy is at the whim of the internal clock oscillator, which can wander into the sunset without warning. Since the indicated precision is 100 ms, expect a host synchronized only to this thing to wander to and fro, occasionally being rudely stepped when the offset exceeds the default CLOCK_MAX of 128 ms.</p>
-        <p>The internal DIPswitches should be set to operate at 1200 baud in MANUAL mode and the current year. The external DIPswitches should be set to GMT and 24-hour format. It is very important that the year be set correctly in the DIPswitches; otherwise, the day of year will be incorrect after 28 April of a normal or leap year.</p>
-        <p>In MANUAL mode the clock responds to a rising edge of the request to send (RTS) modem control line by sending the timecode. Therefore, it is necessary that the operating system implement the <tt>TIOCMBIC</tt> and <tt>TIOCMBIS</tt> ioctl system calls and <tt>TIOCM_RTS</tt> control bit. Present restrictions require the use of a POSIX-compatible programming interface, although other interfaces may work as well.</p>
-        <p>The clock message consists of 23 ASCII printing characters in the following format:</p>
-        <pre>hh:mm:ss.f&nbsp;&nbsp;&nbsp;&nbsp; dd/mm/yr&lt;cr&gt;
+	<body>
+		<h3>Heath WWV/WWVH Receiver</h3>
+		<hr>
+		<h4>Synopsis</h4>
+		<p>Address: 127.127.19.<i>u</i><br>
+			Reference ID: <tt>WWV</tt><br>
+			Driver ID: <tt>WWV_HEATH</tt><br>
+			Serial Port: <tt>/dev/heath<i>u</i></tt>; 1200 baud, 8-bits, no parity<br>
+			Features: <tt>tty_clk</tt><br>
+			Requires: <tt>/usr/include/sys/termios.h</tt> header file with modem control</p>
+		<h4>Description</h4>
+		<p>This driver supports the Heath GC-1000 Most Accurate Clock, with RS232C Output Accessory. This is a WWV/WWVH receiver somewhat less robust than other supported receivers. It's claimed accuracy is 100 ms when actually synchronized to the broadcast signal, but this doesn't happen even most of the time, due to propagation conditions, ambient noise sources, etc. When not synchronized, the accuracy is at the whim of the internal clock oscillator, which can wander into the sunset without warning. Since the indicated precision is 100 ms, expect a host synchronized only to this thing to wander to and fro, occasionally being rudely stepped when the offset exceeds the default CLOCK_MAX of 128 ms.</p>
+		<p>The internal DIPswitches should be set to operate at 1200 baud in MANUAL mode and the current year. The external DIPswitches should be set to GMT and 24-hour format. It is very important that the year be set correctly in the DIPswitches; otherwise, the day of year will be incorrect after 28 April of a normal or leap year.</p>
+		<p>In MANUAL mode the clock responds to a rising edge of the request to send (RTS) modem control line by sending the timecode. Therefore, it is necessary that the operating system implement the <tt>TIOCMBIC</tt> and <tt>TIOCMBIS</tt> ioctl system calls and <tt>TIOCM_RTS</tt> control bit. Present restrictions require the use of a POSIX-compatible programming interface, although other interfaces may work as well.</p>
+		<p>The clock message consists of 23 ASCII printing characters in the following format:</p>
+		<pre>hh:mm:ss.f&nbsp;&nbsp;&nbsp;&nbsp; dd/mm/yr&lt;cr&gt;
 
 hh:mm:ss.f = hours, minutes, seconds
 f = deciseconds ('?' when out of spec)
 dd/mm/yr = day, month, year</pre>
-        <p>The alarm condition is indicated by '?', rather than a digit, at A. Note that 0?:??:??.? is displayed before synchronization is first established and hh:mm:ss.? once synchronization is established and then lost again for about a day.</p>
-        <p>A fudge time1 value of .07 s appears to center the clock offset residuals.</p>
-        <h4>Fudge Factors</h4>
-        <dl>
-            <dt><tt>time1 <i>time</i></tt>
-            <dd>Specifies the time offset calibration factor, in seconds and fraction, with default 0.0.
-            <dt><tt>time2 <i>time</i></tt>
-            <dd>Not used by this driver.
-            <dt><tt>stratum <i>number</i></tt>
-            <dd>Specifies the driver stratum, in decimal from 0 to 15, with default 0.
-            <dt><tt>refid <i>string</i></tt>
-            <dd>Specifies the driver reference identifier, an ASCII string from one to four characters, with default <tt>WWV</tt>.
-            <dt><tt>flag1 0 | 1</tt>
-            <dd>Not used by this driver.
-            <dt><tt>flag2 0 | 1</tt>
-            <dd>Not used by this driver.
-            <dt><tt>flag3 0 | 1</tt>
-            <dd>Not used by this driver.
-            <dt><tt>flag4 0 | 1</tt>
-            <dd>Not used by this driver
-        </dl>
-        Additional Information
-        <p><a href="../refclock.html">Reference Clock Drivers</a>&nbsp;</p>
-        <hr>
-        <script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
-    </body>
+		<p>The alarm condition is indicated by '?', rather than a digit, at A. Note that 0?:??:??.? is displayed before synchronization is first established and hh:mm:ss.? once synchronization is established and then lost again for about a day.</p>
+		<p>A fudge time1 value of .07 s appears to center the clock offset residuals.</p>
+		<h4>Fudge Factors</h4>
+		<dl>
+			<dt><tt>time1 <i>time</i></tt>
+			<dd>Specifies the time offset calibration factor, in seconds and fraction, with default 0.0.
+			<dt><tt>time2 <i>time</i></tt>
+			<dd>Not used by this driver.
+			<dt><tt>stratum <i>number</i></tt>
+			<dd>Specifies the driver stratum, in decimal from 0 to 15, with default 0.
+			<dt><tt>refid <i>string</i></tt>
+			<dd>Specifies the driver reference identifier, an ASCII string from one to four characters, with default <tt>WWV</tt>.
+			<dt><tt>flag1 0 | 1</tt>
+			<dd>Not used by this driver.
+			<dt><tt>flag2 0 | 1</tt>
+			<dd>Not used by this driver.
+			<dt><tt>flag3 0 | 1</tt>
+			<dd>Not used by this driver.
+			<dt><tt>flag4 0 | 1</tt>
+			<dd>Not used by this driver
+		</dl>
+		Additional Information
+		<p><a href="../refclock.html">Reference Clock Drivers</a>&nbsp;</p>
+		<hr>
+		<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
+	</body>
 
 </html>
\ No newline at end of file
diff --git a/html/drivers/driver20.html b/html/drivers/driver20.html
index 17be32c..9b871a9 100644
--- a/html/drivers/driver20.html
+++ b/html/drivers/driver20.html
@@ -4,7 +4,6 @@
 
 	<head>
 		<meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1">
-		<meta name="GENERATOR" content="Mozilla/4.76 [en] (X11; U; Linux 2.2.16-22 i586) [Netscape]">
 		<title>Generic NMEA GPS Receiver</title>
 		<link href="scripts/style.css" type="text/css" rel="stylesheet">
 	</head>
@@ -16,20 +15,23 @@
 		<p>Address: 127.127.20.<i>u</i><br>
 			Reference ID: <tt>GPS</tt><br>
 			Driver ID: <tt>GPS_NMEA</tt><br>
-			Serial Port: <tt>/dev/gps<i>u</i></tt>; 4800 baud, 8-bits, no parity<br>
+			Serial Port: <tt>/dev/gps<i>u</i></tt>; 4800 - 115200 bps, 8-bits, no parity<br>
+			Serial Port: <tt>/dev/gpspps<i>u</i></tt>; for just the PPS signal (this is tried first for PPS, before <tt>/dev/gps<i>u</i></tt>)<br>
 			Serial Port: <tt>/dev/gps<i>u</i></tt>; symlink to server:port (for nmead) Features: <tt>tty_clk</tt></p>
 		<h4>Description</h4>
-		<p>This driver supports GPS receivers with the <tt>$GPRMC</tt> NMEA output string by default.&nbsp; Alternately the <tt>$GPGGA</tt> or <tt>$GPGLL </tt>may be selected.</p>
-		<p>The driver expects the receiver to be set up to transmit a <tt>$GPRMC</tt> message every second.</p>
-		<p>The accuracy depend on the receiver used. Inexpesive GPS models are available with a claimed PPS signal accuracy of 1 <font face="Symbol">m</font>s or better relative to the broadcast signal. However, in most cases the actual accuracy is limited by the precision of the timecode and the latencies of the serial interface and operating system.</p>
-		<p>If the Operating System supports the PPSAPI, RFC-2783, it will be used.<br>&nbsp;</p>
+		<p>This driver supports GPS receivers with the <tt>$GPRMC, $GPGLL, $GPGGA, $GPZDA, and $GPZDG</tt> NMEA sentences by default.&nbsp; Note that Accord's custom NMEA sentence <tt>$GPZDG</tt> reports using the GPS timescale, while the rest of the sentences report UTC.&nbsp; The difference between the two is a whole number of seconds which increases with each leap second insertion in UTC.&nbsp; To avoid problems mixing UTC and GPS timescales, the driver disables processing of UTC sentences once <tt>$GPZDG</tt> is received.</p>
+		<p>The driver expects the receiver to be set up to transmit at least one supported sentence every second.</p>
+		<p>The accuracy depends on the receiver used. Inexpensive GPS models are available with a claimed PPS signal accuracy of 1 <font face="Symbol">m</font>s or better relative to the broadcast signal. However, in most cases the actual accuracy is limited by the precision of the timecode and the latencies of the serial interface and operating system.</p>
+		<p>If the Operating System supports PPSAPI (<a href="http://www.ietf.org/rfc/rfc2783.txt">RFC 2783</a>), fudge flag1 1 enables its use.<br>&nbsp;</p>
 		<p>The various GPS sentences that this driver recognises look like this:<br>
 			(others quietly ignored)</p>
-		<pre><tt>$GPRMC,POS_UTC,POS_STAT,LAT,LAT_REF,LON,LON_REF,SPD,HDG,DATE,MAG_VAR,MAG_REF*CC&lt;cr&gt;&lt;lf&gt;
-$GPGLL,LAT,LAT_REF,LONG,LONG_REF,POS_UTC,POS_STAT*CC&lt;cr&gt;&lt;lf&gt;
-$GPGGA,POS_UTC,LAT,LAT_REF,LONG,LONG_REF,FIX_MODE,SAT_USED,HDOP,ALT,ALT_UNIT,GEO,G_UNIT,D_AGE,D_REF*CC&lt;cr&gt;&lt;lf&gt;
+		<pre><tt>$GPRMC,UTC,POS_STAT,LAT,LAT_REF,LON,LON_REF,SPD,HDG,DATE,MAG_VAR,MAG_REF*CS&lt;cr&gt;&lt;lf&gt;
+$GPGLL,LAT,LAT_REF,LONG,LONG_REF,UTC,POS_STAT*CS&lt;cr&gt;&lt;lf&gt;
+$GPGGA,UTC,LAT,LAT_REF,LONG,LONG_REF,FIX_MODE,SAT_USED,HDOP,ALT,ALT_UNIT,GEO,G_UNIT,D_AGE,D_REF*CS&lt;cr&gt;&lt;lf&gt;
+$GPZDA,UTC,DD,MM,YYYY,TH,TM,*CS&lt;cr&gt;&lt;lf&gt;
+$GPZDG,GPSTIME,DD,MM,YYYY,AA.BB,V*CS&lt;cr&gt;&lt;lf&gt;
 
-&nbsp; POS_UTC&nbsp; - UTC of position. Hours, minutes and seconds [fraction (opt.)]. (hhmmss[.fff])
+&nbsp; UTC&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; - Time of day on UTC timescale. Hours, minutes and seconds [fraction (opt.)]. (hhmmss[.fff])
 &nbsp; POS_STAT - Position status. (A = Data valid, V = Data invalid)
 &nbsp; LAT&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; - Latitude (llll.ll)
 &nbsp; LAT_REF&nbsp; - Latitude direction. (N = North, S = South)
@@ -40,7 +42,7 @@ $GPGGA,POS_UTC,LAT,LAT_REF,LONG,LONG_REF,FIX_MODE,SAT_USED,HDOP,ALT,ALT_UNIT,GEO
 &nbsp; DATE&nbsp;&nbsp;&nbsp;&nbsp; - Date (ddmmyy)
 &nbsp; MAG_VAR&nbsp; - Magnetic variation (degrees) (x.x)
 &nbsp; MAG_REF&nbsp; - Magnetic variation (E = East, W = West)
-&nbsp; FIX_MODE - Position Fix Mode ( 0 = Invalid, &gt;0 = Valid)
+&nbsp; FIX_MODE - Position Fix Mode (0 = Invalid, &gt;0 = Valid)
 &nbsp; SAT_USED - Number Satellites used in solution
 &nbsp; HDOP&nbsp;&nbsp;&nbsp;&nbsp; - Horizontal Dilution of Precision
 &nbsp; ALT&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; - Antenna Altitude
@@ -49,11 +51,23 @@ $GPGGA,POS_UTC,LAT,LAT_REF,LONG,LONG_REF,FIX_MODE,SAT_USED,HDOP,ALT,ALT_UNIT,GEO
 &nbsp; G_UNIT&nbsp;&nbsp; - Geoid units (M/F)
 &nbsp; D_AGE&nbsp;&nbsp;&nbsp; - Age of last DGPS Fix
 &nbsp; D_REF&nbsp;&nbsp;&nbsp; - Reference ID of DGPS station
-&nbsp; CC&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; - Checksum (optional)
+&nbsp; GPSTIME&nbsp; - Time of day on GPS timescale. Hours, minutes and seconds [fraction (opt.)]. (hhmmss[.f])
+&nbsp; DD&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; - Day of the month (1-31)
+&nbsp; MM&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; - Month of the year (1-12)
+&nbsp; YYYY&nbsp;&nbsp;&nbsp;&nbsp; - Year
+&nbsp; AA.BB&nbsp;&nbsp;&nbsp; - Denotes the signal strength (should be &lt 05.00)
+&nbsp; V&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; - GPS sync status
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; '0' =&gt INVALID time,
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; '1' =&gt accuracy of +/- 20ms,
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; '2' =&gt accuracy of +/- 100ns	
+&nbsp; CS&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; - Checksum
 &nbsp; &lt;cr&gt;&lt;lf&gt; - Sentence terminator.</tt></pre>
-		Alternate GPS sentences (other than <tt>$GPRMC</tt> - the default) may be enabled by setting the relevent bits of 'mode' in the server configuration line<br>&nbsp;* server 127.127.20.x mode X<br>&nbsp;&nbsp;&nbsp; bit 0 - enables RMC&nbsp;&nbsp;&nbsp; ( value = 1)<br>&nbsp;&nbsp;&nbsp; bit 1 - enables GGA&nbsp;&nbsp;&nbsp; ( value = 2)<br>&nbsp;&nbsp;&nbsp; bit 2 - enables GLL&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ( value = 4)<br>
-		multiple sentences may be selected<br>
-		<p>The driver will send a <tt>$PMOTG,RMC,0000*1D&lt;cr&gt;&lt;lf&gt;</tt> message each time a <tt>$GPRMC</tt> string is needed. This is not needed on most GPS receivers because they automatically send the <tt>$GPRMC</tt> string every second and will only work on GPS receivers that understand the <tt>$PMOTG</tt> string. Others will just ignore it.</p>
+
+<p>Specific GPS sentences and bitrates may be selected by setting bits of the 'mode' in the server configuration line:<br>
+  &nbsp;&nbsp;<tt>server 127.127.20.x mode X</tt><br>&nbsp;&nbsp;&nbsp; bit 0 - process <tt>$GPMRC</tt>&nbsp;&nbsp;&nbsp; (value = 1)<br>&nbsp;&nbsp;&nbsp; bit 1 - process <tt>$GPGGA</tt>&nbsp;&nbsp;&nbsp; (value = 2)<br>&nbsp;&nbsp;&nbsp; bit 2 - process <tt>$GPGLL</tt>&nbsp;&nbsp;&nbsp; (value = 4)<br>&nbsp;&nbsp;&nbsp; bit 4 - process <tt>$GPZDA</tt> or <tt>$GPZDG</tt>&nbsp;&nbsp;&nbsp; (value = 8)<br> 
+<p>The default (mode 0) is to process all supported sentences, which results in the last received each cycle being used.&nbsp; Multiple sentences may be selected by adding their mode bit values.&nbsp; The driver uses 4800 bits per second by default.&nbsp; Faster bitrates can be selected using bits 4, 5, and 6 of the mode field:<br><br>
+		&nbsp;&nbsp;&nbsp; bits 4/5/6 - select serial bitrate&nbsp;&nbsp; (0 for 4800 - the default, 16 for 9600, 32 for 19200, 48 for 38400, 64 for 57600, 80 for 115200)<br></p>
+		<p>The driver will send a <tt>$PMOTG,RMC,0000*1D&lt;cr&gt;&lt;lf&gt;</tt> command each poll interval.&nbsp; This is not needed on most GPS receivers because they automatically send <tt>$GPRMC</tt> every second, but helps a Motorola GPS receiver that is otherwise silent.&nbsp; NMEA devices ignore commands they do not understand.</p>
 		<h4>Setting up the Garmin GPS-25XL</h4>
 		Switch off all output with by sending it the following string.
 		<pre>&quot;$PGRMO,,2&lt;cr&gt;&lt;lf&gt;&quot;</pre>
@@ -62,25 +76,25 @@ $GPGGA,POS_UTC,LAT,LAT_REF,LONG,LONG_REF,FIX_MODE,SAT_USED,HDOP,ALT,ALT_UNIT,GEO
 		<p>On some systems the PPS signal isn't switched on by default. It can be switched on by sending the following string.</p>
 		<pre>&quot;$PGRMC,,,,,,,,,,,,2&lt;cr&gt;&lt;lf&gt;&quot;</pre>
 		<h4>Monitor Data</h4>
-		<p>The GPS sentence(s) that is used is written to the clockstats file.</p>
+		<p>The GPS sentence that is used is written to the clockstats file and available with ntpq -c clockvar.</p>
 		<h4>Fudge Factors</h4>
 		<dl>
 			<dt><tt>time1 <i>time</i></tt>
-			<dd>Specifies the time offset calibration factor, in seconds and fraction, with default 0.0.
+			<dd>Specifies the PPS time offset calibration factor, in seconds and fraction, with default 0.0.
 			<dt><tt>time2 <i>time</i></tt>
-			<dd>Not used by this driver.
+			<dd>Specifies the serial end of line time offset calibration factor, in seconds and fraction, with default 0.0.
 			<dt><tt>stratum <i>number</i></tt>
 			<dd>Specifies the driver stratum, in decimal from 0 to 15, with default 0.
 			<dt><tt>refid <i>string</i></tt>
 			<dd>Specifies the driver reference identifier, an ASCII string from one to four characters, with default <tt>GPS</tt>.
 			<dt><tt>flag1 0 | 1</tt>
-			<dd>Not used by this driver.
+			<dd>Disable PPS signal processing if 0 (default); enable PPS signal processing if 1.
 			<dt><tt>flag2 0 | 1</tt>
-			<dd>Specifies the PPS signal on-time edge: 0 for assert (default), 1 for clear.
+			<dd>If PPS signal processing is enabled, capture the pulse on the rising edge if 0 (default); capture on the falling edge if 1.
 			<dt><tt>flag3 0 | 1</tt>
-			<dd>Controls the kernel PPS discipline: 0 for disable (default), 1 for enable.
+			<dd>If PPS signal processing is enabled, use the <tt>ntpd</tt> clock discipline if 0 (default); use the kernel discipline if 1.
 			<dt><tt>flag4 0 | 1</tt>
-			<dd>Not used by this driver.
+			<dd>Obscures location in timecode: 0 for disable (default), 1 for enable.
 		</dl>
 		<p>Additional Information</p>
 		<p><a href="../refclock.html">Reference Clock Drivers</a></p>
@@ -88,4 +102,4 @@ $GPGGA,POS_UTC,LAT,LAT_REF,LONG,LONG_REF,FIX_MODE,SAT_USED,HDOP,ALT,ALT_UNIT,GEO
 		<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
 	</body>
 
-</html>
\ No newline at end of file
+</html>
diff --git a/html/drivers/driver22.html b/html/drivers/driver22.html
index e1ed132..140568f 100644
--- a/html/drivers/driver22.html
+++ b/html/drivers/driver22.html
@@ -2,33 +2,79 @@
 
 <html>
 
-	<head>
-		<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
-		<meta name="generator" content="HTML Tidy, see www.w3.org">
-		<title>PPS Clock Discipline</title>
-		<link href="scripts/style.css" type="text/css" rel="stylesheet">
-	</head>
-
-	<body>
-		<h3>PPS Clock Discipline</h3>
-		<hr>
-		<h4>Synopsis</h4>
-		<p>Address: 127.127.22.<i>u</i><br>
-			Reference ID: <tt>PPS</tt><br>
-			Driver ID: <tt>PPS</tt><br>
-			Serial or Parallel Port: <tt>/dev/pps<i>u</i></tt><br>
-			Requires: PPSAPI interface</p>
-		<p>Note: This driver supersedes an older one of the same name. The older driver operated with several somewhat archaic signal interface devices, required intricate configuration and was poorly documented. This driver operates only with the PPSAPI interface proposed as an IETF standard. Note also that the <tt>pps</tt> configuration command has been obsoleted by this driver.</p>
-		<h4>Description</h4>
-		<p>This driver furnishes an interface for the pulse-per-second (PPS) signal produced by a cesium clock, radio clock or related devices. It can be used to augment the serial timecode generated by a GPS receiver, for example. It can be used to remove accumulated jitter and re-time a secondary server when synchronized to a primary server over a congested, wide-area network and before redistributing the time to local clients. The driver includes extensive signal sanity checks and grooming algorithms. A range gate and frequency discriminator reject noise and signals with incorrect frequency. A multiple-stage median filter rejects jitter due to hardware interrupt and operating system latencies. A trimmed-mean algorithm determines the best time samples. With typical workstations and processing loads, the incidental jitter can be reduced to a few microseconds.</p>
-		<p>While this driver can discipline the time and frequency relative to the PPS source, it cannot number the seconds. For this purpose an auxiliary source is required, ordinarily a radio clock operated as a primary reference (stratum 1) source; however, another NTP time server can be used as well. For this purpose, the auxiliary source should be specified as the prefer peer, as described in the <a href="../prefer.html">Mitigation Rules and the <tt>prefer</tt> Keyword</a> page.</p>
+<head>
+<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
+<meta name="generator" content="HTML Tidy, see www.w3.org">
+<title>PPS Clock Discipline</title>
+<link href="scripts/style.css" type="text/css" rel="stylesheet">
+</head>
+
+<body>
+
+<h3>PPS Clock Discipline</h3>
+<hr>
+
+<p>Last change:
+
+<!-- #BeginDate format:En2m -->22-Apr-2009  15:02<!-- #EndDate --> 
+UTC</p>
+
+<h4>Synopsis</h4>
+
+<p>Address: 127.127.22.<i>u</i><br>
+Reference ID: <tt>PPS</tt><br>
+Driver ID: <tt>PPS</tt><br>
+Serial or Parallel Port: <tt>/dev/pps<i>u</i></tt><br>
+Requires: PPSAPI signal interface for PPS signal processing.</p>
+
+<p>Note: This driver supersedes an older one of the same name. The older driver operated with several somewhat archaic signal interface devices, required intricate configuration and was poorly documented. This driver requires the Pulse per Second API (PPSAPI)<sup>1</sup>.	Note also that the <tt>pps</tt> configuration command has been obsoleted by this driver.</p>
+
+<h4>Description</h4>
+
+<p>This driver furnishes an interface for the pulse-per-second (PPS) signal produced by a cesium clock, radio clock or related devices. It can be used to augment the serial timecode generated by a GPS receiver, for example. It can be used to remove accumulated jitter and re-time a secondary server when synchronized to a primary server over a congested, wide-area network and before redistributing the time to local clients. The driver includes extensive signal sanity checks and grooming algorithms. A range gate and frequency discriminator reject noise and signals with incorrect frequency. A multiple-stage median filter rejects jitter due to hardware interrupt and operating system latencies. A trimmed-mean algorithm determines the best time samples. With typical workstations and processing loads, the incidental jitter can be reduced to a few microseconds.</p>
+
+<p>While this driver can discipline the time and frequency relative to the PPS source, it cannot number the seconds. For this purpose an auxiliary source is required, ordinarily a radio clock operated as a primary reference (stratum 1) source; however, another NTP time server can be used as well. For this purpose, the auxiliary source should be specified as the prefer peer, as described in the <a href="../prefer.html">Mitigation Rules and the <tt>prefer</tt> Keyword</a> page.</p>
 		<p>The driver requires the PPSAPI interface<sup>1</sup>, which is a proposed IETF standard. The interface consists of the <tt>timepps.h</tt> header file and associated kernel support. Support for this interface is included in current versions of Solaris, FreeBSD and Linux and proprietary versions of Tru64 (Alpha) and SunOS. See the <a href="../pps.html">Pulse-per-second (PPS) Signal Interfacing</a> page for further information.</p>
 		<p>The PPS source can be connected via a serial or parallel port, depending on the hardware and operating system. A serial port can be dedicated to the PPS source or shared with another device; however, if dedicated the data leads should not be connected, as noise or unexpected signals can cause <tt>ntpd</tt> to exit.</p>
-		<p>A radio clock is usually connected via a serial port and the PPS source connected via a level converter to the data carrier detect (DCD) pin (DB-9 pin 1, DB-25 pin 8) of the same connector. In some systems where a parallel port and driver are available, the PPS signal can be connected directly to the ACK pin (pin 10) of the connector. Whether the PPS signal is connected via a dedicated port or shared with another device, the driver opens the device <tt>/dev/pps%d</tt>, where <tt>%d</tt> is the unit number. As with other drivers, links can be used to redirect the logical name to the actual physical device.</p>
-		<p>The driver normally operates like any other driver and uses the same mitigation algorithms and PLL/FLL clock discipline incorporated in the daemon. If kernel PLL/FLL support is available, the kernel PLL/FLL clock discipline can be used instead. The default behavior is not to use the kernel PPS clock discipline, even if present. This driver incorporates a good deal of signal processing to reduce jitter using the median filter and trimmed average algorithms in the driver interface. As the result, performance with minpoll and maxpoll configured at the minimum 4 (16s) is generally better than the kernel PPS discipline. However, fudge flag 3 can be used to enable the kernel PPS discipline if necessary.</p>
-		<p>Note that the PPS source is considered valid only if the auxiliary source is the prefer peer, is reachable and is selectable to discipline the system clock. By default the stratum assigned to the PPS source is automatically determined. If the auxiliary source is unreachable or inoperative, the stratum is set to 16. Otherwise it is set to the stratum specified by the <tt>fudge stratum</tt> command, if present, or the auxiliary source stratum if not present. Please note the temptation to masquerade as a primary server by forcing the stratum to zero is decidedly dangerous, as it invites timing loops.</p>
-		<p>The <tt>mode</tt> keyword of the <tt>server</tt> command can be used to set the PPSAPI mode bits which determine the capture edge and echo options. See the <tt>/usr/include/sys/timepps.h</tt> header file for the bit definitions, which must be converted to their decimal equivalents. This overrides the fudge <tt>flag2</tt> option.</p>
-		<h4>Fudge Factors</h4>
+		<p>A radio clock is usually connected via a serial port and the PPS source
+			connected via a level converter to the data carrier detect (DCD)
+			pin (DB-9 pin 1, DB-25 pin 8) of the same connector. In some systems
+			where a parallel port and driver are available, the PPS signal can
+			be connected directly to the ACK pin (DB25 pin 10) of the connector.
+			Whether the PPS signal is connected via a dedicated port or shared with another
+			device, the driver opens the device <tt>/dev/pps%d</tt>,
+			where <tt>%d</tt> is the unit number. As with other drivers, links can be
+			used to redirect the logical name to the actual physical device.</p>
+		<p>The driver normally operates like any other driver and uses the same mitigation
+			algorithms and PLL/FLL clock discipline incorporated in the daemon.
+			If kernel PLL/FLL support is available, the kernel PLL/FLL clock
+			discipline can be used instead. The default behavior is not to use
+			the kernel PPS clock discipline, even if present. This driver incorporates
+			a good deal of signal processing to reduce jitter using the median
+			filter algorithm in the driver. As the result, performance
+			with <tt>minpoll</tt>  configured at  4 (16s) is generally
+			better than the kernel PPS discipline. However, fudge flag 3 can
+			be used to enable the kernel PPS discipline if necessary.</p>
+	<p>This driver 
+		is enabled only under one of two conditions (a) a prefer peer other than
+		this  driver is among the survivors of the mitigation algorithms or (b)
+		there are no survivors and the <tt>minsane</tt> option
+		of the <tt>tos</tt> command is 0. The prefer peer designates another source
+		that can reliably number the seconds when available . However, if no
+		sources are available, the system clock continues to be disciplined by
+		the PPS driver on an indefinite basis.</p>
+		<p>A scenario where the latter behavior can be most useful is a planetary orbiter
+			fleet, for instance in the vicinity of Mars, where contact between orbiters
+			and Earth only one or two times per Sol (Mars day). These orbiters have a
+			precise timing reference based on an Ultra Stable Oscillator (USO) with accuracy
+			in the order of a Cesium oscillator. A PPS signal is derived from the USO
+			and can be disciplined from Earth on rare occasion or from another orbiter
+			via NTP. In the above scenario the PPS signal disciplines the spacecraft clock
+			between NTP updates.</p>
+		<p>In a similar scenario a PPS signal can be used to discipline the clock between
+			updates produced by the modem driver. This would provide precise synchronization
+			without needing the Internet at all.</p>
+	<h4>Fudge Factors</h4>
 		<dl>
 			<dt><tt>time1 <i>time</i></tt>
 			<dd>Specifies the time offset calibration factor, in seconds and fraction, with default 0.0.
@@ -41,11 +87,14 @@
 			<dt><tt>flag1 0 | 1</tt>
 			<dd>Not used by this driver.
 			<dt><tt>flag2 0 | 1</tt>
-			<dd>Specifies the PPS signal on-time edge: 0 for assert (default), 1 for clear.
+			<dd>Specifies PPS  capture on the rising (assert) pulse edge if 0; falling
+				(clear) edge if 1. (default),
+				1 for clear.
 			<dt><tt>flag3 0 | 1</tt>
 			<dd>Controls the kernel PPS discipline: 0 for disable (default), 1 for enable.
 			<dt><tt>flag4 0 | 1</tt>
-			<dd>Not used by this driver.
+			<dd>Record a timestamp once for each second if 1. Useful for constructing
+				Allan deviation plots..
 		</dl>
 		<h4>Additional Information</h4>
 		<p><a href="../refclock.html">Reference Clock Drivers</a></p>
diff --git a/html/drivers/driver27.html b/html/drivers/driver27.html
index 8c2633c..a425a9f 100644
--- a/html/drivers/driver27.html
+++ b/html/drivers/driver27.html
@@ -46,7 +46,6 @@
 		<dl>
 			<dt><tt>g</tt> CR
 			<dd>Request for signal quality. Answer only valid during (late part of) resync to MSF signal. The response consists of two characters as follows:
-				<ol>
 					<dl compact>
 						<dt>bit 7
 						<dd>parity
@@ -79,7 +78,6 @@
 						<dt>bit 2--0
 						<dd>reception signal quality in the range 0--5 (very poor to very good); if in the range 0--2 no successful reception is to be expected. The reported value drops to zero when not resyncing, ie when first returned byte is not `3'.
 					</dl>
-				</ol>
 			<dt><tt>h</tt> CR
 			<dd>Request to resync to signal. Can take up from about 30s to 360s. Drains batteries so should not be used excessively. After this the clock time and date should be correct and the phase within 20ms of time as transmitted from the source signal (remember to allow for propagation time). By default the clock resyncs once per day in the late evening/early morning (presumably to catch transitions to/from daylight saving time quickly). This driver code, by default, resyncs at least once per hour to minimise clock wander.
 			<dt><tt>o</tt> CR
diff --git a/html/drivers/driver28.html b/html/drivers/driver28.html
index 244de1a..3458768 100644
--- a/html/drivers/driver28.html
+++ b/html/drivers/driver28.html
@@ -16,8 +16,10 @@
         <p>Address: 127.127.28.<i>u</i><br>
             Reference ID: <tt>SHM</tt><br>
             Driver ID: <tt>SHM</tt></p>
+
         <h4>Description</h4>
         <p>This driver receives its reference clock info from a shared memory-segment. The shared memory-segment is created with owner-only access for unit 0 and 1, and world access for unit 2 and 3</p>
+
         <h4>Structure of shared memory-segment</h4>
         <pre>struct shmTime {
 &nbsp; int&nbsp;&nbsp;&nbsp; mode; /* 0 - if valid set
@@ -40,15 +42,59 @@
 &nbsp; int&nbsp;&nbsp;&nbsp; valid;
 &nbsp; int&nbsp;&nbsp;&nbsp; dummy[10];&nbsp;
 };</pre>
+
         <h4>Operation mode=0</h4>
-        <p>When the poll-method of the driver is called, the valid-flag of the shared memory-segment is checked:</p>
-        <p>If set, the values in the record (clockTimeStampSec, clockTimeStampUSec, receiveTimeStampSec, receiveTimeStampUSec, leap, precision) are passed to ntp, and the valid-flag is cleared.</p>
-        <p>If not set, a timeout is reported to ntp, nothing else happend</p>
+        <p>Each second, the valid-flag of the shared memory-segment is checked:</p>
+        <p>If set, the values in the record (clockTimeStampSec, clockTimeStampUSec, receiveTimeStampSec, receiveTimeStampUSec, leap, precision) are passed to ntp, and the valid-flag is cleared and a counter is bumped.</p>
+        <p>If not set, a counter is bumped</p>
         <h4>Operation mode=1</h4>
-        <p>When the poll-method of the driver is called, the valid-flag of the shared memory-segment is checked:</p>
-        <p>If set, the count-field of the record is remembered, and the values in the record (clockTimeStampSec, clockTimeStampUSec, receiveTimeStampSec, receiveTimeStampUSec, leap, precision) are read. Then, the remembered count is compared to the count now in the record. If both are equal, the values read from the record are passed to ntp. If they differ, another process has modified the record while it was read out (was not able to produce this case), and failure is reported to ntp. The valid flag is cleared.</p>
-        <p>If not set, a timeout is reported to ntp, nothing else happend</p>
-        <h4>Fudge Factors</h4>
+        <p>Each second, the valid-flag of the shared memory-segment is checked:</p>
+        <p>If set, the count-field of the record is remembered, and the values in the record (clockTimeStampSec, clockTimeStampUSec, receiveTimeStampSec, receiveTimeStampUSec, leap, precision) are read. Then, the remembered count is compared to the count now in the record. If both are equal, the values read from the record are passed to ntp. If they differ, another process has modified the record while it was read out (was not able to produce this case), and failure is reported to ntp. The valid flag is cleared and a counter is bumped.</p>
+        <p>If not set, a counter is bumped</p>
+
+
+<h4>gpsd</h4>
+
+<a href="http://gpsd.berlios.de/"><i>gpsd</i></a>
+knows how to talk to many GPS devices.
+It works with <i>ntpd</i> through the SHM driver.
+<P>
+The <i>gpsd</i> man page suggests setting minpoll and maxpoll to 4.
+That was an attempt to reduce jitter.
+The SHM driver was fixed (ntp-4.2.5p138) to collect data each second rather than
+once per polling interval so that suggestion is no longer reasonable.
+<P>
+
+
+<h4>Clockstats</h4>
+If flag4 is set when the driver is polled, a clockstats record is written.
+The first 3 fields are the normal date, time, and IP address common to all clockstats records.
+<P>
+The 4th field is the number of second ticks since the last poll.
+The 5th field is the number of good data samples found.  The last 64 will be used by ntpd.
+The 6th field is the number of sample that didn't have valid data ready.
+The 7th field is the number of bad samples.
+The 8th field is the number of times the the mode 1 info was update while nptd was trying to grab a sample.
+<P>
+
+Here is a sample showing the GPS reception fading out:
+<pre>
+54364 84927.157 127.127.28.0  66  65   1   0   0
+54364 84990.161 127.127.28.0  63  63   0   0   0
+54364 85053.160 127.127.28.0  63  63   0   0   0
+54364 85116.159 127.127.28.0  63  62   1   0   0
+54364 85180.158 127.127.28.0  64  63   1   0   0
+54364 85246.161 127.127.28.0  66  66   0   0   0
+54364 85312.157 127.127.28.0  66  50  16   0   0
+54364 85375.160 127.127.28.0  63  41  22   0   0
+54364 85439.155 127.127.28.0  64  64   0   0   0
+54364 85505.158 127.127.28.0  66  36  30   0   0
+54364 85569.157 127.127.28.0  64   0  64   0   0
+54364 85635.157 127.127.28.0  66   0  66   0   0
+54364 85700.160 127.127.28.0  65   0  65   0   0
+</pre>
+
+	<h4>Fudge Factors</h4>
         <dl>
             <dt><tt>time1 <i>time</i></tt>
             <dd>Specifies the time offset calibration factor, in seconds and fraction, with default 0.0.
@@ -65,7 +111,7 @@
             <dt><tt>flag3 0 | 1</tt>
             <dd>Not used by this driver.
             <dt><tt>flag4 0 | 1</tt>
-            <dd>Not used by this driver.
+            <dd>If flag4 is set, clockstats records will be written when the driver is polled.
             <h4>Additional Information</h4>
             <p><a href="../refclock.html">Reference Clock Drivers</a></p>
         </dl>
@@ -73,4 +119,5 @@
         <script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
     </body>
 
-</html>
\ No newline at end of file
+</html>
+
diff --git a/html/drivers/driver29.html b/html/drivers/driver29.html
index 479978f..dde58ff 100644
--- a/html/drivers/driver29.html
+++ b/html/drivers/driver29.html
@@ -4,15 +4,24 @@
 
 	<head>
 		<meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1">
-		<title>Trimble Palisade Receiver</title>
+		<title>Trimble Palisade and Thunderbolt Receivers</title>
 		<link href="scripts/style.css" type="text/css" rel="stylesheet">
 	</head>
 
 	<body bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#800080" alink="#FF0000">
-		<h1><font size="+2">Trimble Palisade Receiver</font>
+		<h1><font size="+2">Trimble Palisade and Thunderbolt Receivers</font>
 			<hr>
 		</h1>
+		<table>
+		<tr>
+		<td>
 		<h2><img src="../pic/driver29.gif" alt="gif" nosave height="100" width="420"></h2>
+		</td>
+		<td>
+		<h2><img src="../pic/thunderbolt.jpg" alt="jpg" nosave height="270" width="420"></h2>
+		</td>
+		</tr>
+		</table>
 		<h2><font size="+1">Synopsis</font></h2>
 		<table>
 			<tr>
@@ -50,12 +59,20 @@
 				</td>
 				<td><b>9600 baud, 8-bits, 1-stop, odd parity</b></td>
 			</tr>
+			<tr>
+			        <td>
+					<div align="right">
+						<tt><font size="+1">Serial I/O (Thunderbolt):</font></tt></div>
+				</td>
+				<td><b>9600 baud, 8-bits, 1-stop, no parity</b></td>
+			</tr>
 		</table>
 		<h2><font size="+1">Description</font></h2>
 		The <b>refclock_palisade</b> driver supports <a href="http://www.trimble.com/products/ntp">Trimble Navigation's Palisade Smart Antenna GPS receiver</a>.<br>
 		Additional software and information about the Palisade GPS is available from: <a href="http://www.trimble.com/oem/ntp">http://www.trimble.com/oem/ntp</a>.<br>
 		Latest NTP driver source, executables and documentation is maintained at: <a href="ftp://ftp.trimble.com/pub/ntp">ftp://ftp.trimble.com/pub/ntp</a>
 		<p>This documentation describes version 7.12 of the GPS Firmware and version 2.46 (July 15, 1999) and later, of the driver source.<br>&nbsp;</p>
+		<p>This documentation describes version 1 of the Thunderbolt Receiver Firmware, no tests have been made on further firmwares, please read "Notes on the Thunderbolt Receiver's Firmware" at the end of this documentation for more information.</p>
 		<h2><font size="+1">Operating System Compatibility</font></h2>
 		The Palisade driver has been tested on the following software and hardware platforms:<br>&nbsp;
 		<center>
@@ -97,7 +114,8 @@
 					<td>20 us</td>
 				</tr>
 			</table>
-		</center>
+		</center><P>
+		<b>Attention</b>: Thunderbolt Receiver has not being tested on the previous software and hardware plataforms.
 		<h2><font size="+1">GPS Receiver</font></h2>
 		The Palisade GPS receiver is an 8-channel smart antenna, housing the GPS receiver, antenna and interface in a single unit, and is designed for rooftop deployment in static timing applications.
 		<p>Palisade generates a PPS synchronized to UTC within +/- 100 ns.&nbsp; The Palisade's external event input with 40 nanosecond resolution is utilized by the Palisade NTP driver for asynchronous precision time transfer.</p>
@@ -199,6 +217,19 @@
 			<tt># and set flag2 to turn off event polling.</tt><br>
 			<tt><a href="#flag2">fudge 127.127.29.0 flag2 1</a></tt><br>
 			<tt>#------------------------------------------------------------------------------</tt><br>&nbsp;</p>
+		
+		<h4>Thunderbolt NTP Configuration file</h4>
+		<tt>#------------------------------------------------------------------------------</tt>
+		<p>Configuration without event polling:<br>
+		<tt>#------------------------------------------------------------------------------</tt><br>
+		<tt># The Primary reference</tt><br>
+		<tt>server 127.127.29.0 mode 2 # Trimble Thunderbolt GPS (Stratum 1).</tt><br>
+		<tt># Set packet delay</tt><br>
+		<tt><a href="#time1">fudge 127.127.29.0 time1 0.020</a></tt><br>
+		<tt># and set flag2 to turn off event polling.</tt><br>
+		<tt><a href="#flag2">fudge 127.127.29.0 flag2 1</a></tt><br>
+		<tt>#------------------------------------------------------------------------------</tt><br>&nbsp;</p>
+		Currently the Thunderbolt mode doesn't support event polling, the reasons are explained on the "Notes on the Thunderbolt Receiver's Firmware" section at the end of this documentation.
 		<h2><a name="TimeTransfer"></a><font size="+1">Time Transfer and Polling</font></h2>
 		Time transfer to the NTP host is performed via the Palisade's comprehensive time packet output. The time packets are output once per second, and whenever an event timestamp is requested.
 		<p>The driver requests an event time stamp at the end of each polling interval, by pulsing the RTS (request to send) line on the serial port. The Palisade GPS responds with a time stamped event packet.</p>
@@ -235,7 +266,7 @@
 		<h2><font size="+1">Mode Parameter</font></h2>
 		<dl>
 			<dt><tt><font size="+1">mode <i>number</i></font></tt>
-			<dd>The mode parameter to the server command specifies the specific hardware this driver is for. The default is 0 for a normal Trimble Palisade. The only other option at this time is 1 for a Endrun Praecis in Trimble emulation mode.
+			<dd>The mode parameter to the server command specifies the specific hardware this driver is for. The default is 0 for a normal Trimble Palisade. The other options are <b>1</b> for an <b>Endrun Praecis</b> in Trimble emulation mode, and <b>2</b> for the <b>Trimble Thunderbolt</b> GPS Disciplined Clock Receiver.
 		</dl>
 		<h2><font size="+1">DEFINEs</font></h2>
 		The following constants are defined in the driver source code. These defines may be modified to improve performance or adapt to new operating systems.<br>&nbsp;
@@ -369,6 +400,7 @@
 				</tr>
 			</table>
 		</center>
+		
 		<blockquote>
 			<h4>Leap Second Flag Definition:</h4>Bit 0:&nbsp; (1) UTC Time is available<br>
 			Bits 1 - 3: Undefined<br>Bit 4:&nbsp; (1) Leap Scheduled: Leap second pending asserted by GPS control segment.<br>Bit 5:&nbsp; (1) Leap Pending: set 24 hours before, until beginning of leap second.<br>Bit 6:&nbsp; (1) GPS Leap Warning: 6 hours before until 6 hours after leap event<br>Bit 7:&nbsp; (1) Leap In Progress. Only set during the leap second.
@@ -576,6 +608,281 @@
 				</tr>
 			</table>
 		</center>
+		<h3>Thunderbolt Timing packets Data Format</h3>
+		Thunderbolt can output 2 synchronous packets.
+		<h4><b>Primary Timing Packet - 0x8FAB</h4>
+		<center>
+			<table>
+				<tr>
+					<td><b>Byte</b></td>
+					<td><b>Bit</b></td>
+					<td><b>Item</b></td>
+					<td><b>Type</b></td>
+					<td><b>Value</b></td>
+					<td><b>Description</b></td>
+				</tr>
+				<tr>
+					<td>0</td>
+					<td></td>
+					<td>Subcode</td>
+					<td>UINT8</td>
+					<td></td>
+					<td>0xAB</td>
+				</tr>
+				<tr>
+					<td>1-4</td>
+					<td></td>
+					<td>Time of Week</td>
+					<td>UINT32</td>
+					<td></td>
+					<td>GPS seconds of week</td>
+				</tr>
+				<tr>
+					<td>5-6</td>
+					<td></td>
+					<td>Week Number</td>
+					<td>UINT16</td>
+					<td></td>
+					<td>GPS Week Number</td>
+				</tr>
+				<tr>
+					<td>7-8</td>
+					<td></td>
+					<td>UTC Offset</td>
+					<td>SINT16</td>
+					<td></td>
+					<td>UTC Offset (seconds)</td>
+				</tr>
+				<tr>
+					<td valign="top">9</td>
+					<td><table><tr><td>0</td></tr><tr><td>1</td></tr><tr><td>2</td></tr><tr><td>3</tr><tr><td>4</tr></table></td>
+					<td valign="top">Timing Flag</td>
+					<td valign="top">Bit field</td>
+					<td valign="top"><table><tr><td>0 or 1</td></tr><tr><td>0 or 1</td></tr><tr><td>0 or 1</td></tr><tr><td>0 or 1</tr><tr><td>0 or 1</tr></table></td></td>
+					<td valign="top"><table><tr><td>GPS Time or UTC Time</td></tr><tr><td>GPS PPS or UTC PPS</td></tr><tr><td>time is set or time is not set</td></tr><tr><td>have UTC info or no UTC info</td></tr><tr><td>Time from GPS or time from user</td></tr></table></td>
+				</tr>
+				<tr>
+					<td>10</td>
+					<td></td>
+					<td>Seconds</td>
+					<td>UINT8</td>
+					<td>0-59</td>
+					<td>(60 for UTC leap second event)</td>
+				</tr>
+				<tr>
+					<td>11</td>
+					<td></td>
+					<td>Minutes</td>
+					<td>UINT8</td>
+					<td>0-59</td>
+					<td>Minutes of Hour</td>
+				</tr>
+				<tr>
+					<td>12</td>
+					<td></td>
+					<td>Hours</td>
+					<td>UINT8</td>
+					<td>0-23</td>
+					<td>Hour of Day</td>
+				</tr>
+				<tr>
+					<td>13</td>
+					<td></td>
+					<td>Day of Month</td>
+					<td>UINT8</td>
+					<td>1-31</td>
+					<td>Day of Month</td>
+				</tr>
+				<tr>
+					<td>14</td>
+					<td></td>
+					<td>Month</td>
+					<td>UINT8</td>
+					<td>1-12</td>
+					<td>Month of Year</td>
+				</tr>
+				<tr>
+					<td>15-16</td>
+					<td></td>
+					<td>Year</td>
+					<td>UINT16</td>
+					<td></td>
+					<td>Four digits of Year (e.g. 1998)</td>
+				</tr>
+			</table>
+		</center>
+		<h4><b>Supplemental Timing Packet - 0x8FAC</h4>
+		<center>
+			<table>
+				<tr>
+					<td><b>Byte</b></td>
+					<td><b>Bit</b></td>
+					<td><b>Item</b></td>
+					<td><b>Type</b></td>
+					<td><b>Value</b></td>
+					<td><b>Description</b></td>
+				</tr>
+				<tr>
+					<td>0</td>
+					<td></td>
+					<td>Subcode</td>
+					<td>UINT8</td>
+					<td></td>
+					<td>0xAC</td>
+				</tr>
+				<tr>
+					<td valign="top">1</td>
+					<td></td>
+					<td valign="top">Receiver Mode</td>
+					<td valign="top">UINT8</td>
+					<td valign="top"><table><tr><td>0</td></tr><tr><td>1</td></tr><tr><td>2</td></tr><tr><td>3</td></tr><tr><td>4</td></tr><tr><td>5</td></tr><tr><td>6</td></tr></table></td>
+					<td valign="top"><table><tr><td>Automatic (2D/3D)</td></tr><tr><td>Single Satellite (Time)</td></tr><tr><td>Horizontal (2D)</td></tr><tr><td>Full Position (3D)</td></tr><tr><td>DGPS Reference</td></tr><tr><td>Clock Hold (2D)</td></tr><tr><td>Overdetermined Clock</td></tr></table></td>
+				</tr>
+				<tr>
+					<td valign="top">2</td>
+					<td></td>
+					<td valign="top">Disciplining Mode</td>
+					<td valign="top">UINT8</td>
+					<td valign="top"><table><tr><td>0</td></tr><tr><td>1</td></tr><tr><td>2</td></tr><tr><td>3</td></tr><tr><td>4</td></tr><tr><td>5</td></tr><tr><td>6</td></tr></table></td>
+					<td valign="top"><table><tr>Normal<td></td></tr><tr><td>Power-Up</td></tr><tr><td>Auto Holdover</td></tr><tr><td>Manual Holdover</td></tr><tr><td>Recovery</td></tr><tr><td>Not Used</td></tr><tr><td>Disciplining disabled</td></tr></table></td>
+				</tr>
+				<tr>
+				        <td>3</td>
+					<td></td>
+					<td>Self-Survey Progress</td>
+					<td>UINT 8</td>
+					<td>0-100%</td>
+					<td></td>
+				<tr>
+					<td>4-7</td>
+					<td></td>
+					<td>Holdover Duration</td>
+					<td>UINT 32</td>
+					<td></td>
+					<td>seconds</td>
+				</tr>
+				<tr>
+					<td valign="top">8-9</td>
+					<td><table><tr><td>0</td></tr><tr><td>1</td></tr><tr><td>2</td></tr><tr><td>3</tr><tr><td>4</tr></table></td>
+					<td valign="top">Critical Alarms</td>
+					<td valign="top">UINT16</td>
+					<td valign="top">Bit field</td>
+					<td valign="top"><table><tr><td>ROM checksum error</td></tr><tr><td>RAM check has failed</td></tr><tr><td>Power supply failure</td></tr><tr><td>FPGA check has failed</td></tr><tr><td>Oscillator control voltage at rail</td></tr></table></td>
+				</tr>
+				<tr>
+					<td valign="top">10-11</td>
+					<td valign="top"><table><tr><td>0</td></tr><tr><td>1</td></tr><tr><td>2</td></tr><tr><td>3</tr><tr><td>4</tr><tr><td>5</td></tr><tr><td>6</td></tr></table></td>
+					<td valign="top">Minor Alarms</td>
+					<td valign="top">UINT16</td>
+					<td valign="top">Bit field</td>
+					<td valign="top"><table><tr><td>Normal</td></tr><tr><td>Power-Up</td></tr><tr><td>Auto Holdover</td></tr><tr><td>Manual Holdover</tr><tr><td>Recovery</tr><tr><td>Not Used</td></tr><tr><td>Disciplining disabled</td></tr></table></td>
+				</tr>
+				<tr>
+					<td valign="top">12</td>
+					<td></td>
+					<td valign="top">GPS Decoding Status</td>
+					<td valign="top">UINT8</td>
+					<td valign="top"><table><tr><td>0</td></tr><tr><td>1</td></tr><tr><td>3</td></tr><tr><td>8</tr><tr><td>9</tr><tr><td>0x0A</td></tr><tr><td>0x0B</td></tr><tr><td>0x0C</td></tr><tr><td>0x10</tr></table></td>
+					<td valign="top"><table><tr><td>Doing fixes</td></tr><tr><td>Don t have GPS time</td></tr><tr><td>PDOP is too high</td></tr><tr><td>No usable sats</tr><tr><td>Only 1 usable sat</tr><tr><td>Only 2 usable sats</td></tr><tr><td>Only 3 usable sats</td></tr><tr><td>The chosen sat is unusable</td></tr><tr><td>TRAIM rejected the fix</tr></table></td>
+				</tr>
+				<tr>
+					<td valign="top">13</td>
+					<td></td>
+					<td valign="top">Disciplining Activity</td>
+					<td valign="top">UINT8</td>
+					<td><table><tr><td>0</td></tr><tr><td>1</td></tr><tr><td>2</td></tr><tr><td>3</tr><tr><td>4</tr><tr><td>5</td></tr><tr><td>6</td></tr><tr><td>7</td></tr><tr><td>8</tr></table></td>
+					<td><table><tr><td>Phase locking</td></tr><tr><td>Oscillator warming up</td></tr><tr><td>Frequency locking</td></tr><tr><td>Placing PPS</tr><tr><td>Initializing loop filter</tr><tr><td>Compensating OCXO</td></tr><tr><td>Inactive</td></tr><tr><td>Not used</td></tr><tr><td>Recovery mode</tr></table></td>
+				</tr>
+				<tr>
+					<td>14</td>
+					<td></td>
+					<td>Spare Status 1</td>
+					<td>UINT8</td>
+					<td>0</td>
+					<td></td>
+				</tr>
+				<tr>
+					<td>15</td>
+					<td></td>
+					<td>Spare Status 2</td>
+					<td>UINT8</td>
+					<td>0</td>
+					<td></td>
+				</tr>
+				<tr>
+					<td>16-19</td>
+					<td></td>
+					<td>PPS Offset</td>
+					<td>Single</td>
+					<td></td>
+					<td>Estimate of UTC/GPS offset (ns)</td>
+				</tr>
+				<tr>
+				        <td>20-23</td>
+					<td></td>
+					<td>10 MHz Offset</td>
+					<td>Single</td>
+					<td></td>
+					<td>Estimate of UTC/GPS offset (ns)</td>
+				</tr>
+				<tr>
+				        <td>24-27</td>
+					<td></td>
+					<td>DAC Value</td>
+					<td>UINT32</td>
+					<td></td>
+					<td>Offset binary (0x00 - 0xFFFFF)</td>
+				</tr>
+				<tr>
+				        <td>28-31</td>
+					<td></td>
+					<td>DAC Voltage</td>
+					<td>Single</td>
+					<td></td>
+					<td>Volts</td>
+				</tr>
+				<tr>
+				        <td>32-35</td>
+					<td></td>
+					<td>Temperature</td>
+					<td>Single</td>
+					<td></td>
+					<td>degrees C</td>
+				</tr>
+				<tr>
+				        <td>36-43</td>
+					<td></td>
+					<td>Latitude</td>
+					<td>Double</td>
+					<td></td>
+					<td>radians</td>
+				</tr>
+				<tr>
+				        <td>44-51</td>
+					<td></td>
+					<td>Longitude</td>
+					<td>Double</td>
+					<td></td>
+					<td>radians</td>
+				</tr>
+				<tr>
+				        <td>52-59</td>
+					<td></td>
+					<td>Altitude</td>
+					<td>Double</td>
+					<td></td>
+					<td>Meters</td>
+				</tr>
+				<tr>
+				        <td>60-67</td>
+					<td></td>
+					<td>Spare</td>
+					<td></td>
+					<td></td>
+					<td>For Future Expantion</td>
+				</tr>
+			</table>
+		</center>
 		<h2><a name="Pinouts"></a><font size="+1">Pinouts</font></h2>
 		<a href="#Connection">The following connections are required when connecting Palisade with a host:</a><br>&nbsp;<br>&nbsp;
 		<center>
@@ -762,12 +1069,19 @@
 				</tr>
 			</table>
 		</center>
+
+		<b><h3>Notes on the Thunderbolt Receiver's Firmware</h3></b>
+
+		The support for Thunderbolt Receiver in the palisade driver doesn't support (for now) event-polling, the reason is that the Thunderbolt receiver the patch is written for doesn't support time-on-request, so you just have to sit there and wait for the time to arrive with the PPS. We tried to contact Trimble because there's presumably a firmware update that support it, but we didn't have much luck.
+Here is a link explaining the situation:<p>
+<a href="https://lists.ntp.isc.org/pipermail/hackers/2006-April/002216.html">https://lists.ntp.isc.org/pipermail/hackers/2006-April/002216.html
 		<p></p>
 		<hr>
 		<p>Questions or Comments:<br>
 			<a href="mailto:sven_dietrich@trimble.com">Sven Dietrich</a><br>
 			<a href="http://www.trimble.com/">Trimble Navigation Ltd.</a></p>
-		<p>(last updated July 29, 1999)</p>
+			<a href="mailto:fernandoph@iar.unlp.edu.ar">Fernando P. Hauscarriaga</a><br>
+		<p>(last updated January 15, 2007)</p>
 		<hr>
 		<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
 		;
diff --git a/html/drivers/driver34.html b/html/drivers/driver34.html
index a98fad8..a742d42 100644
--- a/html/drivers/driver34.html
+++ b/html/drivers/driver34.html
@@ -1,117 +1,79 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
 
 <html>
 
 	<head>
+		<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
 		<title>Ultralink Clock</title>
-		<meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1">
-		<link <link href="scripts/style.css" type="text/css" rel="stylesheet"> </HEAD> <BODY> <H3> Ultralink Clock</H3>
+		<link href="scripts/style.css" type="text/css" rel="stylesheet">
+	</head>
+
+	<body>
+		<h3>Ultralink Clock</h3>
 		<hr>
 		<h4>Synopsis</h4>
-			Address: 127.127.34.<i>u</i><br>
-			Reference ID: <tt>WWVB</tt><br>
-			Driver ID: <tt>ULINK</tt><br>
-			Serial Port: <tt>/dev/wwvb<i>u</i></tt>; 9600 bps, 8-bits, no parity<br>
-		<br>
-			Features: <tt>(none)</tt>
+		<p>Address: 127.127.34.<i>u</i><br>
+				Reference ID: <tt>WWVB</tt><br>
+				Driver ID: <tt>ULINK</tt><br>
+				Serial Port: <tt>/dev/wwvb<i>u</i></tt>; 9600 bps, 8-bits, no parity<br>
+				Features: <tt>(none)</tt></p>
 		<h4>Description</h4>
-		<p>This driver supports the Ultralink Model 325 (replacement for Model 320) RS-232 powered WWVB receiver. PDF specs available on <a href="http://www.ulio.com/">http://www.ulio.com/</a>. This driver also supports the Model 320, 330,331,332 decoders in both polled or continous time code mode.<br>
-				Leap second and quality are supported.</p>
-		<p>Most of this code is originally from refclock_wwvb.c with thanks. Any mistakes are mine. Any improvements are welcome.</p>
-		<hr>
-		<pre>  The Model 325 timecode format is:
- 
-   &lt;cr&gt;&lt;lf&gt;RQ_1C00LYYYY+DDDUTCS_HH:MM:SSL+5
- 
-  where:
- 
-  R = Signal readability indicator, ranging from R1 to R5  
-  Q	R1 is unreadable, R5 is best reception
-  _ = Space
-  1 = prev. received data bit, values: 0, 1 ,M or ? unknown
-  C = Signal reception from (C)olorado or (H)awaii
-  0 = Hours since last WWVB time and flag code update, values
-  0	00 to 99 (hopefully always 00)
-  L = HEX A5 if receiver is locked to WWVB, Space if not
-  YYYY = Year from 2000 to 2099
-  + = '+' if current year is a leap year, else ' '
-  DDD = current day in the year from 1 to 365/366
-  UTC = timezone (always UTC)
-  S = Daylight savings indicator, (S)TD, (D)ST, (O) transition
-      into DST, (I) transition out of DST
-  _ = Space
-  HH = UTC hour 0 to 23
-  : = Time delimiter, ':' if synced, Space if not
-  MM = Minutes of current hour from 0 to 59
-  : = Time delimiter, ':' if synced, Space if not
-  SS = Seconds of current minute from 0 to 59
-  mm = 10's milliseconds of the current second from 00 to 99
-  L  = Leap second pending at end of month, (I)nsert, (D)elete
-       or Space
-  +5 = UT1 correction, +/- .1 sec increments
- </pre>
+		<p>This driver supports the Ultralink Model 325 (replacement for Model 320) RS-232 powered WWVB receiver. PDF specs available on <a href="http://www.ulio.com/">http://www.ulio.com/</a>. This driver also supports the Model 320, 330,331,332 decoders in both polled or continous time code mode.Leap second and quality are supported. Most of this code is originally from refclock_wwvb.c with thanks. Any mistakes are mine. Any improvements are welcome.</p>
+		<h4>Model 325 timecode format</h4>
+		<p><tt>&lt;cr&gt;&lt;lf&gt;RQ_1C00LYYYY+DDDUTCS_HH:MM:SSL+5</tt></p>
+		<p>R = Signal readability indicator, ranging from R1 to R5 Q R1 is unreadable, R5 is best reception<br>
+				_ = Space<br>
+			1 = prev. received data bit, values: 0, 1 ,M or ? unknown
+		C = Signal reception from (C)olorado or (H)awaii 0 = Hours since last WWVB time and flag code update, values 0 00 to 99 (hopefully always 00)<br>
+				L = HEX A5 if receiver is locked to WWVB, Space if not<br>
+				YYYY = Year from 2000 to 2099<br>
+				+ = '+' if current year is a leap year, else ' '<br>
+				DDD = current day in the year from 1 to 365/366<br>
+				UTC = timezone (always UTC)<br>
+				S = Daylight savings indicator, (S)TD, (D)ST, (O) transition into DST, (I) transition out of DST<br>
+				_ = Space<br>
+				HH = UTC hour 0 to 23<br>
+				: = Time delimiter, ':' if synced, Space if not<br>
+		   MM = Minutes of current hour from 0 to 59<br>
+				: = Time delimiter, ':' if synced, Space if not<br>
+				SS = Seconds of current minute from 0 to 59<br>
+				mm = 10's milliseconds of the current second from 00 to 99<br>
+				L = Leap second pending at end of month, (I)nsert, (D)elete or Space<br>
+				+5 = UT1 correction, +/- .1 sec increments</p>
 		<p>Note that Model 325 reports a very similar output like Model 33X series. The driver for this clock is similar to Model 33X behavior. On a unmodified new ULM325 clock, the polling flag (flag1 =1) needs to be set.</p>
-		<hr>
-		<pre>  The Model 320 timecode format is:
- 
-   &lt;cr&gt;&lt;lf&gt;SQRYYYYDDD+HH:MM:SS.mmLT&lt;cr&gt;
- 
-  where:
- 
-  S = 'S' -- sync'd in last hour, '0'-'9' - hours x 10 since last update, else '?'
-  Q = Number of correlating time-frames, from 0 to 5
-  R = 'R' -- reception in progress, 'N' -- Noisy reception, ' ' -- standby mode
-  YYYY = year from 1990 to 2089
-  DDD = current day from 1 to 366
-  + = '+' if current year is a leap year, else ' '
-  HH = UTC hour 0 to 23
-  MM = Minutes of current hour from 0 to 59
-  SS = Seconds of current minute from 0 to 59
-  mm = 10's milliseconds of the current second from 00 to 99
-  L  = Leap second pending at end of month -- 'I' = inset, 'D'=delete
-  T  = DST &lt;-&gt; STD transition indicators
- </pre>
-		<p>Note that this driver does not do anything with the T flag.</p>
-		<p>The M320 also has a 'U' command which returns UT1 correction information. It is not used in this driver.</p>
-		<hr>
-		<pre>  The Model 33x timecode format is:
-
-    S9+D 00 YYYY+DDDUTCS HH:MM:SSl+5
-
-  Where:
-
-  S =    sync indicator S insync N not in sync
-         the sync flag is WWVB decoder sync
-         nothing to do with time being correct
-  9+ =   signal level 0 thru 9+ If over 9 indicated as 9+
-  D  =   data bit ( fun to watch but useless ;-)
-  space
-  00 =   hours since last GOOD WWVB frame sync
-  space
-  YYYY = current year
-  +  =   leap year indicator
-  DDD =  day of year
-  UTC =  timezone (always UTC)
-  S  =   daylight savings indicator
-  space
-  HH  =  hours
-  :  =   This is the REAL in sync indicator (: = insync)
-  MM  =  minutes
-  :  =   : = in sync ? = NOT in sync
-  SS  =  seconds
-  L  =   leap second flag
-  +5 =   UT1 correction (sign + digit ))
- </pre>
-		<p>This driver ignores UT1 correction,DST indicator,Leap year and signal level.</p>
-		<hr>
+		<h4>Model 320 timecode format</h4>
+		<p><tt>&lt;cr&gt;&lt;lf&gt;SQRYYYYDDD+HH:MM:SS.mmLT&lt;cr&gt;</tt></p>
+		<p>S = 'S' -- sync'd in last hour, '0'-'9' - hours x 10 since last update, else '?'<br>
+				Q = Number of correlating time-frames, from 0 to 5<br>
+				R = 'R' -- reception in progress,'N' -- Noisy reception, ' ' -- standby mode<br>
+				YYYY = year from 1990 to 2089<br>
+				DDD = current day from 1 to 366 + = '+' if current year is a leap year, else ' '<br>
+				HH = UTC hour 0 to 23<br>
+				MM = Minutes of current hour from 0 to 59<br>
+				SS = Seconds of current minute from 0 to 59<br>
+				mm = 10's milliseconds of the current second from 00 to 99<br>
+				L = Leap second pending at end of month -- 'I' = insert, 'D'=delete<br>
+			T = DST &lt;-&gt; STD transition indicators</p>
+		<p>Note that this driver does not do anything with the T flag. The M320 also has a 'U' command which returns UT1 correction information. It is not used in this driver.</p>
+		<h4>Model 33x timecode format</h4>
+		<p><tt>S9+D 00 YYYY+DDDUTCS HH:MM:SSl+5</tt></p>
+		<p>S = sync indicator S insync N not in sync the sync flag is WWVB decoder sync nothing to do with time being correct </p>
+		<p>9+ = signal level 0 thru 9+ If over 9 indicated as 9<br>
+				D = data bit (fun to watch but useless ;-) space<br>
+				00 = hours since last GOOD WWVB frame sync space<br>
+				YYYY = current year + = leap year indicator<br>
+				DDD = day of year<br>
+				UTC = timezone (always UTC)<br>
+				S = daylight savings indicator space<br>
+				HH = hours : = This is the REAL in sync indicator (: = insync)<br>
+				MM = minutes : = : = in sync ? = NOT in sync<br>
+				SS = seconds<br>
+				L = leap second flag<br>
+				+5 = UT1 correction (sign + digit ))</p>
+		<p>This driver ignores UT1 correction, DST indicator,Leap year and signal level.</p>
 		<h4>Fudge factors</h4>
 		<p>flag1 polling enable (1=poll 0=no poll)</p>
 		<hr>
-		<address><a href="mailto:frank.migge@oracle.com">mail</a></address>
-		<!-- hhmts start -->Last modified: Mon Mar 8 10:12:08 PST 2004<!-- hhmts end -->
-		<hr>
-		<script type="text/javascript" language="javascript" src="Ultralink Clock_files/footer.txt"></script>
-		</BODY>
-	</head>
-
-</html>
\ No newline at end of file
+		<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
+	</body>
+</html>
diff --git a/html/drivers/driver36.html b/html/drivers/driver36.html
index 72fa665..e96f730 100644
--- a/html/drivers/driver36.html
+++ b/html/drivers/driver36.html
@@ -18,73 +18,73 @@
 		Driver ID: <tt>WWV_AUDIO</tt><br>
 		Autotune Port: <tt>/dev/icom</tt>; 1200/9600 baud, 8-bits, no parity<br>
 		Audio Device: <tt>/dev/audio</tt> and <tt>/dev/audioctl</tt>
-		<h4>Description</h4>
-		This driver synchronizes the computer time using data encoded in shortwave radio transmissions from NIST time/frequency stations <a href="http://www.bldrdoc.gov/timefreq/stations/wwv.html">WWV</a> in Ft. Collins, CO, and <a href="http://www.bldrdoc.gov/timefreq/stations/wwvh.htm">WWVH</a> in Kauai, HI. Transmissions are made continuously on 2.5, 5, 10 and 15 MHz from both stations and on 20 MHz from WWV. An ordinary shortwave receiver can be tuned manually to one of these frequencies or, in the case of ICOM receivers, the receiver can be tuned automatically by the driver as propagation conditions change throughout the day and season. The performance of this driver when tracking one of the stations is ordinarily better than 1 ms in time with frequency drift less than 0.1 PPM when not tracking any station.<p>The demodulation and decoding algorithms used by this driver are based on a machine language program developed for the TAPR DSP93 DSP unit, which uses the TI 320C25 DSP chip. The analysis, design and performance of the program running on this unit is described in: Mills, D.L. A precision radio clock for WWV transmissions. Electrical Engineering Report 97-8-1, University of Delaware, August 1997, 25 pp. Available from <a href="http://www.eecis.udel.edu/%7emills/reports.html">www.eecis.udel.edu/~mills/reports.htm</a>. For use in this driver, the original program was rebuilt in the C language and adapted to the NTP driver interface. The algorithms have been modified to improve performance, especially under weak signal conditions and to provide an automatic frequency and station selection feature.</p>
+		<h4>Description</h4>This driver synchronizes the computer time using shortwave radio transmissions from NIST time/frequency stations <a href="http://www.bldrdoc.gov/timefreq/stations/wwv.html">WWV</a> in Ft. Collins, CO, and <a href="http://www.bldrdoc.gov/timefreq/stations/wwvh.htm">WWVH</a> in Kauai, HI. Transmissions are made continuously on 2.5, 5, 10 and 15 MHz from both stations and on 20 MHz from WWV. An ordinary shortwave receiver can be tuned manually to one of these frequencies or, in the case of ICOM receivers, the receiver can be tuned automatically by the driver as propagation conditions change throughout the day and season. The radio is connected via an optional attenuator and cable to either the microphone or line-in port of a workstation or PC.
+		<p>The driver requires an audio codec or sound card with sampling rate 8 kHz and <font face="symbol">m</font>-law companding to demodulate the data. This is the same standard as used by the telephone industry and is supported by most hardware and operating systems, including Solaris, FreeBSD and Linux, among others. In this implementation only one audio driver and codec can be supported on a single machine. In order to assure reliable signal capture, the codec frequency error must be less than 187 PPM (.0187 percent). If necessary, the <tt>tinker codec</tt> configuration command can be used to bracket the codec frequency to this range.</p>
+		<p>In general and without calibration, the driver is accurate within 1 ms relative to the broadcast time when tracking a station. However, variations up to 0.3 ms can be expected due to diurnal variations in ionospheric layer height and ray geometry. In Newark DE, 2479 km from the transmitter, the predicted two-hop propagation delay varies from 9.3 ms in sunlight to 9.0 ms in moonlight. When not tracking the station the accuracy depends on the computer clock oscillator stability, ordinarily better than 0.5 PPM.</p>
+		<p>After calibration relative to the PPS&nbsp;signal from a GPS&nbsp;receiver, the mean offset with a 2.4-GHz P4 running FreeBSD 6.1 is generally within 0.1 ms short-term with 0.4 ms jitter. The long-term mean offset varies up to 0.3 ms due to propagation path geometry variations. The processor load due to the driver is 0.4 percent on the P4.</p>
+		<p>The driver performs a number of error checks to protect against overdriven or underdriven input signal levels, incorrect signal format or improper hardware configuration. The specific checks are detailed later in this page. Note that additional checks are done elsewhere in the reference clock interface routines.</p>
 		<p>This driver incorporates several features in common with other audio drivers such as described in the <a href="driver7.html">Radio CHU Audio Demodulator/Decoder</a> and the <a href="driver6.html">IRIG Audio Decoder</a> pages. They include automatic gain control (AGC), selectable audio codec port and signal monitoring capabilities. For a discussion of these common features, as well as a guide to hookup, debugging and monitoring, see the <a href="../audio.html">Reference Clock Audio Drivers</a> page.</p>
-		<p>The WWV signal format is described in NIST Special Publication 432 (Revised 1990). It consists of three elements, a 5-ms, 1000-Hz pulse, which occurs at the beginning of each second, a 800-ms, 1000-Hz pulse, which occurs at the beginning of each minute, and a pulse-width modulated 100-Hz subcarrier for the data bits, one bit per second. The WWVH format is identical, except that the 1000-Hz pulses are sent at 1200 Hz. Each minute encodes nine BCD digits for the time of century plus seven bits for the daylight savings time (DST) indicator, leap warning indicator and DUT1 correction.</p>
-		<h4>Program Architecture</h4>
-		<p>As in the original program, the clock discipline is modelled as a Markov process, with probabilistic state transitions corresponding to a conventional clock and the probabilities of received decimal digits. The result is a performance level which results in very high accuracy and reliability, even under conditions when the minute beep of the signal, normally its most prominent feature, can barely be detected by ear using  a communications receiver.</p>
-		<p>The analog audio signal from the shortwave radio is sampled at 8000 Hz and converted to digital representation. The 1000/1200-Hz pulses and 100-Hz subcarrier are first separated using two IIR filters, a 600-Hz bandpass filter centered on 1100 Hz and a 150-Hz lowpass filter. The minute synch pulse is extracted using an 800-ms synchronous matched filter and pulse grooming logic which discriminates between WWV and WWVH signals and noise. The second synch pulse is extracted using a 5-ms FIR matched filter and 8000-stage comb filter.</p>
-		<p>The phase of the 100-Hz subcarrier relative to the second synch pulse is fixed at the transmitter; however, the audio stage in many radios affects the phase response at 100 Hz in unpredictable ways. The driver adjusts for each radio using two 170-ms synchronous matched filters. The I (in-phase) filter is used to demodulate the subcarrier envelope, while the Q (quadrature-phase) filter is used in a tracking loop to discipline the codec sample clock and thus the demodulator phase.</p>
-		<p>A bipolar data signal is determined from the matched filter I and Q channels using a pulse-width discriminator. The discriminator samples the I channel at 15 ms (<i>n</i>),  200 ms (<i>s</i><sub>1</sub>) and 500 ms (<i>s</i><sub>0</sub>), and the envelope (RMS&nbsp;I and Q channels) at 200 ms (<i>e</i><sub>1</sub>)&nbsp;and the end of the second (<i>e</i><sub>0</sub>). The bipolar data signal is expressed <i>s</i><sub>1</sub> - 2<i>s</i><sub>0 </sub>- <i>n.</i> Note that, since the signals <i>s</i><sub>0</sub> and <i>s</i><sub>1</sub> include the noise <i>n</i>, this term cancels out. The data bit SNR&nbsp;is calculated as 20 log<sub>10</sub>(<i>e</i><sub>1</sub> / <i>e</i><sub>0</sub>). If the driver has not synchronized to the minute pulse, or if the data bit amplitude <i>e</i><sub>1</sub> or SNR are below thresholds, the bit is considered invalid and the bipolar signal is forced to zero.</p>
+		<h4>Technical Overview</h4>
+		<p>The driver processes 8-kHz <font face="symbol">m</font>-law companded codec samples using maximum-likelihood techniques which exploit the considerable degree of redundancy available in the broadcast signal. The WWV signal format is described in NIST Special Publication 432 (Revised 1990) and also available on the <a href="http://tf.nist.gov/stations/wwvtimecode.htm">WWV/H web site</a>. It consists of three elements, a 5-ms, 1000-Hz pulse, which occurs at the beginning of each second, a 800-ms, 1000-Hz pulse, which occurs at the beginning of each minute, and a pulse-width modulated 100-Hz subcarrier for the data bits, one bit per second. The WWVH format is identical, except that the 1000-Hz pulses are sent at 1200 Hz. Each minute encodes nine BCD digits for the time of century plus seven bits for the daylight savings time (DST) indicator, leap warning indicator and DUT1 correction.</p>
+		<p>The demodulation and decoding algorithms used by this driver are based on a machine language program developed for the TAPR DSP93 DSP unit, which uses the TI 320C25 DSP chip. The analysis, design and performance of the program for this unit is described in: Mills, D.L. A precision radio clock for WWV transmissions. Electrical Engineering Report 97-8-1, University of Delaware, August 1997, 25 pp. Available from <a href="http://www.eecis.udel.edu/%7emills/reports.html">www.eecis.udel.edu/~mills/reports.htm</a>. For use in this driver, the original program was rebuilt in the C language and adapted to the NTP driver interface. The algorithms have been modified to improve performance, especially under weak signal conditions and to provide an automatic frequency and station selection feature.</p>
+		<p>As in the original program, the clock discipline is modelled as a Markov process, with probabilistic state transitions corresponding to a conventional clock and the probabilities of received decimal digits. The result is a performance level with very high accuracy and reliability, even under conditions when the minute beep of the signal, normally its most prominent feature, can barely be detected by ear using a communications receiver.</p>
+		<h4>Baseband Signal Processing</h4>
+		<p>The 1000/1200-Hz pulses and 100-Hz subcarrier are first separated using a 600-Hz bandpass filter centered on 1100 Hz and a 150-Hz lowpass filter. The minute pulse is extracted using an 800-ms synchronous matched filter and pulse grooming logic which discriminates between WWV and WWVH signals and noise. The second pulse is extracted using a 5-ms FIR matched filter for each station and a single 8000-stage comb filter.</p>
+		<p>The phase of the 100-Hz subcarrier relative to the second pulse is fixed at the transmitter; however, the audio stage in many radios affects the phase response at 100 Hz in unpredictable ways. The driver adjusts for each radio using two 170-ms synchronous matched filters. The I (in-phase) filter is used to demodulate the subcarrier envelope, while the Q (quadrature-phase) filter is used in a type-1 phase-lock loop (PLL) to discipline the demodulator phase.</p>
+		<p>A bipolar data signal is determined from the matched filter subcarrier envelope using a pulse-width discriminator. The discriminator samples the I channel at 15 ms (<i>n</i>),  200 ms (<i>s</i><sub>0</sub>) and 500 ms (<i>s</i><sub>1</sub>), and the envelope (RMS I and Q channels) at 200 ms (<i>e</i><sub>1</sub>) and the end of the second (<i>e</i><sub>0</sub>). The bipolar data signal is expressed 2<i>s</i><sub>1</sub> - <i>s</i><sub>0</sub> - <i>n</i>, where positive values correspond to data 1 and negative values correspond to data 0. Note that, since the signals <i>s</i><sub>0</sub> and <i>s</i><sub>1</sub> include the noise <i>n</i>, the noise component cancels out. The data bit SNR is calculated as 20 log<sub>10</sub>(<i>e</i><sub>1</sub> / <i>e</i><sub>0</sub>). If the driver has not synchronized to the minute pulse, or if the data bit amplitude <i>e</i><sub>1</sub> or SNR are below thresholds, the bit is considered invalid and the bipolar signal is forced to zero.</p>
 		<p>The bipolar signal is exponentially averaged in a set of 60 accumulators, one for each second, to determine the semi-static miscellaneous bits, such as DST indicator, leap second warning and DUT1 correction. In this design a data average value larger than a positive threshold is interpreted as +1 (hit) and a value smaller than a negative threshold as a -1 (miss). Values between the two thresholds, which can occur due to signal fades, are interpreted as an erasure and result in no change of indication.</p>
-		<p>The BCD digit in each digit position of the timecode is represented as four data bits. The bits are correlated with the bits corresponding to each of the valid decimal digits in this position. If any of the four bits are invalid, the correlated value for all digits in this position is assumed zero. In either case, the values for all digits are exponentially averaged in a likelihood vector associated with this position. The digit associated with the maximum over all averaged values then becomes the maximum likelihood selection for this position and the ratio of the maximum over the next lower value represents the digit SNR.</p>
-		<p>The decoding matrix contains nine row vectors, one for each digit position. Each row vector includes the maximum likelihood digit, likelihood vector and other related data. The maximum likelihood digit for each of the nine digit positions becomes the maximum likelihood time of the century. A built-in transition function implements a conventional clock with decimal digits that count the minutes, hours, days and years, as corrected for leap seconds and leap years. The counting operation also rotates the likelihood vector corresponding to each digit as it advances. Thus, once the clock is set, each clock digit should correspond to the maximum likelihood digit as transmitted.</p>
-		<p>Each row of the decoding matrix also includes a compare counter and the most recently determined maximum likelihood digit. If a digit likelihood exceeds the decision level and compares with previous digits for a number of successive minutes in any row, the maximum likelihood digit replaces the clock digit in that row. When this condition is true for all rows and the second epoch has been reliably determined, the clock is set (or verified if it has already been set) and delivers correct time to the integral second. The fraction within the second is derived from the logical master clock, which runs at 8000 Hz and drives all system timing functions.</p>
-		<p>The logical master clock is derived from the audio codec clock. Its frequency is disciplined by a frequency-lock loop (FLL) which operates independently of the data recovery functions. At averaging intervals determined by the measured jitter, the frequency error is calculated as the difference between the most recent and the current second epoch divided by the interval. The sample clock frequency is then corrected by this amount. When first started, the frequency averaging interval is eight seconds, in order to compensate for intrinsic codec clock frequency offsets up to 125 PPM. Under most conditions, the averaging interval doubles in stages from the initial value to over 1000 seconds, which results in an ultimate frequency precision of 0.125 PPM, or about 11 ms/day.</p>
-		<p>It is important that the logical clock frequency is stable and accurately determined, since in most applications the shortwave radio will be tuned to a fixed frequency where WWV or WWVH signals are not available throughout the day. In addition, in some parts of the US, especially on the west coast, signals from either or both WWV and WWVH may be available at different times or even at the same time. Since the propagation times from either station are almost always different, each station must be reliably identified before attempting to set the clock.</p>
-		<p>Reliable station identification requires accurate discrimination between very weak signals in noise and noise alone. The driver very aggresively soaks up every scrap of signal information, but has to be careful to avoid making pseudo-sense of noise alone. The signal quality metric depends on the minute pulse amplitude and SNR&nbsp;measured in second 0 of the minute, together with the data subcarrier amplitude and SNR measured in second 1. If all four values are above defined thresholds a hit is declared, otherwise a miss. The number of hits declared in the last six minutes by each station represents the high order bits of the metric value, while the current minute pulse amplitude repressents the low order bits. The resulting value is then scaled from zero to 100 for use as a quality indicator. It is used by the autotune function described below and reported in the timecode string.</p>
+		<h4>Maximum-Likelihood Decoder</h4>
+		<p>The BCD digit in each digit position of the timecode is represented as four data bits. The bits are correlated with the bits corresponding to each of the valid decimal digits in this position. If any of the four bits are invalid, the correlated value for all digits in this position is assumed zero. In either case, the values for all digits are exponentially averaged in a likelihood vector associated with this position. The digit associated with the maximum over all averaged values then becomes the maximum-likelihood candidate for this position and the ratio of the maximum over the next lower value represents the digit SNR.</p>
+		<p>The decoding matrix contains nine row vectors, one for each digit position. Each row vector includes the maximum-likelihood digit, likelihood vector and other related data. The maximum-likelihood digit for each of the nine digit positions becomes the maximum-likelihood time of the century. A built-in transition function implements a conventional clock with decimal digits that count the minutes, hours, days and years, as corrected for leap seconds and leap years. The counting operation also rotates the likelihood vector corresponding to each digit as it advances. Thus, once the clock is set, each clock digit should correspond to the maximum-likelihood digit as transmitted.</p>
+		<p>Each row of the decoding matrix also includes a compare counter and the most recently determined maximum-likelihood digit. If a digit likelihood exceeds the decision level and compares with previous digits for a number of successive minutes in any row, the maximum-likelihood digit replaces the clock digit in that row. When this condition is true for all rows and the second epoch has been reliably determined, the clock is set (or verified if it has already been set) and delivers correct time to the integral second. The fraction within the second is derived from the logical master clock, which runs at 8000 Hz and drives all system timing functions.</p>
+		<h4>Master Clock Discipline</h4>
+		<p>The logical master clock is derived from the audio codec clock. Its frequency is disciplined by a frequency-lock loop (FLL) which operates independently of the data recovery functions. The maximum value of the 5-ms pulse after the comb filter represents the on-time epoch of the second. At averaging intervals determined by the measured jitter, the frequency error is calculated as the difference between the epoches over the interval divided by the interval itself. The sample clock frequency is then corrected by this amount divided by a time constant of 8.</p>
+		<p>When first started, the frequency averaging interval is 8 seconds, in order to compensate for intrinsic codec clock frequency offsets up to 125 PPM. Under most conditions, the averaging interval doubles in stages from the initial value to 1024 s, which results in an ultimate frequency resolution of 0.125 PPM, or about 11 ms/day.</p>
+		<p>The data demodulation functions operate using the subcarrier clock, which is independent of the epoch. However, the data decoding functions are driven by the epoch. The decoder is phase-locked to the epoch in such a way that, when the clock state machine has reliably decoded the broadcast time to the second, the epoch timestamp of that second becomes a candidate to set the system clock.</p>
+		<p>The comb filter can have a long memory and is vulnerable to noise and stale data, especially when coming up after a long fade. Therefore, a candidate is considered valid only if the 5-ms signal amplitude and SNR&nbsp;are above thresholds. In addition, the system clock is not set until after one complete averaging interval has passed with valid candidates.</p>
+		<h4>Station Identification</h4>
+		<p>It is important that the logical clock frequency is stable and accurately determined, since in many applications the shortwave radio will be tuned to a fixed frequency where WWV or WWVH signals are not available throughout the day. In addition, in some parts of the US, especially on the west coast, signals from either or both WWV and WWVH may be available at different times or even at the same time. Since the propagation times from either station are almost always different, each station must be reliably identified before attempting to set the clock.</p>
+		<p>Reliable station identification requires accurate discrimination between very weak signals in noise and noise alone. The driver very aggressively soaks up every scrap of signal information, but has to be careful to avoid making pseudo-sense of noise alone. The signal quality metric depends on the minute pulse amplitude and SNR measured in second 0 of the minute, together with the data subcarrier amplitude and SNR measured in second 1. If all four values are above defined thresholds a hit is declared, otherwise a miss. In principle, the data pulse in second 58 is usable, but the AGC in most radios is not fast enough for a reliable measurement.</p>
+		<p>The number of hits declared in the last 6 minutes for each station represents the high order bits of the metric, while the current minute pulse amplitude represents the low order bits. Only if the metric is above a defined threshold is the station signal considered acceptable. The metric is also used by the autotune function described below and reported in the timecode string.</p>
 		<h4>Performance</h4>
-		<p>It is the intent of the design that the accuracy and stability of the indicated time be limited only by the characteristics of the ionospheric propagation medium. Conventional wisdom is that synchronization via the HF medium is good only to a millisecond under the best propagation conditions. The performance of the NTP daemon disciplined by the driver is clearly better than this, even under marginal conditions. Ordinarily, with marginal to good signals and a frequency averaging interval of 1024 s, the frequency is stabilized within 0.1 PPM and the time within 0.5 ms.  The frequency stability characteristic is highly important, since the clock may have to free-run for several hours before reacquiring the WWV/H signal.</p>
-		<p>The expected accuracy over a typical day was determined using the DSP93 and an oscilloscope and cesium oscillator calibrated with a GPS receiver. With marginal signals and allowing 15 minutes for initial synchronization and frequency compensation, the time accuracy determined from the WWV/H second synch pulse was reliably within 125 <font face="Symbol">m</font>s. In the particular DSP93 used for program development, the uncorrected CPU clock frequency offset was 45.8&plusmn;0.1 PPM. Over the first hour after initial synchronization, the clock frequency drifted about 1 PPM as the frequency averaging interval increased to the maximum 1024 s. Once reaching the maximum, the frequency wandered over the day up to 1 PPM, but it is not clear whether this is due to the stability of the DSP93 clock oscillator or the changing height of the ionosphere. Once the frequency had stabilized and after loss of the WWV/H signal, the frequency drift was less than 0.5 PPM, which is equivalent to 1.8 ms/h or 43 ms/d. This resulted in a step phase correction up to several milliseconds when the signal returned.</p>
-		<p>The measured propagation delay from the WWV transmitter at Boulder, CO, to the receiver at Newark, DE, is 23.5&plusmn;0.1 ms. This is measured to the peak of the pulse after the second synch comb filter and includes components due to the ionospheric propagation delay, nominally 8.9 ms, communications receiver delay and program delay. The propagation delay can be expected to change about 0.2 ms over the day, as the result of changing ionosphere height. The DSP93 program delay was measured at 5.5 ms, most of which is due to the 400-Hz bandpass filter and 5-ms matched filter. Similar delays can be expected of this driver.</p>
-		<h4>Program Operation</h4>The driver begins operation immediately upon startup. It first searches for one or both of the stations WWV and WWVH and attempts to acquire minute synch. This may take some fits and starts, as the driver expects to see several  consecutive minutes with good signals and low jitter. If the autotune function is active, the driver will rotate over all five frequencies and both WWV and WWVH stations until at least three good minutes are found.<p>When a minute synch candidate has been found, the driver acquires second synch, which can take up to several minutes, depending on signal quality. At the same time the driver accumulates likelihood values for the unit (seconds) digit of the nine digits of the timecode, plus the seven miscellaneous bits included in the WWV/H transmission format. When a good unit digit has been found, the driver accumlates likelihood values for the remaining eight digits of the timecode. When three repetitions of all nine digits have decoded correctly, which normally takes 15 minutes with good signals, and up to 40 minutes when buried in noise, and the second synch has been acquired, the clock is set (or verified) and is selectable to discipline the system clock.</p>
-		<p>Once the clock is set, it continues to provide correct timecodes, even if all signals are losst. The time is considered correct as long as the second synch amplitude and SNR are above specified thresholds and jitter is below threshold. As long as the clock is set or verified, the system clock offsets are provided once each minute to the reference clock interface, where they are processed using the same algorithms used with other local reference clocks and remote servers. Using these algorithms, the system clock can in principle be disciplined to a much finer resolution than the 125-<font face="Symbol">m</font>s sample interval would suggest, although the ultimate accuracy is probably limited by propagation delay variations as the ionspheric height varies throughout the day and night.</p>
-		<p>The codec clock frequency is disciplined during times when WWV/H signals are available. The algorithm refines the frequency offset using increasingly longer averaging intervals to 1024 s, where the precision is about 0.1 PPM. With good signals, it takes well over two hours to reach this degree of precision; however, it can take many more hours than this in case of marginal signals. Once reaching the limit, the algorithm will follow frequency variations due to temperature fluctuations and ionospheric height variations.</p>
+		<p>It is the intent of the design that the accuracy and stability of the indicated time be limited only by the characteristics of the ionospheric propagation medium. Conventional wisdom is that manual synchronization via oscilloscope and HF medium is good only to a millisecond under the best propagation conditions. The performance of the NTP daemon disciplined by this driver is clearly better than this, even under marginal conditions.</p>
+		<p>The figure below shows the measured offsets over a typical day near the bottom of the sunspot cycle ending in October, 2006. Variations up to &plusmn;0.4 ms can be expected due to changing ionospheric layer height and ray geometry over the day and night.</p>
+		<div align="center">
+			<img src="../pic/offset1211.gif" alt="gif"></div>
+		<p>The figure was constructed using a 2.4-GHz P4 running FreeBSD 6.1. For these measurements the computer clock was disciplined within a few microseconds of UTC using a PPS signal and GPS receiver and the measured offsets determined from the filegen peerstats data.</p>
+		<p>The predicted propagation delay from the WWV transmitter at Boulder, CO, to the receiver at Newark, DE, varies over 9.0-9.3 ms. In addition, the receiver contributes 4.7 ms and the 600-Hz bandpass filter 0.9 ms. With these values, the mean error is less than 0.1 ms and varies &plusmn;0.3 ms over the day as the result of changing ionospheric height and ray geometry.</p>
+		<h4>Program Operation</h4>
+		The driver begins operation immediately upon startup. It first searches for one or both of the stations WWV and WWVH and attempts to acquire minute synch. This may take some fits and starts, as the driver expects to see several consecutive minutes with good signals and low jitter. If the autotune function is active, the driver will rotate over all five frequencies and both WWV and WWVH stations until finding a station and frequency with acceptable metric.
+		<p>While this is going on the the driver acquires second synch, which can take up to several minutes, depending on signal quality. When minute synch has been acquired, the driver accumulates likelihood values for the unit (seconds) digit of the nine timecode digits, plus the seven miscellaneous bits included in the WWV/H transmission format. When a good unit digit has been found, the driver accumulated likelihood values for the remaining eight digits of the timecode. When three repetitions of all nine digits have decoded correctly, which normally takes 15 minutes with good signals, and up to 40 minutes when buried in noise, and the second synch has been acquired, the clock is set (or verified) and is selectable to discipline the system clock.</p>
+		<p>Once the clock is set, it continues to provide correct timecodes as long as the signal metric is above threshold, as described in the previous section. As long as the clock is correctly set or verified, the system clock offsets are provided once each minute to the reference clock interface, where they are processed using the same algorithms as with other reference clocks and remote servers.</p>
 		<p>It may happen as the hours progress around the clock that WWV and WWVH signals may appear alone, together or not at all. When the driver has mitigated which station and frequency is best, it sets the reference identifier to the string WV<i>f</i> for WWV and WH<i>f</i> for WWVH, where <i>f</i> is the frequency in megahertz. If the propagation delays have been properly set with the <tt>fudge time1</tt> (WWV) and <tt>fudge time2</tt> (WWVH) commands in the configuration file, handover from one station to the other is seamless.</p>
-		<p>Once the clock has been set for the first time, it will appear reachable and selectable to discipline the system clock. Operation continues as long as the signal quality from at least one station on at least one frequency is acceptable. A consequence of this design is that, once the clock is set, the time and frequency are disciplined only by the second synch pulse and the clock digits themselves are driven by the clock state machine. If for some reason the state machine drifts to the wrong second, it would never reresynchronize. To protect against this most unlikely situation, if after two days with no signals, the clock is considered unset and resumes the synchronization procedure from the beginning.</p>
-		<p>However, as long as the clock has once been set correctly and allowed to converge to the intrinsic codec clock frequency, it will continue to read correctly even during the holdover interval, but with increasing dispersion. Assuming the clock frequency can be disciplined within 1 PPM, it can coast without signals for several days without exceeding the NTP step threshold of 128 ms. During such periods the root dispersion increases at 5 <font face="Symbol">m</font>s per second, which makes the driver appear less likely for selection as time goes on. Eventually, when the dispersion due all causes exceeds 1 s, it is no longer suitable for synchronization.</p>
-		<p>To work well, the driver needs a shortwave receiver with good audio response at 100 Hz. Most shortwave and communications receivers roll off the audio response below 250 Hz, so this can be a problem, especially with receivers using DSP technology, since DSP filters can have very fast rolloff outside the passband. Some DSP transceivers, in particular the ICOM 775, have a programmable low frequency cutoff which can be set as low as 80 Hz. However, this particular radio has a strong low frequency buzz at about 10 Hz which appears in the audio output and can affect data recovery under marginal conditions. Although not tested, it would seem very likely that a cheap shortwave receiver could function just as well as an expensive communications receiver.</p>
+		<p>Operation continues as long as the signal metric from at least one station on at least one frequency is acceptable. A consequence of this design is that, once the clock is set, the time and frequency are disciplined only by the second synch pulse and the clock digits themselves are driven by the clock state machine. If for some reason the state machine drifts to the wrong second, it would never resynchronize. To protect against this most unlikely situation, if after two days with no signals, the clock is considered unset and resumes the synchronization procedure from the beginning.</p>
+		<p>Once the system clock been set correctly it will continue to read correctly even during the holdover interval, but with increasing dispersion. Assuming the system clock frequency can be disciplined within 1 PPM, it can coast without signals for several days without exceeding the NTP step threshold of 128 ms. During such periods the root distance increases at 15 <font face="Symbol">m</font>s per second, which makes the driver appear less likely for selection as time goes on. Eventually, when the distance due all causes exceeds 1 s, it is no longer suitable for synchronization. Ordinarily, this  happens after about 18 hours with no signals. The <tt>tinker maxdist</tt> configuration command can be used to change this value.</p>
 		<h4>Autotune</h4>
-		<p>The driver includes provisions to automatically tune the radio in response to changing radio propagation conditions throughout the day and night. The radio interface is compatible with the ICOM CI-V standard, which is a bidirectional serial bus operating at TTL levels. The bus can be connected to a serial port using a level converter such as the CT-17.</p>
-		<p>Each ICOM radio is assigned a unique 8-bit ID select code, usually expressed in hex format. To activate the CI-V interface, the <tt>mode</tt> keyword of the <tt>server</tt> configuration command specifies a nonzero select code in decimal format. A table of ID select codes for the known ICOM radios is given on the <a href="../audio.html">Reference Clock Audio Drivers</a> page. A missing <tt>mode</tt> keyword or a zero argument leaves the interface disabled.</p>
-		<p>If specified, the driver will attempt to open the device <tt>/dev/icom</tt> and, if successful will activate the autotune function and tune the radio to each operating frequency in turn while attempting to acquire minute synch from either WWV or WWVH. However, the driver is liberal in what it assumes of the configuration. If the <tt>/dev/icom</tt> link is not present or the open fails or the CI-V bus or radio is inoperative, the driver quietly gives up with no harm done.</p>
-		<p>Once acquiring minute synch, the driver operates as described above to set the clock. However, during seconds 59, 0 and 1 of each minute it tunes the radio to one of the five broadcast frequencies to measure the minute synch pulse amplitude and SNR in second 0 and data pulse amplitude and SNR in second 1 to update the signal metric. In principle, the data pulse in second 58 is usable, but the AGC in most radios is not fast enough for a reliable measurement. Each of the five frequencies are probed in a five-minute rotation to build a database of current propagation conditions for all signals that can be heard at the time. At the end of each probe a mitigation procedure scans the database and retunes the radio to the best frequency and station found. For this to work well, the radio should be set for a fast AGC recovery time. This is most important while tracking a strong signal, which is normally the case, and then probing another frequency, which may have much weaker signals.</p>
-		<p>At the end of each probe, the frequency and station with the maximum metric is chosen, with ties going first to the highest frequency and then to WWV in order. A station is considered valid only if the metric is above a specified threshold' if below, the rotating probes continue until a valid station is found.</p>
-		<dl>
-			</dl>
-		<h4>Diagnostics</h4>
+		<p>The driver includes provisions to automatically tune the radio in response to changing radio propagation conditions throughout the day and night. The radio interface is compatible with the ICOM CI-V standard, which is a bidirectional serial bus operating at TTL levels. The bus can be connected to a standard serial port using a level converter such as the CT-17. Further details are on the <a href="../audio.html">Reference Clock Audio Drivers</a> page.</p>
+		<p>If specified, the driver will attempt to open the device <tt>/dev/icom</tt> and, if successful will activate the autotune function and tune the radio to each operating frequency in turn while attempting to acquire minute synch from either WWV or WWVH. However, the driver is liberal in what it assumes of the configuration. If the <tt>/dev/icom</tt> link is not present or the open fails or the CI-V bus is inoperative, the driver quietly gives up with no harm done.</p>
+		<p>Once acquiring minute synch, the driver operates as described above to set the clock. However, during seconds 59, 0 and 1 of each minute it tunes the radio to one of the five broadcast frequencies to measure the signal metric as described above. Each of the five frequencies are probed in a five-minute rotation to build a database of current propagation conditions for all signals that can be heard at the time. At the end of each probe a mitigation procedure scans the database and retunes the radio to the best frequency and station found. For this to work well, the radio should be set for a fast AGC recovery time. This is most important while tracking a strong signal, which is normally the case, and then probing another frequency, which may have much weaker signals.</p>
+		<p>The mitigation procedure selects the frequency and station with the highest valid metric, ties going first to the highest frequency and then to WWV in order. A station is considered valid only if the metric is above a specified threshold; if no station is above the metric, the rotating probes continue until a valid station is found.</p>
+		<p>The behavior of the autotune function over a typical day is shown in the figure below.</p>
+		<div align="center">
+			<img src="../pic/freq1211.gif" alt="gif"></div>
+		<p>As expected, the lower frequencies prevail when the ray path is in moonlight (0100-1300 UTC) and the higher frequencies when the path is in sunlight (1300-0100 UTC). Note three periods in the figure show zero frequency when signals are below the minimum for all frequencies and stations.</p>
+		<h4>Debugging Aids</h4>
+		<p>The most convenient way to track the driver status is using the <tt>ntpq</tt> program and the <tt>clockvar</tt> command. This displays the last determined timecode and related status and error counters, even when the driver is not disciplining the system clock. If the debugging trace feature (<tt>-d</tt> on the <tt>ntpd</tt> command line) is enabled, the driver produces detailed status messages as it operates. If the <tt>fudge flag 4</tt> is set, these messages are written to the <tt>clockstats</tt> file. All messages produced by this driver have the prefix <tt>wwv</tt> for convenient filtering with the Unix <tt>grep</tt> command.</p>
 		<p>The autotune process produces diagnostic information along with the timecode. This is very useful for evaluating the performance of the algorithms, as well as radio propagation conditions in general. The message is produced once each minute for each frequency in turn after minute synch has been acquired.</p>
 		<p><tt>wwv5 status agc epoch secamp/secsnr datamp/datsnr wwv wwvh</tt></p>
-		<p>where the fields after the <tt>wwv5</tt> identifier are: <tt>status</tt> contains status bits, <tt>agc</tt> audio gain, <tt>epoch </tt>second epoch, <tt>secamp/secsnr </tt>second pulse ampliture/SNR, and <tt>wwv</tt> and <tt>wwvh</tt> are two sets of fields, one each for WWV and WWVH. Each of the two fields has the format</p>
+		<p>where the fields after the <tt>wwv5</tt> identifier are: <tt>status</tt> contains status bits, <tt>agc</tt> audio gain, <tt>epoch </tt>second epoch, <tt>secamp/secsnr </tt>second pulse amplitude/SNR, and <tt>wwv</tt> and <tt>wwvh</tt> are two sets of fields, one each for WWV and WWVH. Each of the two fields has the format</p>
 		<p><tt>ident score metric minamp/minsnr</tt></p>
-		<p>where <tt>ident </tt>encodes the station (<tt>WV</tt> for WWV, <tt>WH</tt> for WWVH) and frequency (2, 5, 10, 15 or 20), <tt>score</tt> 32-bit shift register recording the hits (1) and misses (0) of the last 32 probes (hits and misses enter from the right), <tt>metric</tt> is described above, and <tt>minamp/minsnr</tt> minute pulse ampliture/SNR. An example is:</p>
-		<p><tt>wwv5 000d 111 5753 3967/20.1 3523/10.2 WV20 bdeff 100 8348/30.0 WH20 0000 1 22/-12.4</tt></p>
+		<p>where <tt>ident </tt>encodes the station (<tt>WV</tt> for WWV, <tt>WH</tt> for WWVH) and frequency (2, 5, 10, 15 or 20), <tt>score</tt> 32-bit shift register recording the hits (1) and misses (0) of the last 32 probes (hits and misses enter from the right), <tt>metric</tt> is described above, and <tt>minamp/minsnr</tt> is the minute pulse ampliture/SNR. An example is:</p>
+		<pre><tt>wwv5 000d 111 5753 3967/20.1 3523/10.2 WV20 bdeff 100 8348/30.0 WH20 0000 1 22/-12.4</tt></pre>
 		<p>There are several other messages that can occur; these are documented in the source listing.</p>
-		<h4>Debugging Aids</h4>
-		<p>The most convenient way to track the driver status is using the <tt>ntpq</tt> program and the <tt>clockvar</tt> command. This displays the last determined timecode and related status and error counters, even when the driver is not disciplining the system clock. If the debugging trace feature (<tt>-d</tt> on the <tt>ntpd</tt> command line)is enabled, the driver produces detailed status messages as it operates. If the <tt>fudge flag 4</tt> is set, these messages are written to the <tt>clockstats</tt> file. All messages produced by this driver have the prefix <tt>wwv</tt> for convenient filtering with the Unix <tt>grep</tt> command.</p>
 		<h4>Monitor Data</h4>
 		
+		
 		When enabled by the <tt>filegen</tt> facility, every received timecode is written to the <tt>clockstats</tt> file in the following format:
-		<p><tt>sq yyyy ddd hh:mm:ss ld du lset agc ident metric errs freq avg<br>
-				     s</tt>        synch indicator (<tt>?</tt>&nbsp;or space)
-        <tt>q     </tt>quality character (see below)
-        <tt>yyyy  </tt>Gregorian year
-        <tt>ddd   </tt>day of year
-        <tt>hh    </tt>hour of day
-        <tt>mm    </tt>minute of hour
-        <tt>l     </tt>leap second warning <tt>L</tt>
-        <tt>d     </tt>DST state <tt>S, D, I, O</tt><br>
-			        <tt>dut   </tt>DUT sign and magnitude
-        <tt>lset  </tt>minutes since last set
-        <tt>agc   </tt>audio gain
-        <tt>ident </tt>station identifier and frequency
-        <tt>metric </tt>signal metric (0-100)
-        <tt>errs  </tt>data bit errors in last minute
-        <tt>freq  </tt>codec frequency offset (PPM)
-        <tt>avg   </tt>frequency averaging interval (s)
-</p>
-			The fields beginning with <tt>year</tt> and extending through <tt>dut</tt> are decoded from the received data and are in fixed-length format. The <tt>agc</tt> and <tt>lset</tt> fields, as well as the following driver-dependent fields, are in variable-length format.
+		<p><tt>sq yyyy ddd hh:mm:ss l d du lset agc ident metric errs freq avg<br>
+			</tt></p>
+			The fields beginning with <tt>yyyy</tt> and extending through <tt>du</tt> are decoded from the received data and are in fixed-length format. The remaining fields are in variable-length format. The fields are as follows:
 		<dl>
 			<dt><tt>s</tt>
 			<dd>The synch indicator is initially <tt>?</tt> before the clock is set, but turns to space when all nine digits of the timecode are correctly set and the decoder is synchronized to the station within 125 <font face="Symbol">m</font>s.
@@ -96,12 +96,13 @@
 					<dt><tt>0x4</tt>
 					<dd>Digit error alarm. Less than nine decimal digits were found in the last minute.<dt><tt>0x2</tt>
 					<dd>Error alarm. More than 40 data bit errors were found in the last minute.<dt><tt>0x1</tt>
-					<dd>Compare alarm. A maximum likelihood digit failed to agree with the current associated clock digit in the last minute.</dl>It is important to note that one or more of the above alarms does not necessarily indicate a clock error, but only that the decoder has detected a condition that may result in an error. However, the local clock update is not suppressed if any alarm bits are set other than a synch alarm.<dt><tt>yyyy ddd hh:mm:ss</tt>
-			<dd>The timecode format itself is self explanatory. Since the driver latches the on-time epoch directly from the second synch pulse, the seconds fraction is always zero. Although the transmitted timecode includes only the year of century, the Gregorian year is augmented by 2000.<dt><tt>l</tt>
-			<dd>The leap second warning is normally space, but changes to <tt>L</tt> if a leap second is to occur at the end of the month of June or December.
+					<dd>Compare alarm. A maximum-likelihood digit failed to agree with the current associated clock digit in the last minute.</dl>It is important to note that one or more of the above alarms does not necessarily indicate a clock error, but only that the decoder has detected a marginal condition.<dt><tt>yyyy ddd hh:mm:ss</tt>
+					<dd>The timecode format itself is self explanatory. Since the driver latches the on-time epoch directly from the second synch pulse, the seconds fraction is always zero. Although the transmitted timecode includes only the year of century, the Gregorian year is augmented by 2000.
+					<dt><tt>l</tt>
+					<dd>The leap second warning is normally space, but changes to <tt>L</tt> if a leap second is to occur at the end of the month.
 			<dt><tt>d</tt>
 			<dd>The DST state is <tt>S</tt> or <tt>D</tt> when standard time or daylight time is in effect, respectively. The state is <tt>I</tt> or <tt>O</tt> when daylight time is about to go into effect or out of effect, respectively.
-			<dt><tt>dut</tt>
+			<dt><tt>du</tt>
 			<dd>The DUT sign and magnitude shows the current UT1 offset relative to the displayed UTC time, in deciseconds.
 			<dt><tt>lset</tt>
 			<dd>Before the clock is set, the interval since last set is the number of minutes since the driver was started; after the clock is set, this is number of minutes since the decoder was last synchronized to the station within 125 <font face="Symbol">m</font>s.
@@ -112,9 +113,9 @@
 			<dt><tt>metric</tt>
 			<dd>The signal metric described above from 0 (no signal) to 100 (best).
 			<dt><tt>errs</tt>
-			<dd>The bit error counter is useful to determine the quality of the data signal received in the most recent minute. It is normal to drop a couple of data bits under good signal conditions and increasing numbers as conditions worsen. While the decoder performs moderately well even with half the bits are in error in any minute, usually by that point the metric drops below threshold and the decoder switches to a different frequency.<dt><tt>freq</tt>
+			<dd>The bit error counter is useful to determine the quality of the data signal received in the most recent minute. It is normal to drop a couple of data bits even under good signal conditions and increasing numbers as conditions worsen. While the decoder performs moderately well even with half the bits are in error in any minute, usually by that point the metric drops below threshold and the decoder switches to a different frequency.<dt><tt>freq</tt>
 			<dd>The frequency offset is the current estimate of the codec frequency offset to within 0.1 PPM. This may wander a bit over the day due to local temperature fluctuations and propagation conditions.
-			<dt><tt>avgt</tt>
+			<dt><tt>avg</tt>
 			<dd>The averaging time is the interval between frequency updates in powers of two to a maximum of 1024 s. Attainment of the maximum indicates the driver is operating at the best possible resolution in time and frequency.
 		</dl>
 		<p>An example timecode is:</p>
diff --git a/html/drivers/driver4.html b/html/drivers/driver4.html
index bda4a10..788bc46 100644
--- a/html/drivers/driver4.html
+++ b/html/drivers/driver4.html
@@ -2,65 +2,107 @@
 
 <html>
 
-	<head>
-		<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
-		<title>Spectracom 8170 and Netclock/2 WWVB Receivers</title>
-		<link href="scripts/style.css" type="text/css" rel="stylesheet">
-	</head>
-
-	<body>
-		<h3>Spectracom 8170 and Netclock/2 WWVB Receivers</h3>
-		<hr>
-		<h4>Synopsis</h4>
-		Address: 127.127.4.<i>u</i><br>
-		Reference ID: <tt>WWVB</tt><br>
-		Driver ID: <tt>WWVB_SPEC</tt><br>
-		Serial Port: <tt>/dev/wwvb<i>u</i></tt>; 9600 baud, 8-bits, no parity<br>
-		Features: <tt>tty_clk</tt>
-		<h4>Description</h4>
-		<p>This driver supports all known Spectracom radio and satellite clocks, including the Model 8170 and Netclock/2 WWVB Synchronized Clocks and the Netclock/GPS GPS Master Clock. The claimed accuracy of the WWVB clocks is 100 usec relative to the broadcast signal. These clocks have proven a reliable source of time, except in some parts of the country with high levels of conducted RF interference. WIth the GPS clock the claimed accuracy is 130 ns. However, in most cases the actual accuracy is limited by the precision of the timecode and the latencies of the serial interface and operating system.</p>
-		<p>The DIPswitches on these clocks should be set to 24-hour display, AUTO DST off, data format 0 or 2 (see below) and baud rate 9600. If this clock is used as the source for the IRIG Audio Decoder (<tt>refclock_irig.c</tt> in this distribution), set the DIPswitches for AM IRIG output and IRIG format 1 (IRIG B with signature control).</p>
-		<p>There are two timecode formats used by these clocks. Format 0, which is available with all clocks, and format 2, which is available with all clocks except the original (unmodified) Model 8170.</p>
-		<p>Format 0 (22 ASCII printing characters):<br>
-			&lt;cr&gt;&lt;lf&gt;i ddd hh:mm:ss TZ=zz&lt;cr&gt;&lt;lf&gt;</p>
-		<p>on-time = first &lt;cr&gt;<br>
-			i = synchronization flag (' ' = in synch, '?' = out synch)<br>
-			hh:mm:ss = hours, minutes, seconds</p>
-		<p>The alarm condition is indicated by other than ' ' at <tt>i</tt>, which occurs during initial synchronization and when received signal is lost for about ten hours.</p>
-		<p>Format 2 (24 ASCII printing characters):<br>
-			lt;cr&gt;lf&gt;iqyy ddd hh:mm:ss.fff ld</p>
-		<p>on-time = &lt;cr&gt;<br>
-			i = synchronization flag (' ' = in synch, '?' = out synch)<br>
-			q = quality indicator (' ' = locked, 'A'...'D' = unlocked)<br>
-			yy = year (as broadcast)<br>
-			ddd = day of year<br>
-			hh:mm:ss.fff = hours, minutes, seconds, milliseconds</p>
-		<p>The alarm condition is indicated by other than ' ' at <tt>i</tt>, which occurs during initial synchronization and when received signal is lost for about ten hours. The unlock condition is indicated by other than ' ' at <tt>q</tt>.</p>
-		<p>The <tt>q</tt> is normally ' ' when the time error is less than 1 ms and a character in the set <tt>A...D</tt> when the time error is less than 10, 100, 500 and greater than 500 ms respectively. The <tt>l</tt> is normally ' ', but is set to <tt>L</tt> early in the month of an upcoming UTC leap second and reset to ' ' on the first day of the following month. The <tt>d</tt> is set to <tt>S</tt> for standard time <tt>S</tt>, <tt>I</tt> on the day preceding a switch to daylight time, <tt>D</tt> for daylight time and <tt>O</tt> on the day preceding a switch to standard time. The start bit of the first &lt;cr&gt; is synchronized to the indicated time as returned.</p>
-		<p>This driver does not need to be told which format is in use - it figures out which one from the length of the message. A three-stage median filter is used to reduce jitter and provide a dispersion measure. The driver makes no attempt to correct for the intrinsic jitter of the radio itself, which is a known problem with the older radios.</p>
-		<h4>Monitor Data</h4>
-		<p>The driver writes each timecode as received to the <tt>clockstats</tt> file. When enabled by the <tt>flag4</tt> fudge flag, a table of quality data maintained internally by the Netclock/2 is retrieved and written to the <tt>clockstats</tt> file when the first timecode message of a new dayis received.</p>
-		<h4>Fudge Factors</h4>
-		<dl>
-			<dt><tt>time1 <i>time</i></tt>
-			<dd>Specifies the time offset calibration factor, in seconds and fraction, with default 0.0.
-			<dt><tt>time2 <i>time</i></tt>
-			<dd>Not used by this driver.
-			<dt><tt>stratum <i>number</i></tt>
-			<dd>Specifies the driver stratum, in decimal from 0 to 15, with default 0.
-			<dt><tt>refid <i>string</i></tt>
-			<dd>Specifies the driver reference identifier, an ASCII string from one to four characters, with default <tt>WWVB</tt>.
-			<dt><tt>flag1 0 | 1</tt>
-			<dd>Not used by this driver.
-			<dt><tt>flag2 0 | 1</tt>
-			<dd>Not used by this driver.
-			<dt><tt>flag3 0 | 1</tt>
-			<dd>Not used by this driver.
-			<dt><tt>flag4 0 | 1</tt>
-			<dd>Enable verbose <tt>clockstats</tt> recording if set.
-		</dl>
-		<hr>
-		<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
-	</body>
+<head>
+<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
+<title>Spectracom WWVB/GPS Receivers</title>
+<link href="scripts/style.css" type="text/css" rel="stylesheet">
+<style type="text/css">
+<!--
+.style1 {font-family: Symbol}
+-->
+</style>
+</head>
 
+<body>
+
+<h3>Spectracom WWVB/GPS Receivers</h3>
+
+<hr>
+Last update: 
+
+<!-- #BeginDate format:En2m -->22-Apr-2009  15:00<!-- #EndDate --> 
+UTC</p>
+
+<h4>Synopsis</h4>
+
+<p>Address: 127.127.4.<i>u</i><br>
+Reference ID: <tt>WWVB</tt><br>
+Driver ID: <tt>WWVB_SPEC</tt><br>
+Serial Port: <tt>/dev/wwvb<i>u</i></tt>; 9600 baud, 8-bits, no parity<br>
+Features: Optional PPS signal processing, <tt>tty_clk</tt><br>
+Requires: Optional PPS signal processing requires the PPSAPI signal interface.</p>
+
+<h4>Description</h4>
+
+<p>This driver supports all known Spectracom radio and satellite clocks, including the Model 8170 and Netclock/2 WWVB Synchronized Clocks and the Netclock/GPS GPS Master Clock. The claimed accuracy of the WWVB clocks is 100 <span class="style1">m</span>s relative to the broadcast signal. These clocks have proven a reliable source of time, except in some parts of the country with high levels of conducted RF interference. WIth the GPS clock the claimed accuracy is 130 ns. However, in most cases the actual accuracy is limited by the precision of the timecode and the latencies of the serial interface and operating system.</p>
+
+<p>The DIPswitches on these clocks should be set to 24-hour display, AUTO DST off, data format 0 or 2 (see below) and baud rate 9600. If this clock is used as the source for the IRIG Audio Decoder (<tt>refclock_irig.c</tt> in this distribution), set the DIPswitches for AM IRIG output and IRIG format 1 (IRIG B with signature control).</p>
+
+<p>There are two timecode formats used by these clocks. Format 0, which is available with all clocks, and format 2, which is available with all clocks except the original (unmodified) Model 8170.</p>
+
+<p>Format 0 (22 ASCII printing characters):<br>
+&lt;cr&gt;&lt;lf&gt;i ddd hh:mm:ss TZ=zz&lt;cr&gt;&lt;lf&gt;</p>
+
+<p>on-time = first &lt;cr&gt;<br>
+i = synchronization flag (' ' = in synch, '?' = out synch)<br>
+hh:mm:ss = hours, minutes, seconds</p>
+
+<p>The alarm condition is indicated by other than ' ' at <tt>i</tt>, which occurs during initial synchronization and when received signal is lost for about ten hours.</p>
+
+<p>Format 2 (24 ASCII printing characters):<br>
+lt;cr&gt;lf&gt;iqyy ddd hh:mm:ss.fff ld</p>
+
+<p>on-time = &lt;cr&gt;<br>
+i = synchronization flag (' ' = in synch, '?' = out synch)<br>
+q = quality indicator (' ' = locked, 'A'...'D' = unlocked)<br>
+yy = year (as broadcast)<br>
+ddd = day of year<br>
+hh:mm:ss.fff = hours, minutes, seconds, milliseconds</p>
+
+<p>The alarm condition is indicated by other than ' ' at <tt>i</tt>, which occurs during initial synchronization and when received signal is lost for about ten hours. The unlock condition is indicated by other than ' ' at <tt>q</tt>.</p>
+
+<p>The <tt>q</tt> is normally ' ' when the time error is less than 1 ms and a character in the set <tt>A...D</tt> when the time error is less than 10, 100, 500 and greater than 500 ms respectively. The <tt>l</tt> is normally ' ', but is set to <tt>L</tt> early in the month of an upcoming UTC leap second and reset to ' ' on the first day of the following month. The <tt>d</tt> is set to <tt>S</tt> for standard time <tt>S</tt>, <tt>I</tt> on the day preceding a switch to daylight time, <tt>D</tt> for daylight time and <tt>O</tt> on the day preceding a switch to standard time. The start bit of the first &lt;cr&gt; is synchronized to the indicated time as returned.</p>
+
+<p>This driver does not need to be told which format is in use - it figures out which one from the length of the message. A three-stage median filter is used to reduce jitter and provide a dispersion measure. The driver makes no attempt to correct for the intrinsic jitter of the radio itself, which is a known problem with the older radios.</p>
+
+<h4<PPS Signal Processing</h4>
+
+<p>When PPS signal processing is enabled, and when the system clock has been set by this or another driver and the PPS signal offset is within 0.4 s of the system clock offset, the PPS signal replaces the timecode for as long as the PPS signal is active. If for some reason the PPS signal fails for one or more poll intervals, the driver reverts to the timecode. If the timecode fails for one or more poll intervals, the PPS signal is disconnected.</p>
+
+<h4>Monitor Data</h4>
+
+<p>The driver writes each timecode as received to the <tt>clockstats</tt> file. When enabled by the <tt>flag4</tt> fudge flag, a table of quality data maintained internally by the Netclock/2 is retrieved and written to the <tt>clockstats</tt> file when the first timecode message of a new day is received.</p>
+
+<h4>Fudge Factors</h4>
+
+<dl>
+<dt><tt>time1 <i>time</i></tt>
+<dd>Specifies the PPS time offset calibration factor, in seconds and fraction, with default 0.0.
+
+<dt><tt>time2 <i>time</i></tt>
+<dd>Specifies the serial time offset calibration factor, in seconds and fraction, with default 0.0.
+
+<dt><tt>stratum <i>number</i></tt>
+<dd>Specifies the driver stratum, in decimal from 0 to 15, with default 0.
+
+<dt><tt>refid <i>string</i></tt>
+<dd>Specifies the driver reference identifier, an ASCII string from one to four characters, with default <tt>WWVB</tt>.
+
+<dt><tt>flag1 0 | 1</tt>
+<dd>Disable PPS signal processing if 0 (default); enable PPS signal processing if 1.
+
+<dt><tt>flag2 0 | 1</tt>
+<dd>If PPS signal processing is enabled, capture the pulse on the rising edge if 0 (default); capture on the falling edge if 1.
+
+<dt><tt>flag3 0 | 1</tt>
+<dd>If PPS signal processing is enabled, use the <tt>ntpd</tt> clock discipline if 0 (default); use the kernel discipline if 1.
+
+<dt><tt>flag4 0 | 1</tt>
+<dd>Enable verbose <tt>clockstats</tt> recording if set.
+
+</dl>
+
+<hr>
+<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
+</body>
 </html>
\ No newline at end of file
diff --git a/html/drivers/driver6.html b/html/drivers/driver6.html
index 8a51f16..eb12bdd 100644
--- a/html/drivers/driver6.html
+++ b/html/drivers/driver6.html
@@ -1,54 +1,37 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-
 <html>
-
 	<head>
 		<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
 		<meta name="generator" content="HTML Tidy, see www.w3.org">
 		<title>IRIG Audio Decoder</title>
 		<link href="scripts/style.css" type="text/css" rel="stylesheet">
 	</head>
-
 	<body>
 		<h3>IRIG Audio Decoder</h3>
 		<hr>
 		<h4>Synopsis</h4>
-		Address: 127.127.6.<i>u</i><br>
-		Reference ID: <tt>IRIG</tt><br>
-		Driver ID: <tt>IRIG_AUDIO</tt><br>
-		Audio Device: <tt>/dev/audio</tt> and <tt>/dev/audioctl</tt>
-		<p>Note: This driver supersedes an older one of the same name, address and ID which required replacing the original kernel audio driver with another which worked only on older Sun SPARC architectures and SunOS operating systems. The new driver requires no modification of the operating system and works on FreeBSD, SunOS and Solaris. While it is generic and likely portable to other systems, it is somewhat slower than the original, since the extensive signal conditioning, filtering and decoding is done in user space, not kernel space.</p>
+			Address: 127.127.6.<i>u</i><br>
+			Reference ID: <tt>IRIG</tt><br>
+			Driver ID: <tt>IRIG_AUDIO</tt><br>
+			Audio Device: <tt>/dev/audio</tt> and <tt>/dev/audioctl</tt>
 		<h4>Description</h4>
-		<p>This driver supports the Inter-Range Instrumentation Group (IRIG) standard time distribution signal using the audio codec native to some workstations. This signal is generated by several radio clocks, including those made by Arbiter, Austron, Bancomm, Odetics, Spectracom and TrueTime, among others, although it is often an add-on option. The signal is connected via an optional attenuator box and cable to either the microphone or line-in port. The driver receives, demodulates and decodes the IRIG-B and IRIG-E signal formats using internal filters designed to reduce the effects of noise and interference.</p>
+		<p>This driver synchronizes the computer time using the Inter-Range Instrumentation Group (IRIG) standard time distribution signal. This signal is generated by several radio clocks, including those made by Arbiter, Austron, Bancomm, Odetics, Spectracom, Symmetricom and TrueTime, among others, although it is often an add-on option. The signal is connected via an optional attenuator and cable to either the microphone or line-in port of a workstation or PC.</p>
+		<p>The driver requires an audio codec or sound card with sampling rate 8 kHz and <font face="symbol">m</font>-law companding to demodulate the data. This is the same standard as used by the telephone industry and is supported by most hardware and operating systems, including Solaris, FreeBSD and Linux, among others. In this implementation, only one audio driver and codec can be supported on a single machine. In order to assure reliable signal capture, the codec frequency error must be less than 250 PPM (.025 percent). If necessary, the <tt>tinker codec</tt> configuration command can be used to bracket the codec frequency to this range.</p>
+		<p>For proper operation the IRIG signal source should be configured for analog signal levels, not digital TTL levels. In most radios the IRIG signal is driven &plusmn;10 V behind 50 Ohms. In such cases the cable should be terminated at the line-in port with a 50-Ohm resistor to avoid overloading the codec. Where feasible, the IRIG signal source should be operated with signature control so that, if the signal is lost or mutilated, the source produces an unmodulated signal, rather than possibly random digits. The driver automatically rejects the data and declares itself unsynchronized in this case. Some devices, in particular Spectracom radio/satellite clocks, provide additional year and status indication; other devices may not.</p>
+		<p>In general and without calibration, the driver is accurate within 500 <font face="symbol">m</font>s relative to the IRIG time. After calibrating relative to the PPS&nbsp;signal from a GPS&nbsp;receiver, the mean offset with a 2.4-GHz P4 running FreeBSD 6.1 is less than 20 <font face="symbol">m</font>s with standard deviation 10 <font face="symbol">m</font>s. Most of this is due to residuals after filtering and averaging the raw codec samples, which have an inherent jitter of 125 <font face="symbol">m</font>s. The processor load due to the driver is 0.6 percent on the P4.</p>
+		<p>However, be acutely aware that the accuracy with Solaris 2.8 and beyond has been seriously degraded to the order of several milliseconds. The Sun kernel driver has a sawtooth modulation with amplitude over 5 ms P-P and period 5.5 s. This distortion is especially prevalent with Sun Blade 1000 and possibly other systems.</p>
+		<p>The driver performs a number of error checks to protect against overdriven or underdriven input signal levels, incorrect signal format or improper hardware configuration. The specific checks are detailed later in this page. Note that additional checks are done elsewhere in the reference clock interface routines.</p>
 		<p>This driver incorporates several features in common with other audio drivers such as described in the <a href="driver7.html">Radio CHU Audio Demodulator/Decoder</a> and the <a href="driver36.html">Radio WWV/H Audio Demodulator/Decoder</a> pages. They include automatic gain control (AGC), selectable audio codec port and signal monitoring capabilities. For a discussion of these common features, as well as a guide to hookup, debugging and monitoring, see the <a href="../audio.html">Reference Clock Audio Drivers</a> page.</p>
-		<p>The IRIG signal format uses an amplitude-modulated carrier with pulse-width modulated data bits. For IRIG-B, the carrier frequency is 1000 Hz and bit rate 100 b/s; for IRIG-E, the carrier frequenchy is 100 Hz and bit rate 10 b/s. While IRIG-B provides the best accuracy, generally within a few tens of microseconds relative to IRIG time, it can also generate a significant load on the processor with older workstations. Generally, the accuracy with IRIG-E is about ten times worse than IRIG-B, but the processor load is ten times less.</p>
-		<p>The program processes 8000-Hz <font face="symbol">m</font>-law companded samples using separate signal filters for IRIG-B and IRIG-E, a comb filter, envelope detector and automatic threshold corrector. Cycle crossings relative to the corrected slice level determine the width of each pulse and its value - zero, one or position identifier. The data encode 20 BCD digits which determine the second, minute, hour and day of the year and sometimes the year and synchronization condition. The comb filter exponentially averages the corresponding samples of successive baud intervals in order to reliably identify the reference carrier cycle. A type-II phase-lock loop (PLL) performs additional integration and interpolation to accurately determine the zero crossing of that cycle, which determines the reference timestamp. A pulse-width discriminator demodulates the data pulses, which are then encoded as the BCD digits of the timecode. The timecode and reference timestamp are updated once each second with IRIG-B (ten seconds with IRIG-E) and local clock offset samples saved for later processing. At poll intervals of 64 s, the saved samples are processed by a trimmed-mean filter and used to update the system clock.</p>
-		<p>Infinite impulse response (IIR) filters are used with both IRIG-B and IRIG-E formats. An 800-Hz highpass filter is used for IRIG-B and a 130-Hz lowpass filter for IRIG-E. These are intended for use with noisy signals, such as might be received over a telephone line or radio circuit, or when interfering signals may be present in the audio passband. The driver determines which IRIG format is in use by sampling the amplitude of each filter output and selecting the one with maximum signal. An automatic gain control feature provides protection against overdriven or underdriven input signal amplitudes. It is designed to maintain adequate demodulator signal amplitude while avoiding occasional noise spikes. In order to assure reliable capture, the decompanded input signal amplitude must be greater than 100 units and the codec sample frequency error less than 250 PPM (.025 percent).</p>
-		<p>The program performs a number of error checks to protect against overdriven or underdriven input signal levels, incorrect signal format or improper hardware configuration. The specific checks are detailed later in this page. Note that additional checks are done elsewhere in the reference clock interface routines.</p>
-		<p>Unlike other drivers, which can have multiple instantiations, this one supports only one. It does not seem likely that more than one audio codec would be useful in a single machine. More than one would probably chew up too much CPU time anyway.</p>
-		<h4>IRIG-B Timecode Format</h4>
-		<p>The 100 elements of the IRIG timecode are numbered from 0 through 99. Position identifiers occur at elements 0, 9, 19 and every ten thereafter to 99. The control function (CF) elements begin at element 50 (CF 1) and extend to element 78 (CF 27). The straight-binary-seconds (SBS) field, which encodes the seconds of the UTC day, begins at element 80 (CF 28) and extends to element 97 (CF 44). The encoding of elements 50 (CF 1) through 78 (CF 27) is device dependent. This driver presently decodes the CF elements, but does nothing with them.</p>
-		<p>Where feasible, the IRIG signal source should be operated with signature control so that, if the signal is lost or mutilated, the source produces an unmodulated signal, rather than possibly random digits. The driver will automatically reject the data and declare itself unsynchronized in this case. Some devices, in particular Spectracom radio/satellite clocks, provide additional year and status indication in the format:</p>
-		<pre>
-     Element   CF        Function
-     -------------------------------------
-     55        6         time sync status
-     60-63     10-13     BCD year units
-     65-68     15-18     BCD year tens
-</pre>
-		Other devices set these elements to zero.
-		<h4>Performance and Horror Stories</h4>
-		<p>The <font face="symbol">m</font>-law companded data format allows considerable latitude in signal levels; however, an automatic gain control (AGC) function is implemented to further compensate for varying input signal levels and to avoid signal distortion. For proper operation, the IRIG signal source should be configured for analog signal levels, NOT digital TTL levels.</p>
-		<p>The accuracy of the system clock synchronized to the IRIG-B source with this driver and the <tt>ntpd</tt> daemon is 10-20 <font face="symbol">m</font>s with a Sun UltraSPARC II running Solaris 2.6 and maybe twice that with a Sun SPARC IPC running SunOS 4.1.3. Be however acutely aware that the accuracy with Solaris 2.8 and presumably beyond has seriously degraded to the order of several milliseconds. The Sun kernel driver has a sawtooth modulation with amplitude over 5 ms peak-peak and period 5.5 s. The crafty IRIG&nbsp;driver uses a transverse filter to remove the modulation and something called a botttom-fisher to remove incidental positive spikes especially prevalent with Sun Blade 1000 and possibly other systems. The result is nominal accuracy and jitter something less than 0.5 ms, but the this is still far inferior to the performance with older systems.</p>
-		<p>The processor resources consumed by the daemon can be significant, ranging from about 1.2 percent on the faster UltraSPARC II to 38 percent on the slower SPARC IPC. However, the overall timing accuracy is limited by the resolution and stability of the CPU clock oscillator and the interval between clock corrections, which is 64 s with this driver. This performance, while probably the best that can be achieved by the daemon itself, can be improved with assist from the PPS discipline as described elsewhere in this documentation.</p>
-		<h4>Autotune</h4>
-		<p>The driver includes provisions to automatically tune the radio in response to changing radio propagation conditions throughout the day and night. The radio interface is compatible with the ICOM CI-V standard, which is a bidirectional serial bus operating at TTL levels. The bus can be connected to a serial port using a level converter such as the CT-17.</p>
-		<p>Each ICOM radio is assigned a unique 8-bit ID select code, usually expressed in hex format. To activate the CI-V interface, the <tt>mode</tt> keyword of the <tt>server</tt> configuration command specifies a nonzero select code in decimal format. A table of ID select codes for the known ICOM radios is given on the <a href="../audio.html">Reference Clock Audio Drivers</a> page. A missing <tt>mode</tt> keyword or a zero argument leaves the interface disabled.</p>
-		<p>If specified, the driver will attempt to open the device <tt>/dev/icom</tt> and, if successful will activate the autotune function and tune the radio to each operating frequency in turn while attempting to acquire minute sync from CHU. However, the driver is liberal in what it assumes of the configuration. If the <tt>/dev/icom</tt> link is not present or the open fails or the CI-V bus or radio is inoperative, the driver quietly gives up with no harm done.</p>
+		<h4>Technical Overview</h4>
+		<p>The IRIG signal format uses an amplitude-modulated carrier with pulse-width modulated data bits. For IRIG-B, the carrier frequency is 1000 Hz and bit rate 100 b/s; for IRIG-E, the carrier frequenchy is 100 Hz and bit rate 10 b/s. While IRIG-B provides the best accuracy, generally within a few tens of microseconds relative to IRIG time, it can also generate a significant processor load with older workstations. Generally, the accuracy with IRIG-E is about ten times worse than IRIG-B, but the processor load is somewhat less. Technical details about the IRIG&nbsp;formats can be found in <a href="http://handle.dtic.mil/100.2/ADA346250">IRIG Standard 200-98</a>.</p>
+		<p>The driver processes 8000-Hz <font face="symbol">m</font>-law companded samples using separate signal filters for IRIG-B and IRIG-E, a comb filter, envelope detector and automatic threshold corrector. An infinite impulse response (IIR) 1000-Hz bandpass filter is used for IRIG-B and an IIR 130-Hz lowpass filter for IRIG-E. These are intended for use with noisy signals, such as might be received over a telephone line or radio circuit, or when interfering signals may be present in the audio passband. The driver determines which IRIG format is in use by sampling the amplitude of each filter output and selecting the one with maximum signal.</p>
+		<p>Cycle crossings relative to the corrected slice level determine the width of each pulse and its value - zero, one or position identifier (PI). The data encode ten characters (20 BCD digits) which determine the second, minute, hour and day of the year and with some IRIG&nbsp;generators the year and synchronization condition. The comb filter exponentially averages the corresponding samples of successive baud intervals in order to reliably identify the reference carrier cycle.</p>
+		<p>A type-II phase-lock loop (PLL) performs additional integration and interpolation to accurately determine the zero crossing of that cycle, which determines the reference timestamp. A pulse-width discriminator demodulates the data pulses, which are then encoded as the BCD digits of the timecode. The timecode and reference timestamp are updated once each second with IRIG-B (ten seconds with IRIG-E) and local clock offset samples saved for later processing. At poll intervals of 64 s, the saved samples are processed by a median filter and used to update the system clock.</p>
 		<h4>Monitor Data</h4>
-		The timecode format used for debugging and data recording includes data helpful in diagnosing problems with the IRIG signal and codec connections. With debugging enabled (-d on the ntpd command line), the driver produces one line for each timecode in the following format:
-		<p><tt>00 1 98 23 19:26:52 721 143 0.694 47 20 0.083 66.5 3094572411.00027</tt></p>
-		<p>The first field containes the error flags in hex, where the hex bits are interpreted as below. This is followed by the IRIG status indicator, year of century, day of year and time of day. The status indicator and year are not produced by some IRIG devices. Following these fields are the carrier amplitude (0-8100), codec gain (0-255), field phase (0-79), time constant (2-20), modulation index (0-1), carrier phase error (0&plusmn;0.5) and carrier frequency error (PPM). The last field is the on-time timestamp in NTP format. The fraction part is a good indicator of how well the driver is doing. With an UltrSPARC 30, this is normally within a few tens of microseconds relative to the IRIG-B signal and within a few hundred microseconds with IRIG-E.</p>
+		The timecode format used for debugging and data recording includes data helpful in diagnosing problems with the IRIG signal and codec connections. The driver produces one line for each timecode in the following format:
+		<p><tt>00 00 98 23 19:26:52 2782 143 0.694 10 0.3 66.5 3094572411.00027</tt></p>
+		<p>If clockstats is enabled, the most recent line is written to the clockstats file every 64 s. If verbose recording is enabled (fudge flag 4) each line is written as generated.</p>
+		<p>The first field containes the error flags in hex, where the hex bits are interpreted as below. This is followed by the year of century, day of year and time of day. Note that the time of day is for the previous minute, not the current time. The status indicator and year are not produced by some IRIG devices and appear as zeros. Following these fields are the carrier amplitude (0-3000), codec gain (0-255), modulation index (0-1), time constant (4-10), carrier phase error (0&plusmn;0.5) and carrier frequency error (PPM). The last field is the on-time timestamp in NTP format.</p>
 		<p>The error flags are defined as follows in hex:</p>
 		<dl>
 			<dt><tt>x01</tt>
@@ -65,6 +48,8 @@
 			<dd>Seconds numbering discrepancy. The decoder second does not match the IRIG second. This is usually the result of an overdriven codec, wrong signal format or noisy IRIG signal.
 			<dt><tt>x40</tt>
 			<dd>Codec error (overrun). The machine is not fast enough to keep up with the codec.
+			<dt><tt>x80</tt>
+			<dd>Device status error (Spectracom).
 		</dl>
 		<h4>Fudge Factors</h4>
 		<dl>
@@ -88,5 +73,4 @@
 		<hr>
 		<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
 	</body>
-
 </html>
\ No newline at end of file
diff --git a/html/drivers/driver7.html b/html/drivers/driver7.html
index 8e050e7..6f48741 100644
--- a/html/drivers/driver7.html
+++ b/html/drivers/driver7.html
@@ -13,76 +13,54 @@
 		<h3>Radio CHU Audio Demodulator/Decoder</h3>
 		<hr>
 		<h4>Synopsis</h4>
-		Address: 127.127.7.<i>u</i><br>
-		Reference ID: <tt>CHU</tt><br>
-		Driver ID: <tt>CHU</tt><br>
-		Modem Port: <tt>/dev/chu<i>u</i></tt>; 300 baud, 8-bits, no parity<br>
-		Autotune Port: <tt>/dev/icom</tt>; 1200/9600 baud, 8-bits, no parity<br>
-		Audio Device: <tt>/dev/chu_audio</tt> and <tt>/dev/audioctl</tt>
+			Address: 127.127.7.<i>u</i><br>
+			Reference ID: <tt>CHU</tt><br>
+			Driver ID: <tt>CHU</tt><br>
+			Modem Port: <tt>/dev/chu<i>u</i></tt>; 300 baud, 8-bits, no parity<br>
+			Autotune Port: <tt>/dev/icom</tt>; 1200/9600 baud, 8-bits, no parity<br>
+			Audio Device: <tt>/dev/audio</tt> and <tt>/dev/audioctl</tt>
 		<h4>Description</h4>
-		<p>This driver synchronizes the computer time using data encoded in radio transmissions from Canadian time/frequency station CHU in Ottawa, Ontario. It replaces an earlier one, built by Dennis Ferguson in 1988, which required a special line discipline to preprocessed the signal. The new driver includes more powerful algorithms implemented directly in the driver and requires no preprocessing.</p>
-		<p>CHU transmissions are made continuously on 3330 kHz, 7335 kHz and 14670 kHz in upper sideband, compatible AM mode. An ordinary shortwave receiver can be tuned manually to one of these frequencies or, in the case of ICOM receivers, the receiver can be tuned automatically as propagation conditions change throughout the day and night. The performance of this driver when tracking the station is ordinarily better than 1 ms in time with frequency drift less than 0.5 PPM when not tracking the station.</p>
-		<p>While there are currently no known commercial CHU receivers, a simple but effective receiver/demodulator can be constructed from an ordinary shortwave receiver and Bell 103 compatible, 300-b/s modem or modem chip, as described on the <a href="../pps.html">Pulse-per-second (PPS) Signal Interfacing</a> page. The driver can use the modem to receive the radio signal and demodulate the data or, if available, the driver can use the audio codec of the Sun workstation or another with compatible audio interface. In the latter case, the driver implements the modem using DSP routines, so the radio can be connected directly to either the microphone or line input port.</p>
+		<p>This driver synchronizes the computer time using shortwave radio transmissions
+			from Canadian time/frequency station <a href="http://inms-ienm.nrc-cnrc.gc.ca/time_services/shortwave_broadcasts_e.html">CHU</a> in
+			Ottawa, Ontario. CHU transmissions are made continuously on 3.330,
+			7.850 and 14.670 MHz in upper sideband, compatible AM mode. An ordinary
+			shortwave receiver can be tuned manually to one of these frequencies or, in
+			the case of ICOM receivers, the receiver can be tuned automatically as propagation
+			conditions change throughout the day and season.</p>
+		<p>The driver can be compiled to use either an audio codec or soundcard, or a Bell 103-compatible, 300-b/s modem or modem chip, as described on the <a href="../pps.html">Pulse-per-second (PPS) Signal Interfacing</a> page. If compiled for a modem, the driver uses it to receive the radio signal and demodulate the data. If compiled for the audio codec, it requires a sampling rate of 8 kHz and <font face="symbol">m</font>-law companding to demodulate the data. This is the same standard as used by the telephone industry and is supported by most hardware and operating systems, including Solaris, FreeBSD and Linux, among others. The radio is connected via an optional attenuator and cable to either the microphone or line-in port of a workstation or PC. In this implementation, only one audio driver and codec can be supported on a single machine.</p>
+		<p>In general and without calibration, the driver is accurate within 1 ms relative to the broadcast time when tracking a station. However, variations up to 0.3 ms can be expected due to diurnal variations in ionospheric layer height and ray geometry. In Newark DE, 625 km from the transmitter, the predicted one-hop propagation delay varies from 2.8 ms in sunlight to 2.6 ms in moonlight. When not tracking the station the accuracy depends on the computer clock oscillator stability, ordinarily better than 0.5 PPM.</p>
+		<p>After calibration relative to the PPS&nbsp;signal from a GPS&nbsp;receiver, the mean offset with a 2.4-GHz P4 running FreeBSD 6.1 is generally within 0.2 ms short-term with 0.4 ms jitter. The long-term mean offset varies up to 0.3 ms due to propagation path geometry variations. The processor load due to the driver is 0.4 percent on the P4.</p>
+		<p>The driver performs a number of error checks to protect against overdriven or underdriven input signal levels, incorrect signal format or improper hardware configuration. The specific checks are detailed later in this page. Note that additional checks are done elsewhere in the reference clock interface routines.</p>
 		<p>This driver incorporates several features in common with other audio drivers such as described in the <a href="driver36.html">Radio WWV/H Audio Demodulator/Decoder</a> and the <a href="driver6.html">IRIG Audio Decoder</a> pages. They include automatic gain control (AGC), selectable audio codec port and signal monitoring capabilities. For a discussion of these common features, as well as a guide to hookup, debugging and monitoring, see the <a href="../audio.html">Reference Clock Audio Drivers</a> page.</p>
-		<p>Ordinarily, the driver poll interval is set to 14 (about 4.5 h), although this can be changed with configuration commands. As long as the clock is set or verified at least once during this interval, the NTP algorithms will consider the source reachable and selectable to discipline the system clock. However, if this does not happen for eight poll intervals, the algorithms will consider the source unreachable and some other source will be chosen (if available) to discipline the system clock.</p>
-		<p>The decoding algorithms process the data using maximum-likelihood techniques which exploit the considerable degree of redundancy available in each broadcast message or burst. As described below, every character is sent twice and, in the case of format A bursts, the burst is sent eight times every minute. In the case of format B bursts, which are sent once each minute, the burst is considered correct only if every character matches its repetition in the burst. In the case of format A messages, a majority decoder requires at least six repetitions for each digit in the timecode and more than half of the repetitions decode to the same digit. Every character in every burst provides an independent timestamp upon arrival with a potential total of over 60 timestamps for each minute.</p>
-		<p>A timecode in the format described below is assembled when all bursts have been received in the minute. The timecode is considered valid and the clock set when at least one valid format B burst has been decoded and the above requirements are met. The <tt>yyyy</tt> year field in the timecode indicates whether a valid format B burst has been received. Upon startup, this field is initialized at zero; when a valid format B burst is received, it is set to the current Gregorian year. The <tt>q</tt> quality character field in the timecode indicates whether a valid timecode has been determined. If any of the high order three bits of this character are set, the timecode is invalid.</p>
-		<p>Once the clock has been set for the first time, it will appear reachable and selectable to discipline the system clock, even if the broadcast signal is lost. Since the signals are almost always available during some period of the day and the NTP clock discipline algorithms are designed to work well even in this case, it is unlikely that the system clock could drift more than a few tens of milliseconds during periods of signal loss. To protect against this most unlikely situation, if after four days with no signals, the clock is considered unset and resumes the synchronization procedure from the beginning.</p>
-		<p>The last three fields in the timecode are useful in assessing the quality of the radio channel during the most recent minute bursts were received. The <tt>bcnt</tt> field shows the number of format A bursts in the range 1-8. The <tt>dist</tt> field shows the majority decoder distance, or the minimum number of sample repetitions for each digit of the timecode in the range 0-16. The <tt>tsmp</tt> field shows the number of timestamps determined in the range 0-60. For a valid timecode, <tt>bcnt</tt> must be at least 3, <tt>dist</tt> must be greater than <tt>bcnt</tt> and <tt>tsmp</tt> must be at least 20.</p>
-		<h4>Program Operation</h4>
-		<p>The program consists of four major parts: the DSP modem, maximum likelihood UART, burst assembler and majority decoder. The DSP modem demodulates Bell 103 modem answer-frequency signals; that is, frequency-shift keyed (FSK) tones of 2225 Hz (mark) and 2025 Hz (space). This is done using a 4th-order IIR filter and limiter/discriminator with 500-Hz bandpass centered on 2125 Hz and followed by a FIR raised-cosine lowpass filter optimized for the 300-b/s data rate. Alternately, the driver can be compiled to delete the modem and input 300 b/s data directly from an external modem via a serial port.</p>
-		<p>The maximum likelihood UART is implemented using a set of eight 11-stage shift registers, one for each of eight phases of the 300-b/s bit clock. At each phase a new baseband signal value from the DSP modem is shifted into the corresponding register and the maximum and minimum over all 11 samples computed. This establishes a slice level midway between the maximum and minimum over all stages. For each stage, a signal level above this level is a mark (1) and below is a space (0). A quality metric is calculated for each register with respect to the slice level and the a-priori signal consisting of a mark bit (previous stop bit), space (start) bit, eight arbitrary information bits and the first of the two mark (stop) bits.</p>
-		<p>The shift registers are processed in round-robin order as each modem value arrives until one of them shows a valid framing pattern consisting of a mark bit, space bit, eight arbitrary data bits and a mark bit. When found, the data bits from the register with the best metric is chosen as the maximum likelihood character and the UART begins to process the next character.</p>
-		<p>The burst assembler processes characters either from the maximum likelihood UART or directly from the serial port as configured. A burst begins when a character is received and is processed after a timeout interval when no characters are received. If the interval between characters is greater than two characters, but less than the timeout interval, the burst is rejected as a runt and a new burst begun. As each character is received, a timestamp is captured and saved for later processing.</p>
-		<p>A valid burst consists of ten characters in two replicated five-character blocks. A format B block contains the year and other information in ten hexadecimal digits. A format A block contains the timecode in ten decimal digits, the first of which is a framing code (6). The burst assembler must deal with cases where the first character of a format A burst is lost or is noise. This is done using the framing code to correct the phase, either one character early or one character late.</p>
-		<p>The burst distance is incremented by one for each bit in the first block that matches the corresponding bit in the second block and decremented by one otherwise. In a format B burst the second block is bit-inverted relative to the first, so a perfect burst of five 8-bit characters has distance -40. In a format A block the two blocks are identical, so a perfect burst has distance +40. Format B bursts must be perfect to be acceptable; however, format A bursts, which are further processed by the majority decoder, are acceptable if the distance is at least 28.</p>
-		<p>Each minute of transmission includes eight format A bursts containing two timecodes for each second from 31 through 39. The majority decoder uses a decoding matrix of ten rows, one for each digit position in the timecode, and 16 columns, one for each 4-bit code combination that might be decoded at that position. In order to use the character timestamps, it is necessary to reliably determine the second number of each burst. In a valid burst, the last digit of the two timecodes in the block must match and the value must be in the range 2-9 and greater than in the previous burst.</p>
-		<p>As each hex digit of a valid burst is processed, the value at the row corresponding to the digit position in the timecode and column corresponding to the code found at that position is incremented. At the end of each minute of transmission, each row of the decoding matrix encodes the number of occurrences of each code found at the corresponding position of the timecode. However, the first digit (framing code) is always 6, the ninth (second tens) is always 3 and the last (second units) changes for each burst, so are not used.</p>
-		<p>The maximum over all occurrences at each timecode digit position is the distance for that position and the corresponding code is the maximum likelihood candidate. If the distance is zero, the decoder assumes a miss; if the distance is not more than half the total number of occurrences, the decoder assumes a soft error; if two different codes with the same distance are found, the decoder assumes a hard error. In all these cases the decoder encodes a non-decimal character which will later cause a format error when the timecode is reformatted. The decoding distance is defined as the minimum distance over the first nine digits; the tenth digit varies over the seconds and is uncounted.</p>
-		<p>The result of the majority decoder is a nine-digit timecode representing the maximum likelihood candidate for the transmitted timecode in that minute. Note that the second and fraction within the minute are always zero and that the actual reference point to calculate timestamp offsets is backdated to the first second of the minute. At this point the timecode block is reformatted and the year, days, hours and minutes extracted along with other information from the format B burst, including DST state, DUT1 correction and leap warning. The reformatting operation checks the timecode for invalid code combinations that might have been left by the majority decoder and rejects the entire timecode if found.</p>
-		<p>If the timecode is valid, it is passed to the reference clock interface along with the backdated timestamp offsets accumulated over the minute. A perfect set of nine bursts could generate as many as 90 timestamps, but the maximum the interface can handle is 60. These are processed by the interface using a median filter and trimmed-mean average, so the resulting system clock correction is usually much better than would otherwise be the case with radio noise, UART jitter and occasional burst errors.</p>
+		<h4>Technical Overview</h4>
+		<p>The driver processes 8-kHz <font face="symbol">m</font>-law companded codec samples using maximum-likelihood techniques which exploit the considerable degree of redundancy available in each broadcast message or burst. As described below, every character is sent twice and, in the case of format A bursts, the burst is sent eight times every minute. The single format B burst is considered correct only if every character matches its repetition in the burst. For the eight format A bursts, a majority decoder requires more than half of the 16 repetitions for each digit decode to the same value. Every character in every burst provides an independent timestamp upon arrival with a potential total of 60 timestamps for each minute.</p>
+		<p>The CHU timecode format is described on the <a href="http://inms-ienm.nrc-cnrc.gc.ca/time_services/chu_e.html">CHU website</a>. A timecode is assembled when all bursts have been received in each minute. The timecode is considered valid and the clock set when at least one valid format B burst has been decoded and the majority decoder declares success. Once the driver has synchronized for the first time, it will appear reachable and selectable to discipline the system clock. It is normal on occasion to miss a minute or two due to signal fades or noise. If eight successive minutes are missed, the driver is considered unreachable and the system clock will free-wheel at the latest determined frequency offset. Since the signals are almost always available during some period of the day and the NTP clock discipline algorithms are designed to work well even with long intervals between updates, it is unlikely that the system clock will drift more than a few milliseconds during periods of signal loss.</p>
+		<h4>Baseband Signal Processing</h4>
+		<p>The program consists of four major parts: the DSP modem, maximum-likelihood UART, burst assembler and majority decoder. The DSP modem demodulates Bell 103 modem answer-frequency signals; that is, frequency-shift keyed (FSK) tones of 2225 Hz (mark) and 2025 Hz (space). It consists of a 500-Hz bandpass filter centered on 2125 Hz followed by a limiter/discriminator and raised-cosine lowpass filter optimized for the 300-b/s data rate. </p>
+		<p>The maximum likelihood UART is implemented using a set of eight 11-stage shift registers, one for each of eight phases of the 300-b/s bit clock. At each phase a new baseband signal from the DSP modem is shifted into the corresponding register and the maximum and minimum over all 11 samples computed. This establishes a span (difference) and slice level (average) over all 11 stages. For each stage, a signal level above the slice is a mark (1) and below that is a space (0). A quality metric is calculated for each register with respect to the slice level and the a-priori signal consisting of a start bit (space), eight arbitrary information bits and two stop bits (mark).</p>
+		<p>The shift registers are processed in round-robin order as the phases of each bit arrive. At the end of each bit all eight phases are searched for valid framing bits, sufficient span and best metric. The best candidate found in this way represents the maximum-likelihood character. The process then continues for all ten characters in the burst.</p>
+		<p>The burst assembler processes characters either from the maximum-likelihood UART or directly from the serial port as configured. A burst begins when a character is received and is processed after a timeout interval when no characters are received. If the interval between characters is greater than two characters, but less than the timeout interval, the burst is rejected as a runt and a new burst begun. As each character is received, a timestamp is captured and saved for later processing.</p>
+		<p>A valid burst consists of ten characters in two replicated five-character blocks, each block representing ten 4-bit BCD digits. The format B blocks sent in second 31 contain the year and other information in ten digits. The eight format A blocks sent in seconds 32-39 contain the timecode in ten digits, the first of which is a framing code (6). The burst assembler must deal with cases where the first character of a format A burst is lost or is noise. This is done using the framing codes to correct the discrepancy, either one character early or one character late.</p>
+		<p>The burst distance is incremented by one for each bit in the first block that matches the corresponding bit in the second block and decremented by one otherwise. In a format B burst the second block is bit-inverted relative to the first, so a perfect burst of five 8-bit characters has distance -40. In a format A burst the two blocks are identical, so a perfect burst has distance +40. Format B bursts must be perfect to be acceptable; however, format A bursts, which are further processed by the majority decoder, are acceptable if the distance is at least 28.</p>
+		<h4>Majority Decoder</h4>
+		<p>Each minute of transmission includes eight format A bursts containing two timecodes for each second from 32 through 39. The majority decoder uses a decoding matrix of ten rows, one for each digit position in the timecode, and 16 columns, one for each 4-bit code combination that might be decoded at that position. In order to use the character timestamps, it is necessary to reliably determine the second number of each burst. In a valid burst, the last digit of the two timecodes in the burst must match and the value must be in the range 2-9 and greater than in the previous burst.</p>
+		<p>As each digit of a valid burst is processed, the value at the row corresponding to the digit position in the timecode and column corresponding to the code found at that position is incremented. At the end of the minute, each row of the decoding matrix encodes the number of occurrences of each code found at the corresponding position.</p>
+		<p>The maximum over all occurrences at each digit position is the distance for that position and the corresponding code is the maximum-likelihood digit. If the distance is not more than half the total number of occurrences, the decoder assumes a soft error and discards all information collected during the minute. The decoding distance is defined as the sum of the distances over the first nine digits; the tenth digit varies over the seconds and is uncounted.</p>
+		<p>The result of the majority decoder is a nine-digit timecode representing the maximum-likelihood candidate for the transmitted timecode in that minute. Note that the second and fraction within the minute are always zero and that the actual reference point to calculate timestamp offsets is backdated to the first second of the minute. At this point the timecode block is reformatted and the year, days, hours and minutes extracted along with other information from the format B burst, including DST state, DUT1 correction and leap warning. The reformatting operation checks the timecode for invalid code combinations that might have been left by the majority decoder and rejects the entire timecode if found.</p>
+		<p>If the timecode is valid, it is passed to the reference clock interface along with the backdated timestamps accumulated over the minute. A perfect set of eight bursts could generate as many as 80 timestamps, but the maximum the interface can handle is 60. These are processed using a median filter and trimmed-mean average, so the resulting system clock correction is usually much better than would otherwise be the case with radio noise, UART jitter and occasional burst errors.</p>
 		<h4>Autotune</h4>
-		<p>The driver includes provisions to automatically tune the radio in response to changing radio propagation conditions throughout the day and night. The radio interface is compatible with the ICOM CI-V standard, which is a bidirectional serial bus operating at TTL levels. The bus can be connected to a standard serial port using a level converter such as the CT-17.</p>
-		<p>Each ICOM radio is assigned a unique 8-bit ID select code, usually expressed in hex format. To activate the CI-V interface, the <tt>mode</tt> keyword of the <tt>server</tt> configuration command specifies a nonzero select code in decimal format. A table of ID select codes for the known ICOM radios is given below. Since all ICOM select codes are less than 128, the high order bit of the code is used by the driver to specify the baud rate. If this bit is not set, the rate is 9600 bps for the newer radios; if set, the rate is 1200 bps for the older radios. A missing <tt>mode</tt> keyword or a zero argument leaves the interface disabled.</p>
-		<p>If specified, the driver will attempt to open the device <tt>/dev/icom</tt> and, if successful will tune the radio to 3.330 MHz. If after five minutes at this frequency not more than two format A bursts have been received for any minute, the driver will tune to 7.335 MHz, then to 14.670 MHz, then return to 3.330 MHz and continue in this cycle. However, the driver is liberal in what it assumes of the configuration. If the <tt>/dev/icom</tt> link is not present or the open fails or the CI-V bus or radio is inoperative, the driver quietly gives up with no harm done.</p>
-		<h4>Radio Broadcast Format</h4>
-		<p>The CHU time broadcast includes an audio signal compatible with the Bell 103 modem standard (mark = 2225 Hz, space = 2025 Hz). It consist of nine, ten-character bursts transmitted at 300 b/s and beginning each second from second 31 to second 39 of the minute. Each character consists of eight data bits plus one start bit and two stop bits to encode two hex digits. The burst data consist of five characters (ten hex digits) followed by a repeat of these characters. In format A, the characters are repeated in the same polarity; in format B, the characters are repeated in the opposite polarity.</p>
-		<p>Format A bursts are sent at seconds 32 through 39 of the minute in hex digits</p>
-		<p><tt>6dddhhmmss6dddhhmmss</tt></p>
-		<p>The first ten digits encode a frame marker (<tt>6</tt>) followed by the day (<tt>ddd</tt>), hour (<tt>hh</tt>), minute (<tt>mm</tt>) and second (<tt>ss</tt>). Since format A bursts are sent during the third decade of seconds the tens digit of <tt>ss</tt> is always 3. The driver uses this to determine correct burst synchronization. These digits are then repeated with the same polarity.</p>
-		<p>Format B bursts are sent at second 31 of the minute in hex digits</p>
-		<p><tt>xdyyyyttaaxdyyyyttaa</tt></p>
-		<p>The first ten digits encode a code (<tt>x</tt> described below) followed by the DUT1 (<tt>d</tt> in deciseconds), Gregorian year (<tt>yyyy</tt>), difference TAI - UTC (<tt>tt</tt>) and daylight time indicator (<tt>aa</tt>) peculiar to Canada. These digits are then repeated with inverted polarity.</p>
-		<p>The <tt>x</tt> is coded</p>
-		<dl>
-			<dt><tt>1</tt>
-			<dd>Sign of DUT (0 = +)/dd&gt;
-			<dt><tt>2</tt>
-			<dd>Leap second warning. One second will be added.
-			<dt><tt>4</tt>
-			<dd>Leap second warning. One second will be subtracted. This is not likely to happen in our universe.
-			<dt><tt>8</tt>
-			<dd>Even parity bit for this nibble.
-		</dl>
-		<p>By design, the last stop bit of the last character in the burst coincides with 0.5 second. Since characters have 11 bits and are transmitted at 300 b/s, the last stop bit of the first character coincides with 0.5 - 10 * 11/300 = 0.133 second. Depending on the UART, character interrupts can vary somewhere between the beginning of bit 9 and end of bit 11. These eccentricities can be corrected along with the radio propagation delay using the <tt>fudge time1</tt> variable.</p>
+		<p>The driver includes provisions to automatically tune the radio in response to changing radio propagation conditions throughout the day and night. The radio interface is compatible with the ICOM CI-V standard, which is a bidirectional serial bus operating at TTL levels. The bus can be connected to a standard serial port using a level converter such as the CT-17. Further details are on the <a href="../audio.html">Reference Clock Audio Drivers</a> page.</p>
+		<p>If specified, the driver will attempt to open the device <tt>/dev/icom</tt> and, if successful will tune the radio to 3.331 MHz. The 1-kHz offset is useful with a narrowband SSB&nbsp;filter where the passband includes the carrier and modem signals. However, the driver is liberal in what it assumes of the configuration. If the <tt>/dev/icom</tt> link is not present or the open fails or the CI-V bus is inoperative, the driver continues in single-frequency mode.</p>
+		<p>As long as no bursts are received, the driver cycles over the three frequencies in turn, one minute for each station. When bursts are received from one or more stations, the driver operates in a five-minute cycle. During the first four minutes it tunes to the station with the highest metric. During the last minute it alternates between the other two stations in turn in order to measure the metric.</p>
 		<h4>Debugging Aids</h4>
-		<p>The most convenient way to track the program status is using the <tt>ntpq</tt> program and the <tt>clockvar</tt> command. This displays the last determined timecode and related status and error counters, even when the program is not discipline the system clock. If the debugging trace feature (<tt>-d</tt> on the <tt>ntpd</tt> command line)is enabled, the program produces detailed status messages as it operates. If the <tt>fudge flag 4</tt> is set, these messages are written to the <tt>clockstats</tt> file. All messages produced by this driver have the prefix <tt>chu</tt> for convenient filtering with the Unix <tt>grep</tt> command.</p>
-		<p>With debugging enabled the driver produces messages in the following formats:</p>
-		<p>A format <tt>chuA</tt> message is produced for each format A burst received in seconds 32 through 39 of the minute:</p>
-		<p><tt>chuA n b s code</tt></p>
-		<p>where <tt>n</tt> is the number of characters in the burst (0-11), <tt>b</tt> the burst distance (0-40), <tt>s</tt> the synchronization distance (0-40) and <tt>code</tt> the burst characters as received. Note that the hex digits in each character are reversed and the last ten digits inverted, so the burst</p>
-		<p><tt>11 40 1091891300ef6e76ecff</tt></p>
-		<p>is interpreted as containing 11 characters with burst distance 40. The nibble-swapped timecode shows DUT1 +0.1 second, year 1998 and TAI -UTC 31 seconds.</p>
-		<p>A format <tt>chuB</tt> message is produced for each format B burst received in second 31 of the minute:</p>
-		<p><tt>chuB n b f s m code</tt></p>
-		<p>where <tt>n</tt> is the number of characters in the burst (0-11), <tt>b</tt> the burst distance (0-40), <tt>f</tt> the field alignment (-1, 0, 1), <tt>s</tt>the synchronization distance (0-16), <tt>m</tt>the burst number (2-9) and <tt>code</tt> the burst characters as received. Note that the hex digits in each character are reversed, so the burst</p>
-		<p><tt>10 38 0 16 9 06851292930685129293</tt></p>
-		<p>is interpreted as containing 11 characters with burst distance 38, field alignment 0, synchronization distance 16 and burst number 9. The nibble-swapped timecode shows day 58, hour 21, minute 29 and second 39.</p>
+		<p>The most convenient way to track the program status is using the <tt>ntpq</tt> program and the <tt>clockvar</tt> command. This displays the last determined timecode and related status and error counters, even when the program is not discipline the system clock. If the debugging trace feature (<tt>-d</tt> on the <tt>ntpd</tt> command line) is enabled, the program produces detailed status messages as it operates. If the <tt>fudge flag 4</tt> is set, these messages are written to the <tt>clockstats</tt> file. All messages produced by this driver have the prefix <tt>chu</tt> for convenient filtering with the Unix <tt>grep</tt> command.</p>
+		<p>With debugging enabled the driver produces messages in the following formats: A single message beginning with <tt>chuB</tt> is produced for each format B burst received in second 31, while eight messages beginning with <tt>chuA</tt> are produced for each format A burst received in seconds 32 through 39 of the minute. The first four fields are</p>
+		<p><tt>stat sig n b</tt></p>
+		<p>where <tt>stat</tt> is the status code, <tt>sig</tt> the character span, <tt>n</tt> the number of characters in the burst (9-11) and <tt>b</tt> the burst distance (0-40). Good bursts will have spans of a 800 or more and the other numbers near the top of the range specified. See the source for the interpretation of the remaining data in the burst. Note that each character of the burst is encoded as two digits in nibble-swapped order.</p>
 		<p>If the CI-V interface for ICOM radios is active, a debug level greater than 1 will produce a trace of the CI-V command and response messages. Interpretation of these messages requires knowledge of the CI-V protocol, which is beyond the scope of this document.</p>
 		<h4>Monitor Data</h4>
-		When enabled by the <tt>filegen</tt> facility, every received timecode is written to the <tt>clockstats</tt> file in the following format:
-		<pre>
-        sq yy ddd hh:mm:ss.fff ld dut lset agc rfrq bcnt dist tsmp
+			When enabled by the <tt>filegen</tt> facility, every received timecode is written to the <tt>clockstats</tt> file in the following format:<pre>
+        sq yyyy ddd hh:mm:ss lw dst du lset agc rfrq bcnt dist tsmp
 
         s       sync indicator
         q       quality character
@@ -91,141 +69,78 @@
         hh      hour of day
         mm      minute of hour
         ss      second of minute
-        fff     millisecond of second
-        l       leap second warning
-        d       DST state
+        lw      leap second warning
+        dst     DST state
         dut     DUT sign and magnitude in deciseconds
         lset    minutes since last set
         agc     audio gain (0-255)
-        rfrq    radio frequency
-        bcnt    burst count
-        dist    decoding distance
+        ident   CHU&nbsp;identifier code
+        dist    decoder distance
         tsmp    timestamps captured
 </pre>
-		The fields beginning with <tt>year</tt> and extending through <tt>dut</tt> are decoded from the received data and are in fixed-length format. The <tt>agc</tt> and <tt>lset</tt> fields, as well as the following driver-dependent fields, are in variable-length format.
+			The fields beginning with <tt>year</tt> and extending through <tt>dut</tt> are decoded from the received data and are in fixed-length format. The <tt>agc</tt> and <tt>lset</tt> fields, as well as the following driver-dependent fields, are in variable-length format.
 		<dl>
 			<dt><tt>s</tt>
-			<dd>The sync indicator is initially <tt>?</tt> before the clock is set, but turns to space when the clock is correctly set.
+			<dd>The sync indicator is initially <tt>?</tt> before the clock is set, but turns to space when the clock has been correctly set.
 			<dt><tt>q</tt>
 			<dd>The quality character is a four-bit hexadecimal code showing which alarms have been raised during the most recent minute. Each bit is associated with a specific alarm condition according to the following:
 				<dl>
 					<dt><tt>8</tt>
-					<dd>Decoder alarm. A majority of repetitions for at least one digit of the timecode fails to agree.
-					<dt><tt>4</tt>
 					<dd>Timestamp alarm. Fewer than 20 timestamps have been determined.
+					<dt><tt>4</tt>
+					<dd>Decoder alarm. A majority of repetitions for at least one digit of the timecode fails to agree.
 					<dt><tt>2</tt>
-					<dd>Format alarm. The majority timecode contains invalid bit combinations.
-					<dt><tt>1</tt>
-					<dd>Frame alarm. A framing or format error occurred on at least one burst during the minute.
-				</dl>
-				<p>It is important to note that one or more of the above alarms does not necessarily indicate a clock error, but only that the decoder has detected a condition that may in future result in an error.</p>
-			<dt><tt>yyyy ddd hh:mm:ss.fff</tt>
+					<dd>Format alarm. One or more bursts contained invalid data or was improperly formatted.<dt><tt>1</tt>
+					<dd>Frame alarm. One or more bursts was improperly framed or  contained too many repetition errors.</dl>
+				<p>The timestamp and decoder alarms are fatal; the data accumulated during the minute are not used to set the clock. The format and fram alarm are nonfatal; only the data in the burst are discarded.</p>
+			
+				
+			
+			<dt><tt>yyyy ddd hh:mm:ss</tt>
 			<dd>The timecode format itself is self explanatory. Note that the Gregorian year is decoded directly from the transmitted timecode.
-			<dt><tt>l</tt>
-			<dd>The leap second warning is normally space, but changes to <tt>L</tt> if a leap second is to occur at the end of the month of June or December.
-			<dt><tt>d</tt>
-			<dd>The DST code for Canada encodes the state for all provinces.
+			
+			<dt><tt>lw</tt>
+			<dd>The leap second warning is normally space, but changes to <tt>L</tt> if a leap second is to occur at the end of the month.<dt><tt>dst</tt>
+			<dd>The DST code for Canada encodes the state for all provinces. It is encoded as two hex characters.
 			<dt><tt>dut</tt>
-			<dd>The DUT sign and magnitude shows the current UT1 offset relative to the displayed UTC time, in deciseconds.
+			<dd>The DUT sign and magnitude shows the current UT1 offset relative to the displayed UTC time, in deciseconds. It is encoded as one digit preceeded by sign.
 			<dt><tt>lset</tt>
-			<dd>Before the clock is set, the interval since last set is the number of minutes since the program was started; after the clock is set, this is number of minutes since the time was last verified relative to the broadcast signal.
-			<dt><tt>agc</tt>
-			<dd>The audio gain shows the current codec gain setting in the range 0 to 255. Ordinarily, the receiver audio gain control or IRIG level control should be set for a value midway in this range.
-			<dt><tt>rfrq</tt>
-			<dd>The current radio frequency, if the CI-V interface is active, or 'X' if not.
-			<dt><tt>bcnt</tt>
-			<dd>The number of format A bursts received during the most recent minute bursts were received.
-			<dt><tt>dist</tt>
-			<dd>The minimum decoding distance determined during the most recent minute bursts were received.
-			<dt><tt>tsmp</tt>
-			<dd>The number of timestamps determined during the most recent minute bursts were received.
+			<dd>Before the clock is set, this is the number of minutes since the program was started; after the clock is set, this is the number of minutes since the time was last verified relative to the broadcast signal.<dt><tt>agc</tt>
+			<dd>The audio gain shows the current codec gain setting in the range 0 to 255. Ordinarily, the receiver audio gain control should be set for a value midway in this range.
+			<dt><tt>ident</tt>
+			<dd>The CHU&nbsp;identifier <tt>CHU </tt>followed by the current radio frequency
+				code, if the CI-V interface is active, or <tt>CHU</tt> if not. The radio
+				frequncy is encoded as 0 for 3.330 MHz, 1 for 7.850 MHz and 2
+				for 14.670 MHz.<dt><tt>dist</tt>
+			<dd>The decoding distance determined during the most recent minute bursts were received. The values range from 0 to 160, with the higher values indicating better signals. The decoding algorithms require the distance at least 50; otherwise all data in the minute are discarded.<dt><tt>tsmp</tt>
+			<dd>The number of timestamps determined during the most recent minute bursts were received. The values range from 0 to 60, with the higher values indicating better signals. The decoding algoriths require at least 20 timestamps in the minute; otherwise all data in the minute are discarded.
 		</dl>
-		<h4>Modes</h4>
-		<p>The <tt>mode</tt> keyword of the <tt>server</tt> configuration command specifies the ICOM ID select code. A missing or zero argument disables the CI-V interface. Following are the ID select codes for the known radios.</p>
-		<table width="100%" cols="6">
-			<tr>
-				<td>Radio</td>
-				<td>Hex</td>
-				<td>Decimal</td>
-				<td>Radio</td>
-				<td>Hex</td>
-				<td>Decimal</td>
-			</tr>
-			<tr>
-				<td>IC725</td>
-				<td>0x28</td>
-				<td>40</td>
-				<td>IC781</td>
-				<td>0x26</td>
-				<td>38</td>
-			</tr>
-			<tr>
-				<td>IC726</td>
-				<td>0x30</td>
-				<td>48</td>
-				<td>R7000</td>
-				<td>0x08</td>
-				<td>8</td>
-			</tr>
-			<tr>
-				<td>IC735</td>
-				<td>0x04</td>
-				<td>4</td>
-				<td>R71</td>
-				<td>0x1A</td>
-				<td>26</td>
-			</tr>
-			<tr>
-				<td>IC751</td>
-				<td>0x1c</td>
-				<td>28</td>
-				<td>R7100</td>
-				<td>0x34</td>
-				<td>52</td>
-			</tr>
-			<tr>
-				<td>IC761</td>
-				<td>0x1e</td>
-				<td>30</td>
-				<td>R72</td>
-				<td>0x32</td>
-				<td>50</td>
-			</tr>
-			<tr>
-				<td>IC765</td>
-				<td>0x2c</td>
-				<td>44</td>
-				<td>R8500</td>
-				<td>0x4a</td>
-				<td>74</td>
-			</tr>
-			<tr>
-				<td>IC775</td>
-				<td>0x46</td>
-				<td>68</td>
-				<td>R9000</td>
-				<td>0x2a</td>
-				<td>42</td>
-			</tr>
-		</table>
 		<h4>Fudge Factors</h4>
 		<dl>
 			<dt><tt>time1 <i>time</i></tt>
 			<dd>Specifies the propagation delay for CHU (45:18N 75:45N), in seconds and fraction, with default 0.0.
+			
 			<dt><tt>time2 <i>time</i></tt>
 			<dd>Not used by this driver.
+			
 			<dt><tt>stratum <i>number</i></tt>
 			<dd>Specifies the driver stratum, in decimal from 0 to 15, with default 0.
+			
 			<dt><tt>refid <i>string</i></tt>
 			<dd>Specifies the driver reference identifier, an ASCII string from one to four characters, with default <tt>CHU</tt>.
+			
 			<dt><tt>flag1 0 | 1</tt>
 			<dd>Not used by this driver.
+			
 			<dt><tt>flag2 0 | 1</tt>
 			<dd>When the audio driver is compiled, this flag selects the audio input port, where 0 is the mike port (default) and 1 is the line-in port. It does not seem useful to select the compact disc player port.
+			
 			<dt><tt>flag3 0 | 1</tt>
 			<dd>When the audio driver is compiled, this flag enables audio monitoring of the input signal. For this purpose, the speaker volume must be set before the driver is started.
+			
 			<dt><tt>flag4 0 | 1</tt>
 			<dd>Enable verbose <tt>clockstats</tt> recording if set.
+		
 		</dl>
 		<hr>
 		<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
diff --git a/html/drivers/driver8.html b/html/drivers/driver8.html
index fc12f33..8e81e5f 100644
--- a/html/drivers/driver8.html
+++ b/html/drivers/driver8.html
@@ -158,7 +158,28 @@
 				<p><b><tt>Gude Analog- und Digitalsystem GmbH 'Expert mouseCLOCK USB v2.0'</tt></b><br>
 				<br></p>
 
+			<li><b><tt>server 127.127.8.0-3 mode 20</tt></b>
+				<p><b><tt>RAWDCF receiver similar to mode 14, but operating @ 75 baud (DTR=high/RTS=low)</tt></b><br>
+				</p>
+				<p>Driving the DCF clocks at 75 baud may help to get them to work with a bunch of common USB serial converters, that do 75 but cannot do 50 baud at all, e.g. those based on Prolific PL2303.
+				<br></p>
+
+			<li><b><tt>server 127.127.8.0-3 mode 21</tt></b>
+				<p><b><tt>RAWDCF receiver similar to mode 16, but operating @ 75 baud (DTR=low/RTS=high) </tt></b><br>
+				</p>
+				<p>See comment from mode 20 clock.
+				<br></p>
+
+			<li><b><tt>server 127.127.8.0-3 mode 22</tt></b>
+				<p><b><tt>MEINBERG, mode 2 but with POWERUP trust </tt></b><br>
+				</p>
+
+			<li><b><tt>server 127.127.8.0-3 mode 23</tt></b>
+				<p><b><tt>MEINBERG, mode 7 but with POWERUP trust </tt></b><br>
+				</p>
+
 		</ul>
+
 		<p>Actual data formats and setup requirements of the various clocks can be found in <a href="../parsedata.html">NTP PARSE clock data formats</a>.</p>
 		<h4>Operation</h4>
 		<p>The reference clock support software carefully monitors the state transitions of the receiver. All state changes and exceptional events (such as loss of time code transmission) are logged via the syslog facility. Every hour a summary of the accumulated times for the clock states is listed via syslog.</p>
diff --git a/html/drivers/driver9.html b/html/drivers/driver9.html
index 112f2d7..812ab13 100644
--- a/html/drivers/driver9.html
+++ b/html/drivers/driver9.html
@@ -2,57 +2,56 @@
 
 <html>
 
-    <head>
-        <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
-        <meta name="GENERATOR" content="Mozilla/4.01 [en] (Win95; I) [Netscape]">
-        <title>Magnavox MX4200 GPS Receiver</title>
-        <link href="scripts/style.css" type="text/css" rel="stylesheet">
-    </head>
+	<head>
+		<meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1">
+		<meta name="GENERATOR" content="Mozilla/4.01 [en] (Win95; I) [Netscape]">
+		<title>Magnavox MX4200 GPS Receiver</title>
+		<link href="scripts/style.css" type="text/css" rel="stylesheet">
+	</head>
 
-    <body>
-        <h3>Magnavox MX4200 GPS Receiver</h3>
-        <hr>
-        <h4>Synopsis</h4>
-        Address: 127.127.9.<i>u</i><br>
-        Reference ID: <tt>GPS</tt><br>
-        Driver ID: <tt>GPS_MX4200</tt><br>
-        Serial Port: <tt>/dev/gps<i>u</i></tt>; 4800 baud, 8-bits, no parity<br>
-        Features: <tt>ppsclock</tt> (required)
-        <h4>Description</h4>
-        <p>This driver supports the Magnavox MX4200 Navigation Receiver adapted to precision timing applications. It requires the <tt>ppsclock</tt> line discipline or streams module described in the <a href="../ldisc.html">Line Disciplines and Streams Modules</a> page. It also requires a level converter such as described in the <a href="../pps.html">Pulse-per-second (PPS) Signal Interfacing</a> page.</p>
-        <p>This driver supports all compatible receivers such as the 6-channel MX4200, MX4200D, and the 12-channel MX9212, MX9012R, MX9112.</p>
-        <p><a href="http://www.leica-gps.com/"><img src="../pic/9400n.jpg" alt="Leica MX9400N Navigator" height="143" width="180" align="left"></a> <a href="http://www.leica-gps.com/">Leica Geosystems</a> acquired the Magnavox commercial GPS technology business in February of 1994. They now market and support former Magnavox GPS products such as the MX4200 and its successors.</p>
-        <br clear="LEFT">
-        <p>Leica MX9400N Navigator.</p>
-        <h4>Operating Modes</h4>
-        <p>This driver supports two modes of operation, static and mobile, controlled by clock flag 2.</p>
-        <p>In static mode (the default) the driver assumes that the GPS antenna is in a fixed location. The receiver is initially placed in a &quot;Static, 3D Nav&quot; mode, where latitude, longitude, elevation and time are calculated for a fixed station. An average position is calculated from this data. After 24 hours, the receiver is placed into a &quot;Known Position&quot; mode, initialized with the calculated position, and then solves only for time.</p>
-        <p>In mobile mode, the driver assumes the GPS antenna is mounted on a moving platform such as a car, ship, or aircraft. The receiver is placed in &quot;Dynamic, 3D Nav&quot; mode and solves for position, altitude and time while moving. No position averaging is performed.</p>
-        <h4>Monitor Data</h4>
-        <p>The driver writes each timecode as received to the <tt>clockstats</tt> file. Documentation for the <cite>NMEA-0183</cite> proprietary sentences produced by the MX4200 can be found in <a href="../mx4200data.html">MX4200 Receiver Data Format</a>.</p>
-        <h4>Fudge Factors</h4>
-        <dl>
-            <dt><tt>time1 <i>time</i></tt>
-            <dd>Specifies the time offset calibration factor, in seconds and fraction, with default 0.0.
-            <dt><tt>time2 <i>time</i></tt>
-            <dd>Not used by this driver.
-            <dt><tt>stratum <i>number</i></tt>
-            <dd>Specifies the driver stratum, in decimal from 0 to 15, with default 0.
-            <dt><tt>refid <i>string</i></tt>
-            <dd>Specifies the driver reference identifier, an ASCII string from one to four characters, with default <tt>GPS</tt>.
-            <dt><tt>flag1 0 | 1</tt>
-            <dd>Not used by this driver.
-            <dt><tt>flag2 0 | 1</tt>
-            <dd>Assume GPS receiver is on a mobile platform if set.
-            <dt><tt>flag3 0 | 1</tt>
-            <dd>Not used by this driver.
-            <dt><tt>flag4 0 | 1</tt>
-            <dd>Not used by this driver.
-        </dl>
-        <h4>Additional Information</h4>
-        <p><a href="../refclock.html">Reference Clock Drivers</a>&nbsp;</p>
-        <hr>
-        <script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
-    </body>
+	<body>
+		<h3>Magnavox MX4200 GPS Receiver</h3>
+		<hr>
+		<h4>Synopsis</h4>
+		Address: 127.127.9.<i>u</i><br>
+		Reference ID: <tt>GPS</tt><br>
+		Driver ID: <tt>GPS_MX4200</tt><br>
+		Serial Port: <tt>/dev/gps<i>u</i></tt>; 4800 baud, 8-bits, no parity<br>
+		Features: <tt>ppsclock</tt> (required)
+		<h4>Description</h4>
+		<p>This driver supports the Magnavox MX4200 Navigation Receiver adapted to precision timing applications. This driver supports all compatible receivers such as the 6-channel MX4200, MX4200D, and the 12-channel MX9212, MX9012R, MX9112.</p>
+		<p><a href="http://www.leica-gps.com/"><img src="../pic/9400n.jpg" alt="Leica MX9400N Navigator" height="143" width="180" align="left"></a> <a href="http://www.leica-gps.com/">Leica Geosystems</a> acquired the Magnavox commercial GPS technology business in February of 1994. They now market and support former Magnavox GPS products such as the MX4200 and its successors.</p>
+		<br clear="LEFT">
+		<p>Leica MX9400N Navigator.</p>
+		<h4>Operating Modes</h4>
+		<p>This driver supports two modes of operation, static and mobile, controlled by clock flag 2.</p>
+		<p>In static mode (the default) the driver assumes that the GPS antenna is in a fixed location. The receiver is initially placed in a &quot;Static, 3D Nav&quot; mode, where latitude, longitude, elevation and time are calculated for a fixed station. An average position is calculated from this data. After 24 hours, the receiver is placed into a &quot;Known Position&quot; mode, initialized with the calculated position, and then solves only for time.</p>
+		<p>In mobile mode, the driver assumes the GPS antenna is mounted on a moving platform such as a car, ship, or aircraft. The receiver is placed in &quot;Dynamic, 3D Nav&quot; mode and solves for position, altitude and time while moving. No position averaging is performed.</p>
+		<h4>Monitor Data</h4>
+		<p>The driver writes each timecode as received to the <tt>clockstats</tt> file. Documentation for the <cite>NMEA-0183</cite> proprietary sentences produced by the MX4200 can be found in <a href="mx4200data.html">MX4200 Receiver Data Format</a>.</p>
+		<h4>Fudge Factors</h4>
+		<dl>
+			<dt><tt>time1 <i>time</i></tt>
+			<dd>Specifies the time offset calibration factor, in seconds and fraction, with default 0.0.
+			<dt><tt>time2 <i>time</i></tt>
+			<dd>Not used by this driver.
+			<dt><tt>stratum <i>number</i></tt>
+			<dd>Specifies the driver stratum, in decimal from 0 to 15, with default 0.
+			<dt><tt>refid <i>string</i></tt>
+			<dd>Specifies the driver reference identifier, an ASCII string from one to four characters, with default <tt>GPS</tt>.
+			<dt><tt>flag1 0 | 1</tt>
+			<dd>Not used by this driver.
+			<dt><tt>flag2 0 | 1</tt>
+			<dd>Assume GPS receiver is on a mobile platform if set.
+			<dt><tt>flag3 0 | 1</tt>
+			<dd>Not used by this driver.
+			<dt><tt>flag4 0 | 1</tt>
+			<dd>Not used by this driver.
+		</dl>
+		<h4>Additional Information</h4>
+		<p><a href="../refclock.html">Reference Clock Drivers</a>&nbsp;</p>
+		<hr>
+		<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
+	</body>
 
 </html>
\ No newline at end of file
diff --git a/html/mx4200data.html b/html/drivers/mx4200data.html
index 7bf66b1..6f9ac30 100644
--- a/html/mx4200data.html
+++ b/html/drivers/mx4200data.html
@@ -3,7 +3,7 @@
 	<head>
 		<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
 		<title>MX4200 Receiver Data Format</title>
-		<link href="scripts/style.css" type="text/css" rel="stylesheet">
+		<link href="../scripts/style.css" type="text/css" rel="stylesheet">
 	</head>
 
 	<body>
@@ -1068,7 +1068,7 @@
 		Example:<br>
 		<code>$PMVXG,830,T,1998,10,12,15:30:46,U,S,000298,00003,000000,01*02</code>
 		<hr>
-		<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
+		<script type="text/javascript" language="javascript" src="../scripts/footer.txt"></script>
 	</body>
 
 </html>
\ No newline at end of file
diff --git a/html/extern.html b/html/extern.html
index 3245fca..c0ae5c9 100644
--- a/html/extern.html
+++ b/html/extern.html
@@ -13,17 +13,34 @@
 		<h3>External Clock Discipline and the Local Clock Driver</h3>
 		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">18:38</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="246">Thursday, July 28, 2005</csobj></p>
 		<hr>
-		<p>The NTPv4 implementation includes provisions for an external clock, where the system clock is implemented by some external hardware device. One implementation might take the form of a bus peripheral with a high resolution counter disciplined by a GPS receiver, for example. Another implementation might involve another synchronization protocol, such as the Digital Time Synchronization Service (DTSS), where the system time is disciplined to this protocol and NTP clients of the server obtain synchronization indirectly via the server. A third implementation might be a completely separate clock discipline algorithm and synchronization protocol, such as the <tt>Lockclock</tt> algorithm used with NIST Automated Computer Time Service (ACTS) modem synchronized time.</p>
+		<p>The NTPv4 implementation includes provisions for an external clock, where
+			the system clock is implemented by some external hardware device.
+			One implementation might take the form of a bus peripheral with a high resolution
+			counter disciplined by a GPS receiver, for example. Another implementation
+			might involve another synchronization protocol, such as the Digital Time Synchronization
+			Service (DTSS), where the system time is disciplined to this protocol and
+			NTP clients of the server obtain synchronization indirectly via the server.
+			A third implementation might be a completely separate clock discipline algorithm
+			and synchronization protocol, such as the <tt>Lockclock</tt> algorithm used
+			with NIST Automated Computer Time Service (ACTS) modem synchronized time.</p>
 		<p>When external clocks are used in conjunction with NTP service, some way needs to be provided for the external clock driver and NTP daemon <tt>ntpd</tt> to communicate and determine which discipline is in control. This is necessary in order to provide backup, for instance if the external clock or protocol were to fail and synchronization service fall back to other means, such as a local reference clock or another NTP server. In addition, when the external clock and driver are in control, some means needs to be provided for the clock driver to pass on status information and error statistics to the NTP daemon.</p>
 		<p>Control and monitoring functions for the external clock and driver are implemented using the <a href="drivers/driver1.html">Local Clock (type 1) driver</a> and the <tt>ntp_adjtime()</tt> system call. This system call is implemented by special kernel provisions included in the kernel of several operating systems, including Solaris, Tru64, FreeBSD and Linux, and possibly others. When the external clock is disabled or not implemented, the system call is used to pass time and frequency information, as well as error statistics, to the kernel. Besides disciplining the system time, the same interface can be used by other applications to determine the operating parameters of the discipline.</p>
 		<p>When the external clock is enabled, <tt>ntpd</tt> does not discipline the system clock, nor does it maintain the error statistics. In this case, the external clock and driver do this using mechanisms unknown to <tt>ntpd</tt>; however, in this case the kernel state variables are retrieved at 64-s intervals by the Local Clock driver and used by the clock selection and mitigation algorithms to determine the system variables presented to other NTP clients and peers. In this way, downstream clients and servers in the NTP subnet can make an intelligent choice when more than one server is available.</p>
 		<p>In order to implement a reliable mitigation between ordinary NTP sources and the external clock source, a protocol is necessary between the local clock driver and the external clock driver. This is implemented using Boolean variables and certain bits in the kernel clock status word. The Boolean variables include the following:</p>
-		<p><tt>ntp_enable</tt>. set/reset by the <tt>enable</tt> command. enables ntp clock discipline</p>
+		<p><tt>ntp_enable</tt>. set/reset by the <tt>enable</tt> command. enables ntpd
+			clock discipline</p>
 		<p><tt>ntp_contro</tt>l. set during initial configuration if kernel support is available</p>
 		<p><tt>kern_enable</tt> Set/reset by the <tt>enable</tt> command</p>
-		<p>If the <tt>kern_enable</tt> switch is set, the daemon computes the offset, frequency, maximum error, estimated error, time constand and status bits, then provides them to the kernel via <tt>ntp_adjtime()</tt>. If this switch is not set, these values are not passed to the kernel; however, the daemon retrieves their present values and uses them in place of the values computed by the daemon.</p>
+		<p>If the <tt>kern_enable</tt> switch is set, the daemon computes the offset,
+			frequency, maximum error, estimated error, time constant and status bits,
+			then provides them to the kernel via <tt>ntp_adjtime()</tt>. If this switch
+			is not set, these values are not passed to the kernel; however, the daemon
+			retrieves their present values and uses them in place of the values computed
+			by the daemon.</p>
 		<p>The <tt>pps_update</tt> bit set in the protocol routine if the prefer peer has survived and has offset less than 128 ms; otherwise set to zero.</p>
-		<p>The <tt>pps_contro</tt>l Updated to the current time by kernel support if the PPS signal is enabled and working correctly. Set to zero in the adjust routine if the interval since the last update exceeds 120 s.</p>
+		<p>The <tt>PPS control</tt> Updated to the current time by kernel support if
+			the PPS signal is enabled and working correctly. Set to zero in the adjust
+			routine if the interval since the last update exceeds 120 s.</p>
 		<p>The <tt>ntp_enable</tt> and <tt>kern_enable</tt> are set by the configuration module. Normally, both switches default on, so the daemon can control the time and the kernel discipline can be used, if available. The <tt>pps_update</tt> switch is set by the protocol module when it believes the PPS provider source is legitimate and operating within nominals. The <tt>ntp_control</tt> switch is set during configuration by interrogating the kernel. If both the <tt>kern_enable</tt> and <tt>ntp_control</tt> switches are set, the daemon disciplines the clock via the kernel and the internal daemon discipline is disabled.</p>
 		<p>The external clock driver controls the system time and clock selection in the following way. Normally, the driver adjusts the kernel time using the <tt>ntp_adjtime()</tt> system call in the same way as the daemon. In the case where the kernel discipline is to be used intact, the clock offset is provided in this call and the loop operates as specified. In the case where the driver steers only the frequency, the offset is specified as zero.</p>
 		<hr>
diff --git a/html/gadget.html b/html/gadget.html
index b13fe08..e48cbb7 100644
--- a/html/gadget.html
+++ b/html/gadget.html
@@ -11,20 +11,29 @@
 	<body>
 		<h3>Gadget Box PPS Level Converter and CHU Modem</h3>
 		<img src="pic/gadget.jpg" alt="gif" align="left">A Gadget Box built by Chuck Hanavin
+		<br clear="left">
 		<h4>Related Links</h4>
 		<p>
-			<script type="text/javascript" language="javascript" src="scripts/links11.txt"></script>
+			<script type="text/javascript" language="javascript" src="scripts/misc.txt"></script>
 			<br clear="left">
 		</p>
 		<h4>table of Contents</h4>
 		<ul>
-			<li class="inline"><a href="#intro">Introduction</a>
-			<li class="inline"><a href="#ckt">Circuit Description</a>
-			<li class="inline"><a href="#file">Files</a>
+			<li class="inline"><a href="#intro">Introduction</a></li>
+			<li class="inline"><a href="#ckt">Circuit Description</a></li>
+			<li class="inline"><a href="#file">Files</a></li>
 		</ul>
 		<hr>
 		<h4 id="intro">Introduction</h4>
-		<p>Many radio clocks used as a primary reference source for NTP servers produce a pulse-per-second (PPS) signal that can be used to improve accuracy to a high degree. However, the signals produced are usually incompatible with the modem interface signals on the serial ports used to connect the signal to the host. The gadget box consists of a handful of electronic components assembled in a small aluminum box. It includes level converters and a optional radio modem designed to decode the radio timecode signals transmitted by the Canadian time and frequency station CHU. A complete set of schematics, PCB artwork, drill templates can be obrtained via the web from ftp.udel.edu as <a href="ftp://ftp.udel.edu/pub/ntp/hardware/gadget.tar.Z">gadget.tar.Z</a>.</p>
+		<p>Many radio clocks used as a primary reference source for NTP servers produce
+			a pulse-per-second (PPS) signal that can be used to improve accuracy to a
+			high degree. However, the signals produced are usually incompatible with the
+			modem interface signals on the serial ports used to connect the signal to
+			the host. The gadget box consists of a handful of electronic components assembled
+			in a small aluminum box. It includes level converters and a optional radio
+			modem designed to decode the radio timecode signals transmitted by the Canadian
+			time and frequency station CHU. A complete set of schematics, PCB artwork,
+			drill templates can be obtained via the web from ftp.udel.edu as <a href="ftp://ftp.udel.edu/pub/ntp/hardware/gadget.tar.Z">gadget.tar.Z</a>.</p>
 		<p>The gadget box is assembled in a 5&quot;x3&quot;x2&quot; aluminum minibox containing the level converter and modem circuitry. It includes two subcircuits. One of these converts a TTL positive edge into a fixed-width pulse at EIA levels and is for use with a timecode receiver or oscillator including a TTL PPS output. The other converts the timecode modulation broadcast by Canadian time/frequency standard station CHU into a 300-bps serial character stream at EIA levels and is for use with the <a href="drivers/driver7.html">Radio CHU Audio Demodulator/Decoder</a> driver.</p>
 		<hr>
 		<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
diff --git a/html/groups.html b/html/groups.html
deleted file mode 100644
index 7f6d14b..0000000
--- a/html/groups.html
+++ /dev/null
@@ -1,47 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-
-<html>
-
-	<head>
-		<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
-		<meta name="generator" content="HTML Tidy, see www.w3.org">
-		<title>Trusted Hosts and Groups</title>
-		<link href="scripts/style.css" type="text/css" rel="stylesheet">
-	</head>
-
-	<body>
-		<h3>Trusted Hosts and Groups</h3>
-		<img src="pic/alice23.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/%7emills/pictures.html">from <i>Alice's Adventures in Wonderland</i>, Lewis Carroll</a>
-		<p>Alice holds the key.</p>
-		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">00:12</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="299">Tuesday, November 08, 2005</csobj></p>
-		<br clear="left">
-		<h4>Related Links</h4>
-		<script type="text/javascript" language="javascript" src="scripts/links9.txt"></script>
-		<h4>Table of Contents</h4>
-		<ul>
-			<li class="inline"><a href="#idexp">Identity Schemes</a>
-			<li class="inline"><a href="#exam">Example</a>
-			<li class="inline"><a href="#cmd">Command Line Options</a>
-			<li class="inline"><a href="#rand">Random Seed File</a>
-			<li class="inline"><a href="#fmt">Cryptographic Data Files</a>
-			<li class="inline"><a href="#bug">Bugs</a>
-		</ul>
-		<hr>
-		<h4 id="synop">Trusted Hosts and Groups</h4>
-		<p>Each cryptographic configuration involves selection of a signature scheme and identification scheme, called a cryptotype, as explained in the <a href="authopt.html">Authentication Options</a> page. The default cryptotype uses RSA encryption, MD5 message digest and TC identification. First, configure a NTP subnet including one or more low-stratum trusted hosts from which all other hosts derive synchronization directly or indirectly. Trusted hosts have trusted certificates; all other hosts have nontrusted certificates. These hosts will automatically and dynamically build authoritative certificate trails to one or more trusted hosts. A trusted group is the set of all hosts that have, directly or indirectly, a certificate trail ending at a trusted host. The trail is defined by static configuration file entries or dynamic means described on the <a href="manyopt.html">Automatic NTP Configuration Options</a> page.</p>
-		<p>On each trusted host as root, change to the keys directory. To insure a fresh fileset, remove all <tt>ntpkey</tt> files. Then run <tt>ntp-keygen -T</tt> to generate keys and a trusted certificate. On all other hosts do the same, but leave off the <tt>-T</tt> flag to generate keys and nontrusted certificates. When complete, start the NTP daemons beginning at the lowest stratum and working up the tree. It may take some time for Autokey to instantiate the certificate trails throughout the subnet, but setting up the environment is completely automatic.</p>
-		<p>If it is necessary to use a different sign key or different digest/signature scheme than the default, run <tt>ntp-keygen</tt> with the <tt>-S</tt><i><tt> type</tt></i> option, where <i><tt>type</tt></i> is either <tt>RSA</tt> or <tt>DSA</tt>. The most often need to do this is when a DSA-signed certificate is used. If it is necessary to use a different certificate scheme than the default, run <tt>ntp-keygen</tt> with the <tt>-c <i>scheme</i></tt> option and selected <i><tt>scheme</tt></i> as needed. If <tt>ntp-keygen</tt> is run again without these options, it generates a new certificate using the same scheme and sign key.</p>
-		<p>After setting up the environment it is advisable to update certificates from time to time, if only to extend the validity interval. Simply run <tt>ntp-keygen</tt> with the same flags as before to generate new certificates using existing keys. However, if the host or sign key is changed, <tt>ntpd</tt> should be restarted. When ntpd is restarted, it loads any new files and restarts the protocol. Other dependent hosts will continue as usual until signatures are refreshed, at which time the protocol is restarted.</p>
-		<h4 id="idexp">Identity Schemes</h4>
-		<p>As mentioned on the Autonomous Authentication page, the default TC identity scheme is vulnerable to a middleman attack. However, there are more secure identity schemes available, including PC, IFF, GQ and MV described on the <a href="http://www.eecis.udel.edu/%7emills/keygen.html">Identification Schemes</a> page. These schemes are based on a TA, one or more trusted hosts and some number of nontrusted hosts. Trusted hosts prove identity using values provided by the TA, while the remaining hosts prove identity using values provided by a trusted host and certificate trails that end on that host. The name of a trusted host is also the name of its sugroup and also the subject and issuer name on its trusted certificate. The TA is not necessarily a trusted host in this sense, but often is.</p>
-		<p>In some schemes there are separate keys for servers and clients. A server can also be a client of another server, but a client can never be a server for another client. In general, trusted hosts and nontrusted hosts that operate as both server and client have parameter files that contain both server and client keys. Hosts that operate only as clients have key files that contain only client keys.</p>
-		<p>The PC scheme supports only one trusted host in the group. On trusted host <i>alice</i> run <tt>ntp-keygen -P -p <i>password</i></tt> to generate the host key file <tt>ntpkey_RSAkey_<i>alice.filestamp</i></tt> and trusted private certificate file <tt>ntpkey_RSA-MD5_cert_<i>alice.filestamp</i></tt>. Copy both files to all group hosts; they replace the files which would be generated in other schemes. On each host <i>bob</i> install a soft link from the generic name <tt>ntpkey_host_<i>bob</i></tt> to the host key file and soft link <tt>ntpkey_cert_<i>bob</i></tt> to the private certificate file. Note the generic links are on <i>bob</i>, but point to files generated by trusted host <i>alice</i>. In this scheme it is not possible to refresh either the keys or certificates without copying them to all other hosts in the group.</p>
-		<p>For the IFF scheme proceed as in the TC scheme to generate keys and certificates for all group hosts, then for every trusted host in the group, generate the IFF&nbsp;parameter file. On trusted host <i>alice</i> run <tt>ntp-keygen -T </tt><tt>-I -p <i>password</i></tt> to produce her parameter file <tt>ntpkey_IFFpar_<i>alice.filestamp</i></tt>, which includes both server and client keys. Copy this file to all group hosts that operate as both servers and clients and install a soft link from the generic <tt>ntpkey_iff_<i>alice</i></tt> to this file. If there are no hosts restricted to operate only as clients, there is nothing further to do. As the IFF scheme is independent of keys and certificates, these files can be refreshed as needed.</p>
-		<p>If a rogue client has the parameter file, it could masquerade as a legitimate server and present a middleman threat. To eliminate this threat, the client keys can be extracted from the parameter file and distributed to all restricted clients. After generating the parameter file, on <i>alice</i> run <tt>ntp-keygen</tt> <tt>-e</tt> and pipe the output to a file or mail program. Copy or mail this file to all restricted clients. On these clients install a soft link from the generic <tt>ntpkey_iff_<i>alice</i></tt> to this file. To further protect the integrity of the keys, each file can be encrypted with a secret password.</p>
-		<p>For the GQ scheme proceed as in the TC scheme to generate keys and certificates for all group hosts, then for every trusted host in the group, generate the IFF parameter file. On trusted host <i>alice</i> run <tt>ntp-keygen -T </tt><tt>-G -p <i>password</i></tt> to produce her parameter file <tt>ntpkey_GQpar_<i>alice.filestamp</i></tt>, which includes both server and client keys. Copy this file to all group hosts and install a soft link from the generic <tt>ntpkey_gq_<i>alice</i></tt> to this file. In addition, on each host <i>bob</i> install a soft link from generic <tt>ntpkey_gq_<i>bob</i></tt> to this file. As the GQ scheme updates the GQ parameters file and certificate at the same time, keys and certificates can be regenerated as needed.</p>
-		<p>For the MV scheme, proceed as in the TC scheme to generate keys and certificates for all group hosts. For illustration assume <i>trish</i> is the TA, <i>alice</i> one of several trusted hosts and <i>bob</i> one of her clients. On TA <i>trish</i> run <tt>ntp-keygen </tt><tt>-V&nbsp;<i>n</i> -p <i>password</i></tt>, where <i>n</i> is the number of revokable keys (typically 5) to produce the parameter file <tt>ntpkeys_MVpar_<i>trish.filestamp </i></tt>and client key files <tt>ntpkeys_MVkey<i>d</i>_<i>trish.filestamp</i></tt> where <i><tt>d</tt></i> is the key number (0 &lt; <i><tt>d</tt></i> &lt; <i>n</i>). Copy the parameter file to <i>alice</i> and install a soft link from the generic <tt>ntpkey_mv_<i>alice</i></tt> to this file. Copy one of the client key files to <i>alice</i> for later distribution to her clients. It doesn't matter which client key file goes to <i>alice</i>, since they all work the same way. <i>Alice</i> copies the client key file to all of her cliens. On client <i>bob</i> install a soft link from generic <tt>ntpkey_mvkey_<i>bob </i></tt>to the client key file. As the MV scheme is independent of keys and certificates, these files can be refreshed as needed.</p>
-		<hr>
-		<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
-	</body>
-
-</html>
\ No newline at end of file
diff --git a/html/hints.html b/html/hints.html
new file mode 100644
index 0000000..ba4f271
--- /dev/null
+++ b/html/hints.html
@@ -0,0 +1,24 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+
+<html>
+
+	<head>
+		<meta http-equiv="content-type" content="text/html;charset=windows-1252">
+		<title>Hints and Kinks</title>
+		<link href="scripts/style.css" type="text/css" rel="stylesheet">
+	</head>
+
+	<body>
+		<h3>Hints and Kinks</h3>
+		<img src="pic/alice35.gif" align="left"><a href="http://www.eecis.udel.edu/%7emills/pictures.html"> from <i>Alice's Adventures in Wonderland</i>, Lewis Carroll</a>
+		<p>Mother in law has all the answers.</p>
+		<p>Last update: <csobj format="ShortTime" h="24" locale="00000409" region="0" t="DateTime" w="50">20:27</csobj> UTC <csobj format="LongDate" h="24" locale="00000409" region="0" t="DateTime" w="257">Monday, December 02, 2002</csobj></p>
+		<br clear="left">
+		<hr>
+		<p>This is an index for a set of troubleshooting notes contained in individual text files in the <tt>./hints</tt> directory. They were supplied by various volunteers in the form of mail messages, patches or just plain word of mouth. Each note applies to a specific computer and operating system and gives information found useful in setting up the NTP distribution or site configuration. The notes are very informal and subject to errors; no attempt has been made to verify the accuracy of the information contained in them.</p>
+		<p>Additions or corrections to this list or the information contained in the notes is solicited. The most useful submissions include the name of the computer manufacturer (and model numbers where appropriate), operating system (specific version(s) where appropriate), problem description, problem solution and submitter's name and electric address. If the submitter is willing to continue debate on the problem, please so advise. See the <a href="hints/">directory listing</a>.</p>
+		<hr>
+		<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
+	</body>
+
+</html>
\ No newline at end of file
diff --git a/html/build/hints/a-ux b/html/hints/a-ux
index f8c26d2..f8c26d2 100644
--- a/html/build/hints/a-ux
+++ b/html/hints/a-ux
diff --git a/html/build/hints/aix b/html/hints/aix
index e53beff..e53beff 100644
--- a/html/build/hints/aix
+++ b/html/hints/aix
diff --git a/html/build/hints/bsdi b/html/hints/bsdi
index 3b8bc38..3b8bc38 100644
--- a/html/build/hints/bsdi
+++ b/html/hints/bsdi
diff --git a/html/build/hints/changes b/html/hints/changes
index 177e562..177e562 100644
--- a/html/build/hints/changes
+++ b/html/hints/changes
diff --git a/html/build/hints/decosf1 b/html/hints/decosf1
index bc4ce0b..bc4ce0b 100644
--- a/html/build/hints/decosf1
+++ b/html/hints/decosf1
diff --git a/html/build/hints/decosf2 b/html/hints/decosf2
index e4a8828..e4a8828 100644
--- a/html/build/hints/decosf2
+++ b/html/hints/decosf2
diff --git a/html/build/hints/freebsd b/html/hints/freebsd
index ef84732..ef84732 100644
--- a/html/build/hints/freebsd
+++ b/html/hints/freebsd
diff --git a/html/build/hints/hpux b/html/hints/hpux
index 1640d05..1640d05 100644
--- a/html/build/hints/hpux
+++ b/html/hints/hpux
diff --git a/html/build/hints/linux b/html/hints/linux
index b06a36a..b06a36a 100644
--- a/html/build/hints/linux
+++ b/html/hints/linux
diff --git a/html/build/hints/mpeix b/html/hints/mpeix
index 83c7241e..83c7241e 100644
--- a/html/build/hints/mpeix
+++ b/html/hints/mpeix
diff --git a/html/build/hints/notes-xntp-v3 b/html/hints/notes-xntp-v3
index ba027f2..ba027f2 100644
--- a/html/build/hints/notes-xntp-v3
+++ b/html/hints/notes-xntp-v3
diff --git a/html/build/hints/parse b/html/hints/parse
index 07fbc6b..d252351 100644
--- a/html/build/hints/parse
+++ b/html/hints/parse
@@ -24,7 +24,7 @@ Directory contents:
 			- Trimble SV6 GPS receiver
 
 			  If you want to add new clock types please check
-			  with kardel <AT> informatik.uni-erlangen.de. These files
+			  with kardel@informatik.uni-erlangen.de. These files
 			  implement the conversion of RS232 data streams into
 			  timing information used by refclock_parse.c which is
 			  mostly generic except for NTP configuration constants.
diff --git a/html/build/hints/refclocks b/html/hints/refclocks
index 17e7643..17e7643 100644
--- a/html/build/hints/refclocks
+++ b/html/hints/refclocks
diff --git a/html/build/hints/rs6000 b/html/hints/rs6000
index 8561ac2..8561ac2 100644
--- a/html/build/hints/rs6000
+++ b/html/hints/rs6000
diff --git a/html/build/hints/sco.html b/html/hints/sco.html
index bd08e98..7afde83 100644
--- a/html/build/hints/sco.html
+++ b/html/hints/sco.html
@@ -1,24 +1,26 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
 
 <html>
 
 	<head>
+		<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
+		<meta name="generator" content="HTML Tidy, see www.w3.org">
 		<title>SCO Unix hints</title>
-		<link href="scripts/style.css" type="text/css" rel="stylesheet">
+		<link href="../scripts/style.css" type="text/css" rel="stylesheet">
 	</head>
 
 	<body>
-		<h1>SCO Unix hints</h1>
-		<h2>Older SCO Unix versions</h2>
+		<h3>SCO Unix hints</h3>
+		<h4>Older SCO Unix versions</h4>
 		<p>NTP 4.0.x does not run on SCO Unix prior to version 3.2.5.0.0. If you need NTP on an older SCO Unix system and don't mind to modify your kernel, use 3.5.91 which has patches for SCO Unix 3.2.4.x. Apply the kernel modifications as described in <a href="http://www.echelon.nl/en/ntp/sco3-recipe.html">XNTP on SCO 3.2.4.2</a>.</p>
-		<h2>Compiling NTP</h2>
+		<h4>Compiling NTP</h4>
 		<p>Delete the old SCO supplied NTP programs using the &quot;custom&quot; utility. Run the NTP configure program with CFLAGS=&quot;-b elf -K <i>processor-type</i>&quot; for best results.</p>
-		<h2>Running NTP</h2>
+		<h4>Running NTP</h4>
 		<p>Run &quot;tickadj -As&quot; after every reboot to set the variables &quot;clock_drift&quot; and &quot;track_rtc&quot; to the right values.</p>
 		<p>Run &quot;ntpd&quot; with a high negative nice-value, i.e. &quot;nice --19 ntpd&quot; for best results.</p>
-		<h2>More information</h2>
+		<h4>More information</h4>
 		<p>More information on the way SCO Unix and NTP interact can be found in <a href="http://www.echelon.nl/en/ntp/ntp-on-sco.html">NTP on SCO Unix</a>, which includes links to precompiled versions of NTP.</p>
-		<p><a href="mailto:kees@echelon.nl">Kees Hendrikse</a>, January 1999</p>
+		<p>Kees Hendrikse, January 1999</p>
 	</body>
 
 </html>
\ No newline at end of file
diff --git a/html/build/hints/sgi b/html/hints/sgi
index 5e4f7de..5e4f7de 100644
--- a/html/build/hints/sgi
+++ b/html/hints/sgi
diff --git a/html/build/hints/solaris-dosynctodr.html b/html/hints/solaris-dosynctodr.html
index fc7fae9..89a12b2 100644
--- a/html/build/hints/solaris-dosynctodr.html
+++ b/html/hints/solaris-dosynctodr.html
@@ -25,7 +25,7 @@
 <BODY BGCOLOR="#FFFFFF" LINK="#666699" ALINK="#FFFFFF">
 
 
-<TABLE WIDTH="623" BORDER="0">
+<TABLE WIDTH="623" BORDER="0" CELLSPACING="0" CELLPADDING="0">
         <TR>
                 <TD COLSPAN="2" VALIGN="TOP" WIDTH="623">
                 <IMG BORDER="0" SRC="/images/homebuy.gif" WIDTH="149" HEIGHT="32" ALT="Home * Buy * My Sun(sm)" USEMAP="#lefttop"><IMG BORDER="0" SRC="/images/globalnavbar.gif" WIDTH="474" HEIGHT="32" ALT="sun.com Global Sections" USEMAP="#topnav"></TD>
@@ -35,12 +35,12 @@
 
         <!-- TITLEBAR IMAGE: INSERT CUSTOMIZED TITLEBAR IMAGE BELOW -->
 
-        <A HREF="http://www.sun.com/"><IMG BORDER="0" SRC="/images/sunlogo.gif" WIDTH="149" HEIGHT="72" ALT="Sun Microsystems"></A><IMG BORDER="0" SRC="/images/titlebar/doc.title.gif" alt="gif" WIDTH="474" HEIGHT="72"></TD>
+        <A HREF="http://www.sun.com/"><IMG BORDER="0" SRC="/images/sunlogo.gif" WIDTH="149" HEIGHT="72" ALT="Sun Microsystems"></A><IMG BORDER="0" SRC="/images/titlebar/doc.title.gif" WIDTH="474" HEIGHT="72"></TD>
         </TR>
 		        <!-- Begin Search Elements -->
         <TR VALIGN="top">
             <TD BGCOLOR="#666699">      
-                        <TABLE>
+                        <TABLE BORDER="0" WIDTH="157" CELLSPACING="0" CELLPADDING="0">
                                 <TR>
                                     <TD BGCOLOR="#666699" COLSPAN="2" WIDTH="157" VALIGN="TOP"><IMG BORDER="0" SRC="/images/search/contract/search1.gif" WIDTH="157" HEIGHT="16" ALT="Search SunSolve"></TD>
                             </TR>
@@ -58,7 +58,7 @@
     <!-- End Search Elements -->
                     <!-- Begin User Personalization (Must limit to 10 Characters)-->
                     <TR>
-                        <TD COLSPAN="2"><TABLE><TR><TD COLSPAN="3" ALIGN="right"><IMG SRC="/images/home_con/welcom_1.gif" ALT="" WIDTH="156" HEIGHT="4" BORDER="0"></TD></TR>
+                        <TD COLSPAN="2"><TABLE BORDER="0" CELLSPACING="0" CELLPADDING="0" WIDTH="157"><TR><TD COLSPAN="3" ALIGN="right"><IMG SRC="/images/home_con/welcom_1.gif" ALT="" WIDTH="156" HEIGHT="4" BORDER="0"></TD></TR>
                                         <TR><TD BGCOLOR="#333366"><IMG SRC="/images/home_con/welcom_2.gif" ALT="" WIDTH="17" HEIGHT="19" BORDER="0"></TD><TD BGCOLOR="#333366" VALIGN="middle"><NOBR><FONT FACE="Geneva, Helvetica, Arial, SunSans-Regular" COLOR="#99CC33" SIZE="-2">sopko</FONT></NOBR></TD><TD BGCOLOR="#333366" ALIGN="right"><A HREF="edit-user-form.pl?viewmode=contractuser"><IMG SRC="/images/home_con/welcom_3.gif" ALT="Edit" WIDTH="45" HEIGHT="19" BORDER="0"></A></TD></TR>
                                 </TABLE>
                                 </TD>
@@ -86,9 +86,9 @@
 <IMG BORDER="0" SRC="/images/nav/p3.gif" WIDTH="157" HEIGHT="19" ALT="Y2K Central"></A><BR>
 <A HREF="show.pl?target=security/sec" onmouseover="window.status='Security Information'; return true" onmouseout="window.status=''; return true">
 <IMG BORDER="0" SRC="/images/nav/p2.gif" WIDTH="157" HEIGHT="19" ALT="Security Information"></A><BR>
-<br><table width="157">
+<br><table cellpadding="0" cellspacing="0" border="0" width="157">
 <tr><td width="8">&nbsp;</td><td width="149">
-<table>
+<table cellpadding="0" cellspacing="0" border="0">
 <BR><tr><td><BR><img src="/images/line.gif" alt="------" width="140" height="11" border="0"><br>
 		<A HREF="mark.pl" 
 			onmouseover="window.status='Marked Docs.';return true"
@@ -149,7 +149,7 @@
 
 
 
-<table width=100%>
+<table width=100% cellpadding=16 cellspacing=0 border=0>
   <tr>
 <td width=100% valign=top>
 <CENTER><FONT FACE="Geneva, Helvetica, Arial, SunSans-Regular" SIZE="2">
@@ -177,7 +177,7 @@
 <option value="#SRDB-ID">SRDB ID</option>
 <option value="#OS">OS</option>
 </select></div></form>
-<table width=100%>
+<table width=100% cellpadding=2 cellspacing=0 border=0>
 <tr bgcolor=#666699><td><font size=2 color=#ffffff><b>SRDB ID</b></font></td>
 <td bgcolor=#ffffff><font size=2>&nbsp;</font></td>
 <td><font size=2 color=#ffffff><b>Synopsis</b></font></td>
@@ -191,7 +191,7 @@
 <td><font size=2><b>4 Sep 1999</b></font></td>
 </tr>
 </table><br clear>
-<table width=100%><tr bgcolor=#999999>
+<table width=100% cellpadding=2 cellspacing=0 border=0><tr bgcolor=#999999>
 <td><font size=2 color=#ffffff><b><a name=Problem-Description>Problem Description</a></b></font></td>
 <td align=right><b><a href="#top"><font size=2 color=#ffffff>Top</font></a></b></td></tr></table>
 <pre>Ever since upgrading to Solaris 2.6, the system clock has been drifting and
@@ -200,7 +200,7 @@ didn''t complete' and 'time reset (step)' a lot in the /var/adm/messages
 file. The system either was previously working fine with the freeware
 xntpd or the configuration was copied from another system that was 
 using the freeware version.
--- 23-Apr-99 08:22 US/Eastern --</pre><table width=100%><tr bgcolor=#999999>
+-- 23-Apr-99 08:22 US/Eastern --</pre><table width=100% cellpadding=2 cellspacing=0 border=0><tr bgcolor=#999999>
 <td><font size=2 color=#ffffff><b><a name=Problem-Solution>Problem Solution</a></b></font></td>
 <td align=right><b><a href="#top"><font size=2 color=#ffffff>Top</font></a></b></td></tr></table>
 <pre>The common lore for setting up xntpd on Solaris using
@@ -221,7 +221,7 @@ clock, the hard clock is also controlled. Setting
 defaulkt behavior, having exactly the opposite effect 
 as that intended.
 
-Do not set <font color=red>dosynctodr</font> to 0.</pre><table width=100%>
+Do not set <font color=red>dosynctodr</font> to 0.</pre><table width=100% cellpadding=2 cellspacing=0 border=0>
 <tr><td bgcolor=#999999 valign=top width=25%><font color=#ffffff size=2><b><a name=Product-Area>Product Area</a></b></font></td>
 <td bgcolor=#cccccc valign=top width=75%><font size=2>Bundled Network</font></td></tr>
 <tr><td bgcolor=#999999 valign=top width=25%><font color=#ffffff size=2><b><a name=Product>Product</a></b></font></td>
diff --git a/html/build/hints/solaris.html b/html/hints/solaris.html
index 9dc2ab1..7161d5d 100644
--- a/html/build/hints/solaris.html
+++ b/html/hints/solaris.html
@@ -38,7 +38,7 @@ set dosynctodr = 0
 <P>
 Instead of the <I>tick</I> kernel variable, which many operating
 systems use to control microseconds added to the system time every
-clock tick (c.f. <A HREF="../../notes.html#frequency_tolerance">Dealing
+clock tick (c.f. <A HREF="../notes.html#frequency_tolerance">Dealing
 with Frequency Tolerance Violations</A>), Solaris has the variables
 <I>nsec_per_tick</I> and <I>usec_per_tick</I>.
 <P>
diff --git a/html/build/hints/solaris.xtra.4023118 b/html/hints/solaris.xtra.4023118
index 84c5d15..84c5d15 100644
--- a/html/build/hints/solaris.xtra.4023118
+++ b/html/hints/solaris.xtra.4023118
diff --git a/html/build/hints/solaris.xtra.4095849 b/html/hints/solaris.xtra.4095849
index 8d3ce80..8d3ce80 100644
--- a/html/build/hints/solaris.xtra.4095849
+++ b/html/hints/solaris.xtra.4095849
diff --git a/html/build/hints/solaris.xtra.S99ntpd b/html/hints/solaris.xtra.S99ntpd
index d8058fd..d8058fd 100644
--- a/html/build/hints/solaris.xtra.S99ntpd
+++ b/html/hints/solaris.xtra.S99ntpd
diff --git a/html/build/hints/solaris.xtra.patchfreq b/html/hints/solaris.xtra.patchfreq
index 9600881..9600881 100644
--- a/html/build/hints/solaris.xtra.patchfreq
+++ b/html/hints/solaris.xtra.patchfreq
diff --git a/html/build/hints/sun4 b/html/hints/sun4
index 424fa18..424fa18 100644
--- a/html/build/hints/sun4
+++ b/html/hints/sun4
diff --git a/html/build/hints/svr4-dell b/html/hints/svr4-dell
index 2c92f8a..2c92f8a 100644
--- a/html/build/hints/svr4-dell
+++ b/html/hints/svr4-dell
diff --git a/html/build/hints/svr4_package b/html/hints/svr4_package
index b9f5ca3..b9f5ca3 100644
--- a/html/build/hints/svr4_package
+++ b/html/hints/svr4_package
diff --git a/html/build/hints/todo b/html/hints/todo
index e0e5ffa..e0e5ffa 100644
--- a/html/build/hints/todo
+++ b/html/hints/todo
diff --git a/html/hints/vxworks.html b/html/hints/vxworks.html
new file mode 100644
index 0000000..f73a01c
--- /dev/null
+++ b/html/hints/vxworks.html
@@ -0,0 +1,85 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+
+<html>
+
+	<head>
+		<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
+		<meta name="generator" content="HTML Tidy, see www.w3.org">
+        <title>vxWorks Port of NTP</title>
+		<link href="../scripts/style.css" type="text/css" rel="stylesheet">
+	</head>
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+
+    <body link="#00008B" vlink="#8B0000">
+        <h4>VxWorks port of NTP</h4>
+        <p>Creating a port for vxWorks posed some problems. This port may help as a starting point for similar ports to real-time OS's and other embeddable kernels, particularly where <tt>main()</tt> is not allowed, and where the configure scripts need to be altered.</p>
+        <h4>Configuration issues</h4>
+        <p>I decided to do as little invasive surgery as possible on the NTP code, so I brought the vxWorks header tree in line with the standard Unix tree. The following changes were needed, as a side effect these changes will allow for easy porting of other autoconfigure enabled code.</p>
+        <p>Where I have 386 you will need to put in your target type. The vxWorks tree entry point is <tt>/usr/wind</tt>. If these are the same for your system, you should be able to cut and paste the changes.</p>
+        <p><blink>WARNING: Check you are not overwriting files, before entering the following: there should be no conflict, but check first...</blink></p>
+		<pre>
+            export CC=&quot;cc386 -nostdlib -m486 -DCPU=I80486 -I/usr/wind/target/h&quot;
+            export RANLIB=ranlib386
+            export AR=ar386
+            export VX_KERNEL=/usr/wind/target/config/ims_std_bsp/vxWorks<br>
+			
+            cd /usr/wind/target/sys
+            ln -s ../signal.h
+            ln -s ../time.h
+            ln -s socket.h sockio.h
+            ln -s ../selectLib.h select.h
+            ln -s ../timers.h
+            touch file.h param.h resource.h utsname.h var.h ../netdb.h ../a.out.h ../termios.h
+         echo &quot; ******ADD #include \&quot;sys/times.h\&quot; to sys/time.h &quot;
+            </pre>
+		The configure script must be changed in the following way to get the linking tests to work, once in the correct directory issue the following commands:
+		
+		<pre>      sed -e 's%main.*()%vxmain()%' configure &gt; configure.vxnew
+            mv configure.vxnew configure
+            chmod 755 configure
+      </pre>
+		<p></p>The new version 4 of NTP requires some maths functions so it links in the maths library (-lm) in the <tt>./ntpd/Makefile.am</tt> file change the line <tt>ntpd_LDADD = $(LDADD) -lm</tt> by removing the &quot;-lm&quot;.</p>
+		 <p>>You are now ready to compile
+		<p>The ./configure.in file needed to be altered to allow for a host-target configuration to take place.</p>
+		<ul>
+            <li>The define SYS_VXWORKS was added to the compilation flags.
+            <li>Little endianess is set if the target is of type iX86.
+            <li>The size of char, integer, long values are all set. If Wind River ever changes these values they will need to be updated.
+            <li>clock_settime() is defined to be used for setting the clock.
+            <li>The Linking flags have -r added to allow for relinking into the vxWorks kernel
+        </ul>
+        <p>Unfortunately I have had to make use of the <tt>./include/ntp_machine.h</tt> file to add in the checks that would have been checked at linking stage by <tt>autoconf</tt>, a better method should be devised.</p>
+        <ul>
+            <li>There is now a <tt>NO_MAIN_ALLOWED</tt> define that simulates command line args, this allows the use of the normal startup sysntax.
+            <li>POSIX timers have been added.
+            <li>Structures normally found in <tt>netdb.h</tt> have been added with, the corresponding code is in <tt>./libntp/machines.c</tt>. Where possible the defines for these have been kept non-vxWorks specific.
+        </ul>
+        <p>Unfortunately there are still quite a few <tt>SYS_VXWORKS</tt> type defines in the source, but I have eliminated as many as possible. You have the choice of using the <tt>usrtime.a</tt> library avaliable from the vxworks archives or forgoing <tt>adjtime()</tt> and using the <tt>clock_[get|set]time()</tt>. The <tt>./include/ntp_machine.h</tt> file clearly marks how to do this.</p>
+        <h4>Compilation issues</h4>
+        <p>You will need autoconf and automake ... available free from the gnu archives worldwide.</p>
+        <p>The variable <tt>arch</tt> is the target architecture (e.g. i486)</p>
+        <pre>
+            mkdir A.vxworks)
+            cd A.vxworks
+            ../configure --target=arch-wrs-vxworks
+            make
+       </pre>
+        <p>Options I normally use are the <tt>--disable-all-clocks --enable-LOCAL-CLOCK</tt> flags. The program should proceed to compile without problem. The daemon ntpd, ntpdate, ntptrace, ntpdc, ntpq programs and of course the libraries are all fully ported. The other utilities are not, but they should be easy to port.</p>
+        <h4>Running the software</h4>
+        <p>Load in the various files, call them in the normal vxWorks function type manner. Here are some examples. Refer to the man pages for further information.</p>
+        <pre>
+            ld &lt; ntpdate/ntpdate
+            ld &lt; ntpd/ntpd
+            ld &lt; ntptrace/ntptrace
+            ld &lt; ntpq/ntpq
+            ld &lt; ntpdc/ntpdc
+            ntpdate (&quot;-b&quot;, &quot;192.168.0.245&quot;)
+            sp(ntpd, &quot;-c&quot;, &quot;/export/home/casey/ntp/ntp.conf&quot;)
+            ntpdc(&quot;-c&quot;, &quot;monlist&quot;, &quot;192.168.0.244&quot;)
+            ntpq(&quot;-c&quot;, &quot;peers&quot;, &quot;192.168.0.244&quot;)
+            ntptrace(&quot;192.168.0.244&quot;)
+        </pre>
+        <p>Casey Crellin, casey@csc.co.za</p>
+    </body>
+
+</html>
\ No newline at end of file
diff --git a/html/hints/winnt.html b/html/hints/winnt.html
new file mode 100644
index 0000000..a2d277f
--- /dev/null
+++ b/html/hints/winnt.html
@@ -0,0 +1,187 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+
+<html>
+
+	<head>
+		<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
+		<meta name="generator" content="HTML Tidy, see www.w3.org">
+        <title>NTP on Windows NT</title>
+		<link href="../scripts/style.css" type="text/css" rel="stylesheet">
+	</head>
+    <body>
+        <h3>NTP 4.x for Windows NT</h3>
+
+        <h4>Introduction</h4>
+		<p>The NTP 4 distribution runs as service on Windows Vista, Windows NT 4.0, Windows 2000, Windows XP, Windows .NET Server 2003. It will NOT run on Windows 95, 98, ME, etc. The binaries work on multi-processor systems. This port has not been tested on the Alpha platform. This release now uses OpenSSL for authentication. IPv6 is not implemented yet for Win32 platforms. A ready-to-run install distribution is available from Meinberg at <a href="http://www.meinberg.de/english/sw/ntp.htm">http://www.meinberg.de/english/sw/ntp.htm.</a></p>
+		<p>Users should note that the stock Windows client sends requests as mode-1 packets, which can have unintended consequences and create a security risk. The client should send requests as mode-3 (client) packets, which conform to the protocol specification. The issues and resolution are described in Microsoft KB 875424. A less desirable alternative that avoids changing registry keys is to use the <tt>--with-wintime</tt> option when building the executable.</p>
+		<h4>Authentication Keys</h4>
+		<p>With this release ntp-keygen is supported. See the <a href="../keygen.html"> ntp keygen documentation</a> for details on how to use ntp-keygen.</p>
+        <p><tt>ntpd</tt> can now use the generated keys in the same way as on Unix platforms. Please refer to the <a href="../authopt.html">Authentication Options</a> for details on how to use these.</p>
+        <p><B>NOTE:</B> ntpd and <tt>ntp-keygen</tt> both use OpenSSL which requires a random
+        character file called <tt>.rnd</tt> by default. Both of these programs will automatically generate this file if they are not found. The programs will look for an environmental variable called RANDFILE and use that for the name of the random character file if the variable exists. If it does not exist it will look for an environmental variable called HOME and use that directory to search for a file called <tt>.rnd</tt> in that directory. Finally, if neither RANDFILE nor HOME exists it will look in <tt>C:\</tt> for a .rnd file. In each case it will search for and create the file if the environmental variable exists or in the C:\ directory if it doesn't.</p>
+        <p>Note that ntpd normally runs as a service so that the only way that it will have either RANDFILE or HOME defined is if it is a System environmental variable or if the service is run under a specific account name and that account has one of those variables defined. Otherwise it will use the file <tt>c:\.rnd</tt>. This was done so that OpenSSL will work normally on Win32 systems. This obviates the need to ship the OpenSSL.exe file and explain how to generate the .rnd file. A future version may change this behavior.</p>
+        <p>Refer to <a href="#Compiling">Compiling Requirements</a> and Instructions for how to compile the program.</p>
+        <h4>Reference Clocks</h4>
+        <p>Reference clock support under Windows NT is tricky because the IO functions are so much different. Some of the clock types have been built into the ntpd executable and should work but have not been tested by the ntp project. If you have a clock that runs on Win32 and the driver is there but not implemented on Win32 you will have make the required configuration changes in config.h and then build ntpd from source and test it. The following reference clock is known to work and is supported by Windows NT: <a href="../drivers/driver1.html">Type 1</a> Undisciplined Local Clock (LOCAL)</p>
+        <h4>Functions Supported</h4>
+        <p>All NTP functions are supported with some constraints. See the <a href="#ToDo">TODO list</a> below. Note that the ntptrace executable is not supported and you should use the PERL script version instead.</p>
+        <h4>Accuracy</h4>
+        <p>Greg Brackley has implemented a fantastic interpolation scheme that improves the precision of the NTP clock using a realtime thread (is that poetic or what!) which captures a tick count from the 8253 counter after each OS tick. The count is used to interpolate the time between operating system ticks.</p>
+        <p>On a typical 200+ MHz system NTP achieves a precision of about 5 microseconds and synchronizes the clock to +/-500 microseconds using the <a href="http://www.trimble.com/products/ntp">Trimble Palisade</a> as UTC reference. This allows distributed applications to use the 10 milliseconds ticks available to them with high confidence.</p>
+        <h4>Binaries</h4>
+        <p>Recent InstallShield based executable versions of NTP for Windows NT (intel) are available from:</p>
+        <ul>
+			<li><a href="http://www.five-ten-sg.com/">http://www.five-ten-sg.com/</a>
+		</ul>
+        <h4 id="ToDo">ToDo</h4>
+        <p>These tasks are in no particular order of priority.</p>
+        <ul>
+            <li>Create a proper install/uninstall program
+            <li>Add sntp to the list of supported programs
+            <li>Add support for Visual C++ 7.0 or later (.NET)
+            <li>Add IPv6 support
+            <li>See if precision can be improved by using CPU cycle counter for tick interpolation.
+            <li>Make precision time available to applications using NTP_GETTIME API
+        </ul>
+        <h4>Compiling Requirements</h4>
+        <ul>
+            <li>Windows NT 4.0 Windows 2000, Windows XP,Windows Vista or Windows.NET Server 2003
+            <li>Microsoft Visual C++ 2008 EE or Visual C++ 2010 EE
+            <li>Some way of uncompressing and untarring the gzipped tar file.
+            <li>OpenSSL must be built on the box before building NTP. Additional steps would
+            be required to not use OpenSSL.
+        <li>Microsoft Visual C++ redistributables</ul>
+        <a name="Compiling"><B>Compiling Instructions</B></a>
+        <ol>
+            <li>Install Micosoft Visual C++ <a href="http://www.microsoft.com/downloads/details.aspx?familyid=9B2DA534-3E03-4391-8A4D-074B9F2BC1BF">redistributables</a>
+            <li>Install <a href="http://www.slproweb.com/products/Win32OpenSSL.html">OpenSSL full installer for Windows</a>. Add the following to your system environment variables in the control panel (adjusting paths as appropriate to point to the directory containing only an openssl subdirectory, for OPENSSL_INC, and to the directory containing openssl .lib files for OPENSSL_LIB:
+<ul><li>	OPENSSL_INC=C:\OpenSSL\include
+<li>	OPENSSL_LIB=C:\OpenSSL\lib</ul>
+            <li>Unpack the NTP-4.x.tar.gz using utilities such as WinZip or WinRar.
+            <li>Run Microsoft Visual C++ 2008 EE.  On Windows Vista and later, Run as Administrator.
+            <li>Open the ports\winnt\vs2008\ntp.sln solution file
+            <li>Batch build all projects (Build menu, Batch Build..., select all, build).
+            <li>The built binaries can be found in the ports\winnt\v2008\bin\ directory.
+            <li>If you are shipping binaries in a kit it is strongly recommended that you ship this file (winnt.html) along with the binaries.
+        </ol>
+        <h4>Configuration File</h4>
+        <p>The default NTP configuration file path is %SystemRoot%<tt>\system32\drivers\etc\. </tt>(%SystemRoot% is an environmental variable that can be determined by typing &quot;set&quot; at the &quot;Command Prompt&quot; or from the &quot;System&quot; icon in the &quot;Control Panel&quot;).</p>
+        <p>Refer to your system environment and <tt>c</tt>reate your<tt> ntp.conf</tt> file in the directory corresponding to your system&nbsp; installation. The older <tt>&lt;WINDIR&gt;\ntp.conf</tt> is still supported but you will get a log entry reporting that the first file wasn't found.
+        <h4>Installation Instructions</h4>
+        <p>The <tt>instsrv</tt> program in the instsrv subdirectory of the distribution can be used to install 'ntpd' as a service and start automatically at boot time. Instsrv is automatically compiled with the rest of the distribution if you followed the steps above.</p>
+        <ol>
+            <li>Start a command prompt and enter &quot;instsrv.exe &lt;pathname_for_ntpd.exe&gt;&quot;
+            <li>Clicking on the &quot;Services&quot; icon in the &quot;Control Panel&quot; will display the list of currently installed services in a dialog box. The NetworkTimeProtocol service should show up in this list. Select it in the list and hit the &quot;Start&quot; button in the dialog box. The NTP service should start.
+            <li>You can also stop and start the service by typing net start|stop NetworkTimeProtocol at the DOS prompt.
+            <li>View the event log by clicking on the &quot;Event Viewer&quot; icon in the &quot;Administrative Tools&quot; group, there should be several successful startup messages from NTP. NTP will keep running and restart automatically when the machine is rebooted.
+        </ol>
+        <p>You can change the start mode (automatic/manual) and other startup parameters corresponding to the NTP service in the &quot;Services&quot; dialog box if you wish.</p>
+        <h4>Removing NTP</h4>
+        <p>You can also use <tt>instsrv</tt> to delete the NTP service by entering: <tt>>&quot;instsrv.exe remove&quot;</tt>
+        <h4>Command Line Parameters and Registry Entries</h4>
+        <p>Unlike the Unix environment, there is no clean way to run 'ntpdate' and reset the clock before starting 'ntpd' at boot time. NTP will step the clock up to 1000 seconds by default. While there is no reason that the system clock should be that much off during bootup if <tt>ntpd</tt> was running before, you may wish to override this default and/or pass other command line directives.
+        <p>Use the registry editor to edit the value for the ntpd executable under LocalMachine\System\CurrentControlSet\Services\NTP.</p>
+        <p>Add the -g option to the ImagePath key, behind &quot;%INSTALLDIR&gt;\ntpd.exe&quot;. This will force NTP to accept large time errors (including 1.1.1980 00:00)</p>
+        <h4>Bug Reports</h4>
+        <p>Send questions and bug reports to <a href="../bugs.html">NTP Bug Reporting Procedures</a>.</p>
+        <h4>Change Log</h4>
+        <h3>Last revision 2 July 2003&nbsp; Version 4.2.0</h3>
+        <p>by Danny Mayer (mayer@ntp.org>)</p>
+        <h4>Significant Changes:</h4>
+        <p>This latest release of NTP constitutes a major upgrade to its ability to build and run on Windows platforms and should now build and run cleanly. More importantly it is now able to support all authentication in the same way as Unix boxes. This does require the usage of OpenSSL which is now a prerequisite for build on Windows. <tt>ntp-keygen</tt> is now supported and builds on Win32 platforms.
+        <h4>Last revision 16 February 1999 Version 4.0.99e.</h4>
+        <p>by Sven Dietrich (sven_dietrich@trimble.com)</p>
+        <p>pSignificant Changes:</p>
+        <ul>
+            <li>Perl 5 is no longer needed to compile NTP. The configuration script which creates version.c with the current date and time was modified by Frederick Czajka [w2k@austin.rr.com] so that Perl is no longer required.
+        </ul>
+        <h4>Last revision 15 November 1999&nbsp; Version 4.0.98f.</h4>
+        <p>by Sven Dietrich (sven_dietrich@trimble.com)</b>
+        <p>ignificant Changes:</p>
+        <ul>
+            <li>Fixed I/O problem delaying packet responses which resulted in no-replys to NTPQ and others.
+            <li>The default configuration file path is <tt>&lt;WINDIR&gt;\system32\drivers\etc\ntp.conf. The old &lt;WINDIR&gt;\ntp.conf </tt>is still supported but you will get a log entry reporting that the first file wasn't found. The NTP 3.x legacy <tt>ntp.ini</tt> file is no longer supported.
+        </ul>
+        <h4>Known Problems / TODO:</h4>
+        <ul>
+            <li>MD5 and name resolution do not yet get along. If you define MD5, you cannot use DNS names, only IP numbers.
+        </ul>
+        <h4>Last revision 27 July 1999&nbsp; Version 4.0.95.</h4>
+		<p>This version compiled under WINNT with Visual C 6.0 by Greg Brackley and Sven Dietrich. Significant changes:</p>
+		<ul>
+            <li>Visual Studio v6.0 support
+            <li>Winsock 2.0 support
+            <li>Use of I/O completion ports for sockets and comm port I/O
+            <li>Removed the use of multimedia timers (from ntpd, others need removing)
+            <li>Use of waitable timers (with user mode APC) and performance counters to fake getting a better time
+            <li>Trimble Palisade NTP Reference Clock support
+            <li>General cleanup, prototyping of functions
+            <li>Moved receiver buffer code to a separate module (removed unused members from the recvbuff struct)
+            <li>Moved io signal code to a separate module
+        </ul>
+		<h4>Last revision:&nbsp; 20-Oct-1996</h4>
+        <p>This version corrects problems with building the XNTPversion 3.5-86 distribution under Windows NT. The following files were modified:</p>
+      	<ul>
+            <li><tt>blddbg.bat</tt>
+            <li><tt>bldrel.bat</tt>
+            <li><tt>include\ntp_machine.h</tt>
+            <li><tt>xntpd\ntp_unixclock.c</tt>
+            <li><tt>xntpd\ntp_refclock.c</tt>
+            <li><tt>scripts\wininstall\build.bat</tt>
+            <li><tt>scripts\wininstall\setup.rul</tt>
+            <li><tt>scripts\wininstall\readme.nt</tt>
+            <li><tt>scripts\wininstall\distrib\ntpog.wri</tt>
+            <li><tt>html\hints\winnt</tt> (this file)
+        </ul>
+        <p>In order to build the entire Windows NT distribution you           need to modify the file scripts\wininstall\build.bat with the installation directory of the InstallShield software.&nbsp; Then, simply type &quot;bldrel&quot; for non-debug or &quot;blddbg&quot; for debug executables.</p>
+        <p>Greg Schueman, 
+        	schueman@acm.org&gt;</p>
+        <h4>Last revision: 07-May-1996</h4>
+        <p>This set of changes fixes all known bugs, and it includes<br>
+        several major enhancements. Many changes have been made both to the build environment as well as the code.&nbsp; There is no longer an ntp.mak file, instead there is a buildntall.bat file that will build the entire    release in one shot. The batch file requires Perl.&nbsp; Perl is easily available from the NT Resource Kit or on the Net.</p>
+        <p>The multiple interface support was adapted from Larry Kahn's       work on the BIND NT port.&nbsp; I have not been able to test it,      adequately as I only have NT servers with one network interfaces on which to test.</p>
+        <p>Enhancements:</p>
+        <ul>
+            <li>Event Logging now works correctly.
+            <li>Version numbers now work (requires Perl during build)
+            <li>Support for multiple network interface cards (untested)
+            <li>NTP.CONF now default, but supports ntp.ini if not found
+            <li>Installation procedure automated.
+            <li>All paths now allow environment variables such as %windir%
+        </ul>
+        <p>Bug fixes</p>
+        <ul>
+            <li>INSTSRV replaced, works correctly
+            <li>Cleaned up many warnings
+            <li>Corrected use of an uninitialized variable in XNTPD
+            <li>Fixed ntpdate -b option
+            <li>Fixed ntpdate to accept names as well as IP addresses
+            (Winsock WSAStartup was called after a gethostbyname())
+            <li>Fixed problem with &quot;longjmp&quot; in xntpdc/ntpdc.c that  caused a software exception on doing a Control-C in xntpdc. A Cntrl-C now terminates the program.
+        </ul>
+        <p>See below for more detail</p>
+        <p>Note: SIGINT is not supported for any Win32 application including; Windows NT and Windows 95. When a CTRL+C interrupt occurs, Win32 operating systems generate a new thread to specifically handle that interrupt. This can cause a single-thread application such as UNIX, to become multithreaded, resulting in unexpected behavior.</p>
+        <p>Possible enhancements and things left to do:</p>
+        <ul>
+            <li>Reference clock drivers for NT (at least Local Clock support)
+            <li>Control Panel Applet
+            <li>InstallShield based installation, like NT BIND has
+            <li>Integration with NT Performance Monitor
+            <li>SNMP integration
+            <li>Fully test multiple interface support
+        </ul>
+        <h4>Known problems:</h4>
+        <ul>
+            <li>bug in ntptrace - if no Stratum 1 servers are available, such as on an IntraNet, the application crashes.
+         </ul>
+        <h4>Last revision: 12-Apr-1995</h4>
+		<p>This NTPv3 distribution includes a sample configuration file and the project makefiles for WindowsNT 3.5 platform using Microsoft Visual C++ 2.0 compiler. Also included is a small routine to install the NTP daemon as a &quot;service&quot; on a WindowsNT box. Besides xntpd, the utilities that have been ported are ntpdate and xntpdc. The port to WindowsNT 3.5 has been tested using a Bancomm TimeServe2000 GPS receiver clock that acts as a stratum 1 NTP server with no authentication (it has not been tested with any refclock drivers compiled in).
+		<p>Following are the known flaws in this port</p>
+		<ul>
+		<li>Currently, I do not know of a way in NT to get information about multiple network interface cards. The current port uses just one socket bound to INADDR_ANY address. Therefore when dealing with a multihomed NT time server, clients should point to the default address on the server (otherwise the reply is not guaranteed to come from the same interface to which the request was sent). Working with Microsoft to get this resolved.
+		<li>There is some problem with &quot;longjmp&quot; in xntpdc/ntpdc.c that causes a software exception on doing a Control-C in xntpdc. Be patient!&gt; 3) The error messages logged by xntpd currently contain only the numerical error code. Corresponding error message string has to be looked up in &quot;Books Online&quot; on Visual C++ 2.0 under the topic &quot;Numerical List of Error Codes&quot;.</ul>
+		<h4>Last HTML Update: November 17, 1999</h4>
+		<p>by Sven_Dietrich@Trimble.COM</p>
+	</body>
+
+</html>
diff --git a/html/howto.html b/html/howto.html
index 3a1007f..49c3d92 100644
--- a/html/howto.html
+++ b/html/howto.html
@@ -13,95 +13,103 @@
 		<h3>How to Write a Reference Clock Driver</h3>
 		<img src="pic/pogo4.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/%7emills/pictures.html">from <i>Pogo</i>, Walt Kelly</a>
 		<p>You need a little magic.</p>
-		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">18:39</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="246">Thursday, July 28, 2005</csobj></p>
-		<br clear="left">
+		<p>Last update: 
+			<!-- #BeginDate format:En2m -->11-Jul-2009  20:44<!-- #EndDate -->
+	</p>
+<br clear="left">
 		<h4>Related Links</h4>
-		<script type="text/javascript" language="javascript" src="scripts/links10.txt"></script>
+		<script type="text/javascript" language="javascript" src="scripts/misc.txt"></script>
 		<h4>Table of Contents</h4>
 		<ul>
-			<li class="inline"><a href="#desc">Description</a>
-			<li class="inline"><a href="#file">Files Which Need to be Changed</a>
-			<li class="inline"><a href="#intf">Interface Routine Overview</a>
+			<li class="inline"><a href="#desc">Description</a></li>
+			<li class="inline"><a href="#file">Files Which Need to be Changed</a></li>
+			<li class="inline"><a href="#intf">Interface Routine Overview</a></li>
+			<li class="inline"><a href="#pps">Pulse-per-Second Interface</a></li>
 		</ul>
 		<hr>
 		<h4 id="desc">Description</h4>
-		<p>NTP reference clock support maintains the fiction that the clock is actually an ordinary peer in the NTP tradition, but operating at a synthetic stratum of zero. The entire suite of algorithms used to filter the received data, select the best clocks or peers and combine them to produce a system clock correction operate just like ordinary NTP peers. In this way, defective clocks can be detected and removed from the peer population. As no packets are exchanged with a reference clock; however, the transmit, receive and packet procedures are replaced with separate code to simulate them.</p>
-		<p>It is important to understand how the NTP clock driver interface works. The driver assumes three timescales: standard time maintained by a distant laboratory such as USNO or NIST, reference time maintained by the external radio and the system time maintained by NTP. The radio synchronizes reference time and frequency to standard time via radio, satellite or modem. As the transmission means may not always be reliable, most radios continue to provide clock updates for some time after signal loss using an internal reference oscillator. In such cases the radio may or may not reveal the time since last synchronized and/or the estimated time error.</p>
-		<p>All three timescales run <i>only</i> in Coordinated Universal Time (UTC), 24-hour format, and are not adjusted for local timezone or standard/daylight time. The local timezone, standard/daylight indicator and year, if provided, are ignored. However, it is important to determine whether a leap second is to be inserted in the UTC timescale in the near future so NTP can insert it in the system timescale at the appropriate epoch.</p>
-		<p>The NTP clock driver synchronizes the system time and frequency to the radio via serial or parallel port, PPS signal or other means. The driver routinely checks the radio timecode string or status indicators to determine whether it is operating correctly or not. If it is, the driver decodes the radio timecode in days, hours, minutes, seconds and nanoseconds and provides these data with the NTP receive timestamp corresponding to the on-time epoch of the timecode. The driver interface computes the difference between the timecode time and NTP timestamp and saves the difference in a circular buffer for later processing. Once each poll interval, usually 64 s, the driver provides ancillary data including leap bits and last reference time to the interface. The interface processes the circular buffer using a median/trimmed mean algorithm to extract the best estimate and provides this and the ancillary data to the clock filter as with ordinary NTP peers.</p>
-		<p>The audio drivers are designed to look like a typical external radio in that the reference oscillator is derived from the audio codec oscillator and separate from the system clock oscillator. In the WWV and IRIG drivers, the codec oscillator is disciplined in frequency to the standard timescale via radio or local sources and can be assumed to have the same reliability and accuracy as an external radio. In these cases the driver continues to provide updates to the clock filter even if the WWV or IRIG signals are lost. However, the interface is provided the last reference time when the signals were received and increases the dispersion as expected with an ordinary peer.</p>
-		<p>The best way to understand how the clock drivers work is to study the <tt>ntp_refclock.c</tt> module and one of the drivers already implemented, such as <tt>refclock_wwvb.c</tt>. Routines <tt>refclock_transmit()</tt> and <tt>refclock_receive()</tt> maintain the peer variables in a state analogous to a network peer and pass received data on through the clock filters. Routines <tt>refclock_peer()</tt> and <tt>refclock_unpeer()</tt> initialize and terminate reference clock associations, should this ever be necessary. A set of utility routines is included to open serial devices, process sample data, edit input lines to extract embedded timestamps and to perform various debugging functions.</p>
-		<p>The main interface used by these routines is the <tt>refclockproc</tt> structure, which contains for most drivers the decimal equivalents of the year, day, month, hour, second and nanosecond decoded from the radio timecode. Additional information includes the receive timestamp, reference timestamp, exception reports, statistics tallies, etc. The support routines are passed a pointer to the <tt>peer</tt> structure, which is used for all peer-specific processing and contains a pointer to the <tt>refclockproc</tt> structure, which in turn contains a pointer to the unit structure, if used. For legacy purposes, a table <tt>typeunit[type][unit]</tt> contains the peer structure pointer for each configured clock type and unit. This structure should not be used for new implementations.</p>
-		<p>The reference clock interface supports auxiliary functions to support in-stream timestamping, pulse-per-second (PPS) interfacing and precision time kernel support. In most cases the drivers do not need to be aware of them, since they are detected at autoconfigure time and loaded automatically when the device is opened. These include the <tt>tty_clk</tt> STREAMS module and <tt>ppsapi</tt> PPS interface described in the <a href="ldisc.html">Line Disciplines and Streams Modules</a> page. The <tt>tty_clk</tt> module reduces latency errors due to the operating system and serial port code in slower systems. The <tt>ppsapi</tt> PPS interface replaces the <tt>ppsclock</tt> STREAMS module and is expected to become the IETF standard cross-platform interface for PPS signals. In either case, the PPS signal can be connected via a level converter/pulse generator described in the <a href="pps.html">Pulse-per-second (PPS) Signal Interfacing</a> page.</p>
-		<p>Radio and modem reference clocks by convention have addresses in the form <tt>127.127.<i>t</i>.<i>u</i></tt>, where <i>t</i> is the clock type and <i>u</i> in the range 0-3 is used to distinguish multiple instances of clocks of the same type. Most clocks require a serial or parallel port or special bus peripheral. The particular device is normally specified by adding a soft link <tt>/dev/device<i>d</i>d</tt> to the particular hardware device involved, where <tt><i>d</i></tt> corresponds to the unit number.</p>
-		<p>By convention, reference clock drivers are named in the form <tt>refclock_<i>xxxx</i>.c</tt>, where <i>xxxx</i> is a unique string. Each driver is assigned a unique type number, long-form driver name, short-form driver name and device name. The existing assignments are in the <a href="refclock.html">Reference Clock Drivers</a> page and its dependencies. All drivers supported by the particular hardware and operating system are automatically detected in the autoconfigure phase and conditionally compiled. They are configured when the daemon is started according to the configuration file, as described in the <a href="build/config.html">Configuration Options</a> page.</p>
-		<p>The standard clock driver interface includes a set of common support routines some of which do such things as start and stop the device, open the serial port, and establish special functions such as PPS signal support. Other routines read and write data to the device and process time values. Most drivers need only a little customizing code to, for instance, transform idiosyncratic timecode formats to standard form, poll the device as necessary, and handle exception conditions. A standard interface is available for remote debugging and monitoring programs, such as <tt>ntpq</tt> and <tt>ntpdc</tt>, as well as the <tt>filegen</tt> facility, which can be used to record device status on a continuous basis.</p>
-		<p>The general organization of a typical clock driver includes a receive-interrupt routine to read a timecode from the I/O buffer and convert to internal format, generally in days, hours, minutes, seconds and fraction. Some timecode formats include provisions for leap-second warning and determine the clock hardware and software health. The interrupt routine then calls <tt>refclock_process()</tt> with these data and the timestamp captured at the on-time character of the timecode. This routine saves each sample as received in a circular buffer, which can store from a few up to 60 samples, in cases where the timecodes arrive one per second.</p>
-		<p>The <tt>refclock_transmit()</tt> routine in the interface is called by the system at intervals defined by the poll interval in the peer structure, generally 64 s. This routine in turn calls the transmit poll routine in the driver. In the intended design, the driver calls the <tt>refclock_receive()</tt> to process the offset samples that have accumulated since the last poll and produce the final offset and variance. The samples are processed by recursively discarding median outlyers until about 60 percent of samples remain, then averaging the surviving samples. When a reference clock must be explicitly polled to produce a timecode, the driver can reset the poll interval so that the poll routine is called a specified number of times at 1-s intervals.</p>
-		<p>The interface code and this documentation have been developed over some time and required not a little hard work converting old drivers, etc. Should you find success writing a driver for a new radio or modem service, please consider contributing it to the common good. Send the driver file itself and patches for the other files to Dave Mills (mills@udel.edu).</p>
+		<p>NTP reference clock support maintains the fiction that the clock is actually an ordinary server in the NTP tradition, but operating at a synthetic stratum of zero. The entire suite of algorithms filter the received data and select the best sources to correct the system clock. No packets are exchanged with a reference clock; however, the transmit, receive and packet procedures are replaced with code to simulate them.</p>
+		<p>The driver assumes three timescales: standard time maintained by a distant laboratory such as USNO or NIST, reference time maintained by the external radio and the system time maintained by NTP. The radio synchronizes reference time via radio, satellite or modem. As the transmission means may not always be reliable, most radios continue to provide clock updates for some time after signal loss using an internal reference oscillator. In such cases the radio may or may not reveal the time since last synchronized or the estimated time error.</p>
+		<p>All three timescales run only in Coordinated Universal Time (UTC) and are not adjusted for local timezone or standard/daylight time. The local timezone, standard/daylight indicator and year, if provided, are ignored. However, it is important to determine whether a leap second is to be inserted in the UTC timescale in the near future so NTP can insert it in the system timescale at the appropriate epoch.</p>
+		<p>The interface routines in the <tt>ntp_refclock.c</tt> source file call the following driver routines via a transfer vector:</p>
+		<dl>
+			<dt><tt>startup</tt></dt>
+			<dd>The association has just been mobilized. The driver may allocate a private structure and open the device(s) required.</dd>
+			
+			<dt><tt>shutdown</tt></dt>
+			<dd>The association is about to be demobilized. The driver should close all device(s) and free private structures.</dd>
+			<dt><tt>receive</tt></dt>
+			<dd>A timecode string is ready for retrieval using the <tt>refclock_gtlin()</tt> or <tt>refclock_gtraw()</tt> routines and provide clock updates.</dd>
+			<dt><tt>poll</tt></dt>
+			<dd>Called at poll timeout, by default 64 s. Ordinarily, the driver will send a poll sequence to the radio as required.</dd>
+			<dt><tt>timer</tt></dt>
+			<dd>Called once per second. This can be used for housekeeping functions. In the case with pulse-per-second (PPS) signals, this can be used to process the signals and provide clock updates.</dd>
+		</dl>
+		<p>The receive routine retrieves a timecode string via serial or parallel port, PPS signal or other means. It decodes the timecode in days, hours, minutes, seconds and nanoseconds and checks for errors. It provides these data along with the on-time timestamp to the <tt>refclock_process</tt> routine, which saves the computed offset in a 60-sample circular buffer. On occasion, either by timeout, sample count or call to the poll routine, the driver calls <tt>refclock_receive</tt> to process the circular buffer samples and update the system clock.</p>
+		<p>The best way to understand how the clock drivers work is to study one of the drivers already implemented, such as <tt>refclock_wwvb.c</tt>. The main interface is the <tt>refclockproc</tt> structure, which contains for most drivers the decoded timecode, on-time timestamp, reference timestamp, exception reports and statistics tallies, etc. The support routines are passed a pointer to the <tt>peer</tt> structure, which contains a pointer to the <tt>refclockproc</tt> structure, which in turn contains a pointer to the unit structure, if used. For legacy purposes, a table <tt>typeunit[type][unit]</tt> contains the peer structure pointer for each configured clock type and unit. This structure should not be used for new implementations.</p>
+		<p>Radio and modem reference clocks by convention have addresses of the form <tt>127.127.<i>t</i>.<i>u</i></tt>, where <i>t</i> is the clock type and <i>u</i> in the range 0-3 is used to distinguish multiple instances of clocks of the same type. Most clocks require a serial or parallel port or special bus peripheral. The particular device is normally specified by adding a soft link <tt>/dev/device<i>u</i></tt> to the particular hardware device.</p>
+		<p>By convention, reference clock drivers are named in the form <tt>refclock_<i>xxxx</i>.c</tt>, where <tt><i>xxxx</i></tt> is a unique string. Each driver is assigned a unique type number, long-form driver name, short-form driver name and device name. The existing assignments are in the <a href="refclock.html">Reference Clock Drivers</a> page and its dependencies. All drivers supported by the particular hardware and operating system are automatically detected in the autoconfigure phase and conditionally compiled.</p>
 		<h4>Conventions, Fudge Factors and Flags</h4>
-		<p>Most drivers support manual or automatic calibration for systematic offset bias using values encoded in the <tt>fudge</tt> configuration command. By convention, the <tt>time1</tt> value defines the calibration offset in seconds. For those drivers that support statistics collection using the <tt>filegen</tt> utility and the <tt>clockstats</tt> file, the <tt>flag4</tt> switch enables the utility. When a PPS signal is available, a special automatic calibration facility is provided. If the <tt>flag1</tt> switch is set and the PPS signal is actively disciplining the system time, the calibration value is automatically adjusted to maintain a residual offset of zero. Should the PPS signal or the prefer peer fail, the adjustment is frozen and the remaining drivers continue to discipline the system clock with a minimum of residual error.</p>
+		<p>Most drivers support manual or automatic calibration for systematic offset bias using values encoded in the <tt>fudge</tt> configuration command. By convention, the <tt>time1</tt> value defines the calibration offset in seconds. For those drivers that support statistics collection using the <tt>filegen</tt> utility and the <tt>clockstats</tt> file, the <tt>flag4</tt> switch enables the utility.</p>
+		<p>If the calibration feature has been enabled, the <tt>flag1</tt> switch is set and the PPS signal is actively disciplining the system time, the <tt>time1</tt> value is automatically adjusted to maintain a residual offset of zero. Once the its value has stabilized, the value can be inserted in the configuration file and the calibration feature disabled.</p>
 		<h4 id="file">Files Which Need to be Changed</h4>
-		<p>A new reference clock implementation needs to supply, in addition to the driver itself, several changes to existing files.</p>
+		<p>When a new reference clock driver is installed, the following files need to be edited. Note that changes are also necessary to properly integrate the driver in the configuration and makefile scripts, but these are decidedly beyond the scope of this page.</p>
 		<dl>
-			<dt><tt>./include/ntp.h</tt>
-			<dd>The reference clock type defines are used in many places. Each driver is assigned a unique type number. Unused numbers are clearly marked in the list. A unique <tt>REFCLK_<i>xxxx</i></tt> identification code should be recorded in the list opposite its assigned type number.
-			<dt><tt>./libntp/clocktypes.c</tt>
-			<dd>The <tt>./libntp/clktype</tt> array is used by certain display functions. A unique short-form name of the driver should be entered together with its assigned identification code.
-			<dt><tt>./ntpd/ntp_control.c</tt>
-			<dd>The <tt>clocktypes</tt> array is used for certain control message displays functions. It should be initialized with the reference clock class assigned to the driver, as per the NTP specification RFC-1305. See the <tt>./include/ntp_control.h</tt> header file for the assigned classes.
-			<dt><tt>./ntpd/refclock_conf.c</tt>
-			<dd>This file contains a list of external structure definitions which are conditionally defined. A new set of entries should be installed similar to those already in the table. The <tt>refclock_conf</tt> array is a set of pointers to transfer vectors in the individual drivers. The external name of the transfer vector should be initialized in correspondence with the type number.
-			<dt><tt>./configure.in</tt>
-			<dd>This is a configuration file used by the autoconfigure scheme. Add lines similar to the following:
-				<pre>
-  AC_MSG_CHECKING(FOO clock_description)
-  AC_ARG_ENABLE(FOO,
-      AC_HELP_STRING([--enable-FOO], [x clock_description]),
-      [ntp_ok=$enableval], [ntp_ok=$ntp_eac])
-  if test &quot;$ntp_ok&quot; = &quot;yes&quot;; then
-      ntp_refclock=yes
-      AC_DEFINE(CLOCK_FOO, 1, [Foo clock?])
-  fi
-  AC_MSG_RESULT($ntp_ok)
-</pre>
-			<dd>(Note that <tt>$ntp_eac</tt> is the value from <tt>--{dis,en}able-all-clocks</tt> for non-PARSE clocks and <tt>$ntp_eacp</tt> is the value from <tt>--{dis,en}able-parse-clocks</tt> for PARSE clocks. See the documentation on the autoconf and automake tools from the GNU distributions.)
-			<dt><tt>./ntpd/Makefile.am</tt>
-			<dd>This is the makefile prototype used by the autoconfigure scheme. Add the driver file name to the entries already in the <tt>ntpd_SOURCES</tt> list.
-			<dd>Do the following sequence of commands:
-				<pre>
-  autoreconf
-  configure
-</pre>
-			<dd>or simply run <tt>make</tt>, which will do this command sequence automatically.
+			<dt><tt>./include/ntp.h</tt></dt>
+			<dd>The reference clock type defines are used in many places. Each driver is assigned a unique type number. Unused numbers are clearly marked in the list. A unique <tt>REFCLK_<i>xxxx</i></tt> identification code should be recorded in the list opposite its assigned type number.</dd>
+			<dt><tt>./libntp/clocktypes.c</tt></dt>
+			<dd>The <tt>./libntp/clktype</tt> array is used by certain display functions. A unique short-form name of the driver should be entered together with its assigned identification code.</dd>
+			<dt><tt>./ntpd/ntp_control.c</tt></dt>
+			<dd>The <tt>clocktypes</tt> array is used for certain control message displays functions. It should be initialized with the reference clock class assigned to the driver, as per the NTP specification RFC-1305. See the <tt>./include/ntp_control.h</tt> header file for the assigned classes.</dd>
+			<dt><tt>./ntpd/refclock_conf.c</tt></dt>
+			<dd>This file contains a list of external structure definitions which are conditionally defined. A new set of entries should be installed similar to those already in the table. The <tt>refclock_conf</tt> array is a set of pointers to transfer vectors in the individual drivers. The external name of the transfer vector should be initialized in correspondence with the type number.</dd>			
 		</dl>
 		<h4 id="intf">Interface Routine Overview</h4>
 		<dl>
-			<dt><tt>refclock_newpeer</tt> - initialize and start a reference clock
-			<dd>This routine allocates and initializes the interface structure which supports a reference clock in the form of an ordinary NTP peer. A driver-specific support routine completes the initialization, if used. Default peer variables which identify the clock and establish its reference ID and stratum are set here. It returns one if success and zero if the clock address is invalid or already running, insufficient resources are available or the driver declares a bum rap.
-			<dt><tt>refclock_unpeer</tt> - shut down a clock
-			<dd>This routine is used to shut down a clock and return its resources to the system.
-			<dt><tt>refclock_transmit</tt> - simulate the transmit procedure
-			<dd>This routine implements the NTP transmit procedure for a reference clock. This provides a mechanism to call the driver at the NTP poll interval, as well as provides a reachability mechanism to detect a broken radio or other madness.
-			<dt><tt>refclock_sample</tt> - process a pile of samples from the clock
-			<dd>This routine converts the timecode in the form days, hours, minutes, seconds, milliseconds/microseconds to internal timestamp format. It then calculates the difference from the receive timestamp and assembles the samples in a shift register. It implements a recursive median filter to suppress spikes in the data, as well as determine a rough dispersion estimate. A configuration constant time adjustment <tt>fudgetime1</tt> can be added to the final offset to compensate for various systematic errors. The routine returns one if success and zero if failure due to invalid timecode data or very noisy offsets.
-			<dd>Note that no provision is included for the year, as provided by some (but not all) radio clocks. Ordinarily, the year is implicit in the Unix file system and hardware/software clock support, so this is ordinarily not a problem. Nevertheless, the absence of the year should be considered more a bug than a feature and may be supported in future.
-			<dt><tt>refclock_receive</tt> - simulate the receive and packet procedures
-			<dd>This routine simulates the NTP receive and packet procedures for a reference clock. This provides a mechanism in which the ordinary NTP filter, selection and combining algorithms can be used to suppress misbehaving radios and to mitigate between them when more than one is available for backup.
-			<dt><tt>refclock_gtlin</tt> - groom next input line and extract timestamp
-			<dd>This routine processes the timecode received from the clock and removes the parity bit and control characters. If a timestamp is present in the timecode, as produced by the <tt>tty_clk</tt> line discipline/streams module, it returns that as the timestamp; otherwise, it returns the buffer timestamp. The routine return code is the number of characters in the line.
-			<dt><tt>refclock_open</tt> - open serial port for reference clock
-			<dd>This routine opens a serial port for I/O and sets default options. It returns the file descriptor if success and zero if failure.
-			<dt><tt>refclock_ioctl</tt> - set serial port control functions
-			<dd>This routine attempts to hide the internal, system-specific details of serial ports. It can handle POSIX (<tt>termios</tt>), SYSV (<tt>termio</tt>) and BSD (<tt>sgtty</tt>) interfaces with varying degrees of success. The routine sets up the <tt>tty_clk, chu_clk</tt> and <tt>ppsclock</tt> streams module/line discipline, if compiled in the daemon and requested in the call. The routine returns one if success and zero if failure.
-			<dt><tt>refclock_control</tt> - set and/or return clock values
-			<dd>This routine is used mainly for debugging. It returns designated values from the interface structure that can be displayed using ntpdc and the clockstat command. It can also be used to initialize configuration variables, such as <tt>fudgetimes, fudgevalues,</tt> reference ID and stratum.
-			<dt><tt>refclock_buginfo</tt> - return debugging info
-			<dd>This routine is used mainly for debugging. It returns designated values from the interface structure that can be displayed using <tt>ntpdc</tt> and the <tt>clkbug</tt> command.
+			<dt><tt>refclock_newpeer</tt> - initialize and start a reference clock.</dt>
+			<dd>This routine allocates and initializes the interface structure which supports a reference clock in the form of an ordinary NTP peer. A driver-specific support routine completes the initialization, if used. Default peer variables which identify the clock and establish its reference ID and stratum are set here. It returns one if success and zero if the clock address is invalid or already running, insufficient resources are available or the driver declares a bum rap.</dd>
+			<dt><tt>refclock_unpeer</tt> - shut down a clock</dt>
+			<dd>This routine is used to shut down a clock and return its resources to the system.</dd>
+			<dt><tt>refclock_transmit</tt> - simulate the transmit procedure</dt>
+			<dd>This routine implements the NTP transmit procedure for a reference clock. This provides a mechanism to call the driver at the NTP poll interval, as well as provides a reachability mechanism to detect a broken radio or other madness.</dd>
+			<dt><tt>refclock_process</tt> - insert a sample in the circular buffer</dt>
+			<dd>This routine saves the offset computed from the on-time timestamp and the days, hours, minutes, seconds and nanoseconds in the circular buffer. Note that no provision is included for the year, as provided by some (but not all) radio clocks. Ordinarily, the year is implicit in the Unix file system and hardware/software clock support, so this is ordinarily not a problem.</dd>
+			<dt><tt>refclock_receive</tt> - simulate the receive and packet procedures</dt>
+			<dd>This routine simulates the NTP receive and packet procedures for a reference clock. This provides a mechanism in which the ordinary NTP filter, selection and combining algorithms can be used to suppress misbehaving radios and to mitigate between them when more than one is available for backup.</dd>
+			<dt><tt>refclock_gtraw</tt>, <tt>refclock_gtlin</tt> - read the buffer and on-time timestamp</dt>
+			<dd>These routines return the data received from the clock and the on-time timestamp. The <tt>refclock_gtraw</tt> routine returns a batch of one or more characters returned by the Unix terminal routines in raw mode. The <tt>refclock_gtlin</tt> routine removes the parity bit and control characters and returns all the characters up to and including the line terminator. Either routine returns the number of characters delivered.</dd>
+			<dt><tt>refclock_open</tt> - open a serial port for reference clock</dt>
+			<dd>This routine opens a serial port for I/O and sets default options. It returns the file descriptor if success and zero if failure.</dd>
+			<dt><tt>refclock_ioctl</tt> - set serial port control functions</dt>			
+			<dd>This routine attempts to hide the internal, system-specific details of serial ports. It can handle POSIX (<tt>termios</tt>), SYSV (<tt>termio</tt>) and BSD (<tt>sgtty</tt>) interfaces with varying degrees of success. The routine returns one if success and zero if failure.</dd>
+			<dt><tt>refclock_ppsapi</tt></dt>
+			<dd>This routine initializes the Pulse-per-Second interface (see below).</dd>
+			<dt><tt>refclock_pps</tt></dt>
+			<dd>This routine is called once per second to read the latest PPS offset and save it in the circular buffer (see below).</dd>
 		</dl>
+		<h4 id="pps">Pulse-per-Second Interface</h4>
+		<p>When the Pulse-per-Second Application Interface (RFC 2783) is present, a
+			compact PPS interface is available to all drivers. See the <a href="prefer.html">Mitigation
+			Rules and the Prefer Peer</a> page for further information. To use this interface,
+			include the <tt>timeppps.h</tt> and <tt>refclock_atom.h</tt> header files
+			and define the <tt>refclock_atom</tt> structure in the driver private storage.
+			The <tt>timepps.h</tt> file is specific to each operating system and may not
+			be available for some systems.</p>
+		<p>To use the interface, call <tt>refclock_ppsapi</tt> from the startup routine
+			passing the device file descriptor and <tt>refclock_atom</tt> structure pointer.
+			Then, call <tt>refclock_pps</tt> from the timer routine passing the association
+			pointer and <tt>refclock_atom</tt> structure pointer. See the <tt>refclock_atom.c</tt> file
+			for examples and calling sequences. If the PPS signal is valid, the offset
+			sample will be save in the circular buffer and a bit set in the association
+			flags word indicating the sample is valid and the driver an be selected as
+			a PPS peer. If this bit is set when the poll routine is called, the driver
+			calls the <tt>refclock_receive</tt> routine to process the samples in the
+			circular buffer and update the system clock.</p> 
+
 		<hr>
-		<center>
-			<img src="pic/pogo1a.gif" alt="gif"></center>
+		<div align="center">
+			<img src="pic/pogo1a.gif" alt="gif">
+			</div>
 		<br>
 		<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
 	</body>
diff --git a/html/index.html b/html/index.html
index 5c19313..9ba5c6f 100644
--- a/html/index.html
+++ b/html/index.html
@@ -13,84 +13,75 @@
 		<h3>The Network Time Protocol (NTP) Distribution</h3>
 		<img src="pic/barnstable.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/%7emills/pictures.html"><i>P.T. Bridgeport Bear</i>; from <i>Pogo</i>, Walt Kelly</a>
 		<p>Pleased to meet you.</p>
-		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">18:39</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="246">Thursday, July 28, 2005</csobj></p>
-		<br clear="left">
+		<p>Last update:
+			<!-- #BeginDate format:En2m -->07-Nov-2009  20:43<!-- #EndDate --> 
+		UTC</p>
+<br clear="left">
 		<h4>Related Links</h4>
-		<script type="text/javascript" language="javascript" src="scripts/links7.txt"></script>
-		<br clear="left">
-		<h4>Table of Contents</h4>
 		<ul>
-			<li class="inline"><a href="#intro">Introduction</a>
-			<li class="inline"><a href="#build">Building and Installing NTP</a>
-			<li class="inline"><a href="#conf">Configuring Clients and Servers</a>
-			<li class="inline"><a href="#prog">Program Manual Pages</a>
-			<li class="inline"><a href="#docs">Supporting Documentation</a>
-			<li class="inline"><a href="#back">Background Information</a>
-			<li class="inline"><a href="#app">Application Notes</a>
+			<li>A list of all links is on the <a href="sitemap.html">Site Map</a> page.</li>
 		</ul>
+		<h4>Table of Contents</h4>
+		<ul>
+			<li class="inline"><a href="#intro">Introduction</a></li>
+			<li class="inline"><a href="#build">Building and Installing NTP</a></li>
+			<li class="inline"><a href="#conf">Configuring Clients and Servers</a></li>
+			<li class="inline"><a href="#opt">Features and Options</a></li>
+			<li class="inline"><a href="#prob">Resolving Problems</a></li>
+			<li class="inline"><a href="#info">Further Information</a></li>
+	</ul>
 		<hr>
 		<h4 id="intro">Introduction</h4>
-		<p>Note: The software contained in this distribution is available without charge under the conditions set forth in the <a href="copyright.html">Copyright Notice</a>.</p>
-		<p>The Network Time Protocol (NTP) is used to synchronize the time of a computer client or server to another server or reference time source, such as a radio or satellite receiver or modem. It provides accuracies typically within a millisecond on LANs and up to a few tens of milliseconds on WANs relative to Coordinated Universal Time (UTC) via a Global Positioning Service (GPS) receiver, for example. Typical NTP configurations utilize multiple redundant servers and diverse network paths in order to achieve high accuracy and reliability.</p>
-		<p>This software release implements NTP Version 4 (NTPv4), but is in general backwards compatible with previous versions except NTP Version 1, support for which is no longer viable. NTPv4 includes support for both symmetric key and public key cryptography to prevent accidental or malicious protocol attacks, as well as automatic server discovery using IP multicast means. This release includes full support for the IPv6 address family, where the operating system supports it, as well as the default IPv4 address family. Either or both families can be used at the same time on the same machine.</p>
-		<p>Background information on computer network time synchronization can be found on the <a href="http://www.eecis.udel.edu/%7emills/exec.html">Executive Summary - Computer Network Time Synchronization</a> page. Discussion on protocol conformance issues and interoperability with previous NTP versions can be found on the <a href="http://www.eecis.udel.edu/%7emills/biblio.html">Protocol Conformance Statement</a> page. Discussion on how NTP reckons the time can be found on the <a href="http://www.eecis.udel.edu/%7emills/leap.html">NTP Timescale and Leap Seconds</a> page. Background information, bibliography and briefing slides suitable for presentations can be found on the <a href="http://www.eecis.udel.edu/%7emills/ntp.html">Network Time Synchronization Project</a> page. Additional information can be found at the NTP web site <a href="http://www.ntp.org">www.ntp.org</a>. Please send bug reports to <a href="mailto:bugs@mail.ntp.org">&lt;bugs@mail.ntp.org&gt;</a>.</p>
+		<p>Note: The NTP Version 4 software contained in this distribution is available without charge under the conditions set forth in the <a href="copyright.html">Copyright Notice</a>.</p>
+		<dl>
+		<dd>It is very important that readers understand that the NTP document collection began 25 years ago and remains today a work in progress. It has evolved as new features were invented and old features retired. It has been widely copied, cached and morphed to other formats, including man pages, with varying loss of fidelity. However, these HTML pages are the ONLY authoritative and definitive reference. Readers should always use the collection that comes with the distribution they use. A copy of the online collection at <a href="http://www.ntp.org">www.ntp.org</a> is normally included in the most recent snapshot, but might not agree with an earlier snapshot or release version.</dd>
+		</dl>
+		<p>The Network Time Protocol (NTP) is widely used to synchronize a computer
+			to Internet time servers or other sources, such as a radio or satellite
+			receiver or telephone modem service. It can also be used as a server
+			for dependent clients. It provides accuracies typically less than
+			a millisecond on LANs and up to a few milliseconds on WANs. Typical
+			NTP configurations utilize multiple redundant servers and diverse
+			network paths in order to achieve high accuracy and reliability.
+			Authentication is provided  using symmetric key cryptography and
+			the MD5 message digest algorithm included in the distribution. If
+			the OpenSSL cryptographic library is installed, the SHA or SHA1 message
+			digest algorithms can be used. If the OpenSSL library is installed,
+			additional options based on public key cryptography are available.</p>
+	<p>NTP time synchronization services are widely available in the public Internet.
+		The public NTP subnet in early 2008 includes several thousand servers
+		in most countries and on every continent of the globe, including Antarctica.
+		These servers support a total population estimated at over 25 million computers
+		in the global Internet. The NTP subnet operates with a hierarchy of levels,
+		where each level is assigned a number called the stratum. Stratum 1 (primary)
+		servers at the lowest level are directly synchronized to national time services.
+		Stratum 2 (secondary) servers at the next higher level are synchronize to stratum
+		1 servers and so on. Normally, NTP clients and servers with a relatively small
+		number of clients do not synchronize to public primary servers. There
+		are several hundred public secondary servers operating at higher strata and
+		are the preferred choice. </p>
+		<p>Background information on computer network time synchronization is on the <a href="http://www.eecis.udel.edu/%7emills/exec.html">Executive Summary - Computer Network Time Synchronization</a> page. Discussion on new features and interoperability with previous NTP versions is on the <a href="release.html">NTP Version 4 Release Notes</a> page. Background information, bibliography and briefing slides suitable for presentations are on the <a href="http://www.eecis.udel.edu/%7emills/ntp.html">Network Time Synchronization Research Project</a> page. Additional information is at the NTP web site <a href="http://www.ntp.org">www.ntp.org</a>.</p>
 		<h4 id="build">Building and Installing NTP</h4>
-		<p>NTP supports Unix and Windows (XP, NT4 and 2000) systems. The <a href="build/build.html">Building and Installing the Distribution</a> page presents an overview of the procedures for compiling the distribution and installing it on a typical client or server. The build procedures inspect the system hardware and software environment and automatically select the appropriate options for that environment. While these procedures work with most computers and operating systems marketed today, exceptions requiring manual intervention do exist, as documented on the <a href="build/config.html">Configuration Options</a> and <a href="release.html">Release Notes</a> pages.</p>
-		<p>Bringing up a NTP primary server requires a radio or satellite receiver or modem. The distribution includes hardware drivers for some forty radio and satellite clocks and modem services. A list of supported drivers is given on the <a href="refclock.html">Reference Clock Drivers</a> page. It is also possible to use an otherwise undisciplined machine as a primary or backup server, as described on the <a href="drivers/driver1.html">Undisciplined Local Clock</a> page. For most popular workstations marketed by Sun, Silicon Graphics and Hewlett Packard, as well as widely available Unix clones such as FreeBSD and Linux, the automatic build procedures select all drivers that run on the target machine. While this increases the size of the executable binary somewhat, individual drivers can be included or excluded using the configure utility documented in the Configuration Options page.</p>
-		<p>Some programs included in this distribution use cryptographic algorithms to verify authenticity and credentials. Where local security policy permits relatively weak symmetric key cryptography, the required software is included in this distribution. However, where local policy requires stronger public key cryptography, additional software not in this distribution is required. This distribution uses the OpenSSL library available from <a href="http://www.openssl.org">http://www.openssl.org</a>. This library is also used by the Secure Shell facility, so is often already installed on Unix workstations and servers. It includes support for most message digest and digital signature algorithms used in the industry, as well as X.509 certificate generation, signing and verification.</p>
-		<p>While public key cryptography is optional but highly recommended for all NTP operations, it is required for the NTPv4 Autokey protocol described on the <a href="http://www.eecis.udel.edu/%7emills/autokey.html">Autonomous Authentication</a> page and is an integral component of the generic automatic configuration scheme described on the <a href="http://www.eecis.udel.edu/%7emills/autocfg.html">Autonomous Configuration</a> page. In addition, access can be restricted in various ways described on the <a href="accopt.html">Access Control Options</a> page.</p>
+		<p>NTP supports Unix, VMS and Windows (Vista, XP, NT4 and 2000) systems. The <a href="build.html">Building and Installing the Distribution</a> page details the procedures for building and installing on a typical system. This distribution includes drivers for 44 radio and satellite receivers and telephone modem services in the US, Canada and Europe. A list of supported drivers is on the <a href="refclock.html">Reference Clock Drivers</a> page. The default build includes the debugging options and all drivers that run on the target machine; however, options and drivers can be included or excluded using options on the <a href="config.html">Configuration Options</a> page.</p>
 		<h4 id="conf">Configuring Clients and Servers</h4>
-		<p>NTP is by its very nature a complex distributed network application and can be configured and used for a great many widely divergent timekeeping scenarios. The documentation presented on these pages attempts to cover the entire suite of configuration, operation and maintenance facilities which this distribution supports. However, most applications will need only a few of these facilities. If this is the case, the <a href="build/quick.html">Quick Start</a> page may be useful to get a simple workstation on the air with an existing server.</p>
-		<p>However, in order to participate in the existing NTP synchronization subnet and obtain accurate, reliable time, it is usually necessary to construct an appropriate configuration file, commonly called <tt>ntp.conf</tt>, which establishes the servers and/or external receivers or modems to be used by this particular machine. Directions for constructing this file are in the <a href="notes.html">Notes on Configuring NTP and Setting up a NTP Subnet</a> page. However, in many common cases involving simple network topologies and workstations, the configuration data can be specified entirely on the command line for the <a href="ntpd.html"><tt>ntpd</tt> - Network Time Protocol (NTP) daemon</a>.</p>
-		<p>The most important factor in providing accurate, reliable time is the selection of modes and servers to be used in the configuration file. A discussion on the available modes is on the <a href="assoc.html">Association Management</a> page. NTP support for one or more computers is normally engineered as part of the existing public NTP synchronization subnet. The public subnet consists of a multiply redundant hierarchy of servers and clients, with each level in the hierarchy identified by stratum number. Primary servers operate at stratum one and provide synchronization to secondary servers operating at stratum two and so on to higher strata. In this hierarchy, clients are simply servers that have no dependents.</p>
-		<p>Configuring a corporate or campus NTP subnet can be an engineering challenge. NTP contains many features designed to survive system and network failures, software bugs, clock errors and hacker attacks. Surviving these hazards requires intricate design of the timekeeping network using good principles of server redundancy and path diversity. The Manycast mode, new to NTPv4, is designed to track the current server and network states and adjust the client/server configuration for the best available accuracy and reliability. More information on the Manycast mode is on the <a href="authopt.html">Athentication Options</a> and <a href="manyopt.html">Automatic NTP Configuration Options</a> pages.</p>
-		<p>The NTP subnet in early 2003 includes well over a hundred public primary (stratum 1) servers synchronized directly to UTC by radio, satellite or modem and located in every continent of the globe, including Antarctica. Normally, client workstations and servers with a relatively small number of clients do not synchronize to primary servers. There are well over a hundred public secondary (stratum 2) servers synchronized to the primary servers and providing synchronization to a total well over 100,000 clients and servers in the Internet. The current lists are maintained on the <a href="http://www.eecis.udel.edu/%7emills/ntp/index.html">Information on Time and Frequency Services</a> page, which is updated frequently. There are thousands upon thousands of private primary and secondary servers not normally available to the public, many hiding behind firewalls. Clients are strongly discouraged against using these servers, since they sometimes hide in little ghettos behind dinky links to the outside world and unwanted traffic can bring up expensive ISDN lines, causing much grief and frustration. There are defensive means described on the Access Control Options page, including the Kiss-of-Death packet.</p>
+		<p>NTP is by its very nature a complex distributed network application and can be configured for widely divergent timekeeping scenarios. The documentation on these pages attempts to cover the entire suite of configuration, operation and maintenance features which this distribution supports. However, most applications will need only a few of these features. The <a href="quick.html">Quick Start</a> page may be useful to get a simple workstation on the air with existing servers.</p>
+		<p>The most important factor in providing accurate, reliable time is the selection of modes and servers in the configuration file. A discussion on the available modes is on the <a href="assoc.html">Association Management</a> page. The current public server list is maintained at the <a href="http://www.ntp.org">www.ntp.org</a> web site. In many cases the configuration can be automated using the schemes described on the <a href="manyopt.html">Automatic Server Discovery Schemes</a> page.</p>
+		<h4 id="opt">Features and Options</h4>
+		<p>This distribution includes a statistics data recording facility which can record performance statistics and events of various types for retrospective analysis. These include time and frequency statistics, significant events and usage statistics described on the <a href="monopt.html">Monitoring Options</a> page.</p>
+		<p>Some programs included in this distribution use cryptographic algorithms to verify server authenticity. Where local security policy permits relatively weak symmetric key cryptography, the required software is included in this distribution. Where local policy requires stronger public key cryptography, the OpenSSL library available from <a href="http://www.openssl.org">http://www.openssl.org</a> is required. This library is also used by the Secure Shell facility, so is often already installed. Additional details are on the <a href="authopt.html">Authentication Options</a> page.</p>
+		<p>This distribution includes features that can restrict access in various ways as described on the <a href="accopt.html">Access Control Options</a> page. This can be used to deny service if not authenticated, deny service requiring persistent resources or deny service altogether.</p>
+		<p>This distribution includes a simulation framework in which substantially
+			all the runtime NTP operations and most features can be tested and
+			evaluated. This has been very useful in exploring in vitro response
+			to unusual circumstances or over time periods impractical in vivo. Details
+			are on the <a href="ntpdsim.html">Network
+			Time Protocol (NTP) Simulator</a> page.</p>
 		<h4 id="prob">Resolving Problems</h4>
-		<p>Like other things Internet, the NTP synchronization subnets tend to be large and devilishly intricate, with many opportunities for misconfiguration and network problems. The NTP engineering model is specifically designed to help isolate and repair such problems using an integrated management protocol, together with a suite of monitoring and debugging tools. There is an optional statistics data recording facility which can be used to record normal and aberrant operation, log problems to the system log facility, and retain records of client access. The <a href="debug.html">NTP Debugging Techniques</a> and <a href="build/hints.html">Hints and Kinks</a> pages contain useful information for identifying problems and devising solutions. In extreme cases, problems can be detected through the use of the <a href="ntpdsim.html"><tt>ntpdsim</tt> - Network Time Protocol (NTP) simulator</a> included in this software distribution.</p>
-		<p>Users are requested to report bugs, offer suggestions and contribute additions to this distribution. The <a href="build/patches.html">Patching Procedures</a> page suggests procedures which greatly simplify distribution updates, while the <a href="build/porting.html">Porting Hints</a> page suggest ways to make porting this code to new hardware and operating systems easier. Additional information on reference clock driver construction and debugging can be found in the <a href="rdebug.html">Debugging Hints for Reference Clock Drivers</a> page.</p>
-		<h4 id="prog">Program Manual Pages</h4>
-		<ul>
-			<li class="inline"><a href="ntpd.html"><tt>ntpd</tt> - Network Time Protocol (NTP) daemon</a>
-			<li class="inline"><a href="ntpq.html"><tt>ntpq</tt> - standard NTP query program</a>
-			<li class="inline"><a href="ntpdc.html"><tt>ntpdc</tt> - special NTP query program</a>
-			<li class="inline"><a href="ntpdate.html"><tt>ntpdate</tt> - set the date and time via NTP</a>
-			<li class="inline"><a href="ntptrace.html"><tt>ntptrace</tt> - trace a chain of NTP servers back to the primary source</a>
-			<li class="inline"><a href="tickadj.html"><tt>tickadj</tt> - set time-related kernel variables</a>
-			<li class="inline"><a href="ntptime.html"><tt>ntptime</tt> - read kernel time variables</a>
-			<li class="inline"><a href="keygen.html"><tt>ntp-keygen</tt> - generate public and private keys</a>
-			<li class="inline"><a href="ntpdsim.html"><tt>ntpdsim</tt> - Network Time Protocol (NTP) simulator</a>
-		</ul>
-		<h4 id="docs">Supporting Documentation</h4>
-		<ul>
-			<li class="inline"><a href="copyright.html">Copyright Notice</a>
-			<li class="inline"><a href="notes.html">Notes on Configuring NTP and Setting up a NTP Subnet</a>
-			<li class="inline"><a href="release.html">NTP Version 4 Release Notes</a>
-			<li class="inline"><a href="build/build.html">Building and Installing the Distribution</a>
-			<li class="inline"><a href="build/config.html">Configuration Options</a>
-			<li class="inline"><a href="refclock.html">Reference Clock Drivers</a>
-			<li class="inline"><a href="debug.html">NTP Debugging Techniques</a>
-			<li class="inline"><a href="rdebug.html">Debugging Reference Clock Drivers</a>
-			<li class="inline"><a href="msyslog.html"><tt>ntpd</tt> System Log Messages</a>
-			<li class="inline"><a href="build/patches.html">Patching Procedures</a>
-			<li class="inline"><a href="build/hints.html">Hints and Kinks</a>
-			<li class="inline"><a href="build/porting.html">Porting Hints</a>
-		</ul>
-		<h4 id="back">Background Information</h4>
-		<ul>
-			<li class="inline"><a href="http://www.eecis.udel.edu/%7emills/ntp.html">NTP Project and Reference Library</a>
-			<li class="inline"><a href="http://www.eecis.udel.edu/%7emills/exec.html">Executive Summary - Computer Network Time Synchronization</a>
-			<li class="inline"><a href="http://www.eecis.udel.edu/%7emills/y2k.html">The Network Time Protocol Timescale and Era Numbering</a>
-			<li class="inline"><a href="http://www.eecis.udel.edu/%7emills/leap.html">NTP Timescale and Leap Seconds</a>
-			<li class="inline"><a href="http://www.eecis.udel.edu/%7emills/biblio.html">Protocol Conformance Statement</a>
-		</ul>
-		<h4 id="app">Application Notes</h4>
-		<ul>
-			<li class="inline"><a href="prefer.html">Mitigation Rules and the <tt>prefer</tt> Keyword</a>
-			<li class="inline"><a href="assoc.html">Association Management</a>
-			<li class="inline"><a href="pps.html">Pulse-per-second (PPS) Signal Interfacing</a>
-			<li class="inline"><a href="measure.html">Time and Time Interval Measurement with Application to Computer and Network Performance Evaluation</a>
-			<li class="inline"><a href="kern.html">Kernel Model for Precision Timekeeping</a>
-		</ul>
+		<p>Like other things in modern Internet life, NTP problems can be devilishly intricate. This distribution includes a number of utilities designed to identify and repair problems using an integrated management protocol supported by the <a href="ntpq.html"><tt>ntpq</tt></a> utility program In addition, the <a href="ntpdc.html"><tt>ntpdc</tt></a> utility program can be useful in some cases.</p>
+		<p>The <a href="debug.html">NTP Debugging Techniques</a> and <a href="hints.html">Hints and Kinks</a> pages contain useful information for identifying problems and devising solutions. Additional information on reference clock driver construction and debugging is in the <a href="rdebug.html">Debugging Hints for Reference Clock Drivers</a> page.</p>
+		<p>Users are invited to report bugs and offer suggestions via the <a href="bugs.html">NTP Bug Reporting Procedures</a> page.</p>
+		<h4 id="info">Further Information</h4>
+		<p>The <a href="sitemap.html">Site Map</a> page contains a list of document collections arranged by topic. The Program Manual Pages collection may be the best place to start, followed by the <a href="comdex.html"></a>Configuration Commands and Options collection. The <a href="comdex.html">Command Index</a> collection contains a list of all configuration file commands together with a short function description. A great wealth of additional information is available via the External Links collection, including a book and numerous background papers and briefing presentations.</p>
 		<hr>
 		<div align="center">
 			<img src="pic/pogo1a.gif" alt="gif"></div>
diff --git a/html/kern.html b/html/kern.html
index cc23504..a5efe05 100644
--- a/html/kern.html
+++ b/html/kern.html
@@ -12,20 +12,19 @@
 	<body>
 		<h3>Kernel Model for Precision Timekeeping</h3>
 		<p><img src="pic/alice61.gif" alt="gif" align="left"> <a href="http://www.eecis.udel.edu/~mills/pictures.html">from <i>Pogo</i>, Walt Kelly</a></p>
-		<p>Alice touched the kernel and it exploded.</p>
-		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">18:40</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="246">Thursday, July 28, 2005</csobj></p>
+		<p>Alice finds the kernel a house of cards.</p>
+		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">15:42</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="250">Sunday, March 02, 2008</csobj></p>
 		<br clear="left">
 		<h4>Related Links</h4>
-		<script type="text/javascript" language="javascript" src="scripts/links11.txt"></script>
+		<script type="text/javascript" language="javascript" src="scripts/misc.txt"></script>
 		<hr>
-		<p>The technical report [2], which is a major revision and update of RFC-1589 [3], describes an engineering model for a precision time-of-day function for a generic operating system. The model is based on the principles of disciplined oscillators using phase-lock loops (PLL) and frequency-lock loops (FLL) often found in the engineering literature. The model uses a hybrid PLL/FLL discipline algorithm implemented in the kernel. The algorithm, which is very similar to the algorithm implemented in the NTP daemon, provides automatic time and frequency steering with update intervals from a few seconds to tens of minutes.</p>
-		<p>The hybrid PLL/FLL code described in [2] is included in Solaris and Digital/Compaq/HP Tru64. It includes two system calls <tt>ntp_gettime()</tt> and <tt>ntp_adjtime()</tt> and can discipline the system clock with microsecond resolution. However, newer hardware and kernels with the same system calls can discipline the clock with nanosecond resolution. The new code described in [1] is available for Linux, FreeBSD, SunOS and Tru64; however, only the Linux and FreeBSD implementations, which do not include licensed code, are readily available. The software and documentation, including a simulator used to verify correct behavior, but not involving licensed code, is available at <a href="ftp://ftp.udel.edu/pub/ntp/software/nanokernel.tar.gz">nanokernel.tar.gz</a>.</p>
-		<p>The model also changes the way the system clock is adjusted in time and frequency relative to an external precision timing source, such as described in the <a href="pps.html">Pulse-per-second (PPS) Signal Interfacing</a> page. The NTP software daemon uses the PPS to provide synchronization limited in principle only by the accuracy and stability of the external timing source.</p>
+		<p>The technical report [2], which is a revision and update of an earlier report [3], describes an engineering model for a precision clock discipline function for a generic operating system. The model is the same hybrid phase/frequecy-lock feedback loop used by <tt>ntpd</tt>, but implemented in the kernel. The code described in [2] is included in Solaris and Digital/Compaq/HP Tru64. It provides two system calls <tt>ntp_gettime()</tt> and <tt>ntp_adjtime()</tt> and can discipline the system clock with microsecond resolution. However, newer hardware and kernels with the same system calls can discipline the clock with nanosecond resolution. The new code described in [1] is in FreeBSD and is an option for Linux, SunOS and Tru64; however, of the options, only the Linux implementation, which does not include licensed code, is readily available. The software and documentation, including a simulator used to verify correct behavior, but not involving licensed code, is available from <a href="ftp://ftp.udel.edu/pub/ntp/software/nanokernel.tar.gz">nanokernel.tar.gz</a>.</p>
+		<p>The kernel model also provides support for an external precision timing source, such as described in the <a href="pps.html">Pulse-per-second (PPS) Signal Interfacing</a> page. The new system calls are used by the <a href="kernpps.html">PPSAPI interface</a> and in turn by the <a href="drivers/driver22.html">PPS Clock Discipline</a> driver (type 22) to provide synchronization limited in principle only by the accuracy and stability of the external timing source.</p>
 		<h4>References</h4>
 		<ol>
-			<li>Mills, D.L., and P.-H. Kamp. The nanokernel. <i>Proc. Precision Time and Time Interval (PTTI) Applications and Planning Meeting</i> (Reston VA, November 2000). Paper: <a href="http://www.eecis.udel.edu/%7emills/database/papers/nano/nano2.ps">PostScript</a> | <a href="http://www.eecis.udel.edu/%7emills/database/papers/nano/nano2.pdf">PDF</a>, Slides: <a href="http://www.eecis.udel.edu/%7emills/database/brief/nano/nano.html">HTML</a> | <a href="http://www.eecis.udel.edu/%7emills/database/brief/nano/nano.ps">PostScript</a> | <a href="http://www.eecis.udel.edu/%7emills/database/brief/nano/nano.pdf">PDF</a> | <a href="http://www.eecis.udel.edu/%7emills/database/brief/nano/nano.ppt">PowerPoint</a>
-			<li>Mills, D.L. Unix kernel modifications for precision time synchronization. Electrical Engineering Department Report 94-10-1, University of Delaware, October 1994, 24 pp. Abstract: <a href="http://www.eecis.udel.edu/%7emills/database/reports/kern/kerna.ps">PostScript</a> | <a href="http://www.eecis.udel.edu/%7emills/database/reports/kern/kerna.pdf">PDF</a>, Body: <a href="http://www.eecis.udel.edu/%7emills/database/reports/kern/kernb.ps">PostScript</a> | <a href="http://www.eecis.udel.edu/%7emills/database/reports/kern/kernb.pdf">PDF</a>
-			<li>Mills, D.L. A kernel model for precision timekeeping. Network Working Group Report RFC-1589, University of Delaware, March 1994. 31 pp. <a href="http://www.eecis.udel.edu/%7emills/database/rfc/rfc1589.txt">ASCII</a>
+			<li>Mills, D.L., and P.-H. Kamp. The nanokernel. <i>Proc. Precision Time and Time Interval (PTTI) Applications and Planning Meeting</i> (Reston VA, November 2000). Paper: <a href="http://www.eecis.udel.edu/%7emills/database/papers/nano/nano2.ps">PostScript</a> | <a href="http://www.eecis.udel.edu/%7emills/database/papers/nano/nano2.pdf">PDF</a>, Slides: <a href="http://www.eecis.udel.edu/%7emills/database/brief/nano/nano.html">HTML</a> | <a href="http://www.eecis.udel.edu/%7emills/database/brief/nano/nano.ps">PostScript</a> | <a href="http://www.eecis.udel.edu/%7emills/database/brief/nano/nano.pdf">PDF</a> | <a href="http://www.eecis.udel.edu/%7emills/database/brief/nano/nano.ppt">PowerPoint</a></li>
+			<li>Mills, D.L. Unix kernel modifications for precision time synchronization. Electrical Engineering Department Report 94-10-1, University of Delaware, October 1994, 24 pp. Abstract: <a href="http://www.eecis.udel.edu/%7emills/database/reports/kern/kerna.ps">PostScript</a> | <a href="http://www.eecis.udel.edu/%7emills/database/reports/kern/kerna.pdf">PDF</a>, Body: <a href="http://www.eecis.udel.edu/%7emills/database/reports/kern/kernb.ps">PostScript</a> | <a href="http://www.eecis.udel.edu/%7emills/database/reports/kern/kernb.pdf">PDF</a></li>
+			<li>Mills, D.L. A kernel model for precision timekeeping. Network Working Group Report RFC-1589, University of Delaware, March 1994. 31 pp. <a href="http://www.eecis.udel.edu/%7emills/database/rfc/rfc1589.txt">ASCII</a></li>
 		</ol>
 		<hr>
 		<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
diff --git a/html/kernpps.html b/html/kernpps.html
new file mode 100644
index 0000000..43ebcb1
--- /dev/null
+++ b/html/kernpps.html
@@ -0,0 +1,50 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+
+<html>
+
+	<head>
+		<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
+		<title>PPSAPI Interface for Precision Time Signals</title>
+		<link href="scripts/style.css" type="text/css" rel="stylesheet">
+	</head>
+
+	<body>
+		<h3>PPSAPI Interface for Precision Time Signals</h3>
+		<img src="pic/tonea.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/%7emills/pictures.html">from <i>NBS Special Publication 432, 1979</i></a> (out of print)
+		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">15:40</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="250">Sunday, March 02, 2008</csobj></p>
+		<br clear="left">
+		<h4>Related Links</h4>
+		<p>
+			<script type="text/javascript" language="javascript" src="scripts/misc.txt"></script>
+			<br clear="left">
+		</p>
+		<hr>
+		<h4>Introduction</h4>
+		<p>RFC-2783 describes the PPSAPI application programming interface for external precision time signals, such as the pulse-per-second (PPS) signal generated by some radio clocks and cesium oscillators. The PPSAPI provides a generic capability in the ubiquitous Unix kernel which can be used for a wide variety of measurement applications, including network time synchronization and related experiments. The hardware to do this requires only a serial port and a modem control lead, such as the data carrier detect (DCD) lead, which can be driven by an external source via a level converter/pulse generator such as described on the <a href="pps.html">Pulse-per-second (PPS) Signal Interfacing</a> page. In some systems a parallel port can be used for the same purpose.</p>
+		<p>The PPSAPI interface defined in RFC-2783 is the only PPS interface supported in NTP Version 4. The PPSAPI is supported in stock FreeBSD and, with the addition of the <tt>PPSkit</tt> kernel module, in Linux.</p>
+		<p>The special header file <tt>/usr/include/sys/timepps.h</tt> implements the PPSAPI using whatever primitives are available in each archeticture and operating system. It obsoletes previous APIs based on the <tt>tty_clock</tt> and <tt>ppsclock</tt> line disciplines and streams modules, which are no longer supported.</p>
+		<p>The <a href="drivers/driver22.html">PPS Clock Discipline</a> driver (type 22) uses the PPSAPI in conjunction with a local radio clock or remote NTP&nbsp;server as a reference clock. The driver can also use the PPSAPI&nbsp;as an interface directly to the kernel PPS facility as described on the <a href="kern.html">Kernel Model for Precision Timekeeping</a> page.</p>
+		<h4>PPSAPI Application Program Interface</h4>
+		<p>The PPSAPI interface provides the following functions:</p>
+		<dl>
+			<dt><tt>time_pps_create</tt>
+			<dd>Creates a PPS interface instance and returns a handle to it.
+			<dt><tt>time_pps_destroy</tt>
+			<dd>Destroys a PPS interface and returns the resources used.
+			<dt><tt>time_pps_setparams</tt>
+			<dd>Sets the parameters associated with a PPS interface instance, including offsets to be automatically added to captured timestamps.
+			<dt><tt>time_pps_getparams</tt>
+			<dd>Returns the parameters associated with a PPS interface instance.
+			<dt><tt>time_pps_getcap</tt>
+			<dd>Returns the capabilities of the current interface and kernel implementation.
+			<dt><tt>time_pps_fetch</tt>
+			<dd>Returns the current timestamps associated with a PPS interface instance in either nanoseconds and nanoseconds (Unix <tt>timespec</tt>) or seconds and fraction (NTP) format.
+			<dt><tt>time_pps_kcbind</tt>
+			<dd>If kernel PPS processing is supported, this binds the support to the associated PPS interface instance.
+		</dl>
+		<p>The entire PPS interface functionality is currently provided by inline code in the <tt>timepps.h</tt> header file. While not all implementations support the full PPSAPI specification, they do support all the functions required for the PPS driver described next. The FreeBSD, Linux and Solaris implementations can be used with the stock kernels provided with those systems; however, the Tru64 and SunOS kernels require additional functions not provided in the stock kernels. Solaris users are cautioned that these functions operate improperly in Solaris versions prior to 2.8 with patch Generic_108528-02. Header files for other systems can be found via the web at <a href="ftp://ftp.udel.edu/pub/ntp/software/nanokernel.tar.gz">nanokernel.tar.gz</a>.</p>
+<hr>			<hr>
+<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
+	</body>
+
+</html>
\ No newline at end of file
diff --git a/html/keygen.html b/html/keygen.html
index 7953eb1..bb05891 100644
--- a/html/keygen.html
+++ b/html/keygen.html
@@ -2,115 +2,240 @@
 
 <html>
 
-	<head>
-		<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
-		<meta name="generator" content="HTML Tidy, see www.w3.org">
-		<title>ntp-keygen - generate public and private keys</title>
-		<link href="scripts/style.css" type="text/css" rel="stylesheet">
-	</head>
-
-	<body>
-		<h3><tt>ntp-keygen</tt> - generate public and private keys</h3>
-		<img src="pic/alice23.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/%7emills/pictures.html">from <i>Alice's Adventures in Wonderland</i>, Lewis Carroll</a>
-		<p>Alice holds the key.</p>
-		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">22:32</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="294">Monday, November 07, 2005</csobj></p>
-		<br clear="left">
-		<h4>Related Links</h4>
-		<script type="text/javascript" language="javascript" src="scripts/links9.txt"></script>
-		<h4>Table of Contents</h4>
-		<ul>
-			<li class="inline"><a href="#synop">Synopsis</a>
-			<li class="inline"><a href="#descrip">Description</a>
-			<li class="inline"><a href="#run">Running the program</a>
-			<li class="inline"><a href="#trust">Trusted Hosts and Groups</a>
-			<li class="inline"><a href="#idexp">Identity Schemes</a>
-			<li class="inline"><a href="#exam">Example</a>
-			<li class="inline"><a href="#cmd">Command Line Options</a>
-			<li class="inline"><a href="#rand">Random Seed File</a>
-			<li class="inline"><a href="#fmt">Cryptographic Data Files</a>
-			<li class="inline"><a href="#bug">Bugs</a>
-		</ul>
-		<hr>
-		<h4 id="synop">Synopsis</h4>
-		<p id="intro"><tt>ntp-keygen [ -deGgHIMnPT ] [ -c [RSA-MD2 | RSA-MD5 | RSA-SHA | RSA-SHA1 | RSA-MDC2 | RSA-RIPEMD160 | DSA-SHA | DSA-SHA1 ] ] [ -i <i>name</i> ] [ -p <i>password</i> ] [ -S [ RSA | DSA ] ] [ -s <i>name</i> ] [ -v <i>nkeys</i> ]</tt></p>
-		<h4 id="descrip">Description</h4>
-		<p>This program generates cryptographic data files used by the NTPv4 authentication and identification schemes. It generates MD5 key files used in symmetric key cryptography. In addition, if the OpenSSL software library has been installed, it generates keys, certificate and identity files used in public key cryptography. These files are used for cookie encryption, digital signature and challenge/response identification algorithms compatible with the Internet standard security infrastructure.</p>
-		<p>By default, files are not encrypted by <tt>ntp-keygen</tt>. The <tt>-p <i>password</i></tt> option specifies the write password and <tt>-q <i>password</i></tt> option the read password for previously encrypted files. The <tt>ntp-keygen</tt> program prompts for the password if it reads an encrypted file and the password is missing or incorrect. If an encrypted file is read successfully and no write password is specified, the read password is used as the write password by default.</p>
-		<p>The <tt>ntpd</tt> configuration command <tt>crypto pw <i>password</i></tt> specifies the read password for previously encrypted files. The daemon expires on the spot if the password is missing or incorrect. For convenience, if a file has been previously encrypted, the default read password is the name of the host running the program. If the previous write password is specified as the host name, these files can be read by that host with no explicit password.</p>
-		<p>All files are in PEM-encoded printable ASCII format, so they can be embedded as MIME attachments in mail to other sites and certificate authorities. File names begin with the prefix <tt>ntpkey_</tt> and end with the postfix <tt><i>_hostname.filestamp</i></tt>, where <tt><i>hostname</i></tt> is usually the string returned by the Unix <tt>gethostname()</tt> routine, and <tt><i>filestamp</i></tt> is the NTP seconds when the file was generated, in decimal digits. This both guarantees uniqueness and simplifies maintenance procedures, since all files can be quickly removed by a <tt>rm ntpkey*</tt> command or all files generated at a specific time can be removed by a <tt>rm *<i>filestamp</i></tt> command. To further reduce the risk of misconfiguration, the first two lines of a file contain the file name and generation date and time as comments.</p>
-		<p>All files are installed by default in the keys directory <tt>/usr/local/etc</tt>, which is normally in a shared filesystem in NFS-mounted networks. The actual location of the keys directory and each file can be overridden by configuration commands, but this is not recommended. Normally, the files for each host are generated by that host and used only by that host, although exceptions exist as noted later on this page.</p>
-		<p>Normally, files containing private values, including the host key, sign key and identification parameters, are permitted root read/write-only; while others containing public values are permitted world readable. Alternatively, files containing private values can be encrypted and these files permitted world readable, which simplifies maintenance in shared file systems. Since uniqueness is insured by the hostname and file name extensions, the files for a NFS server and dependent clients can all be installed in the same shared directory.</p>
-		<p>The recommended practice is to keep the file name extensions when installing a file and to install a soft link from the generic names specified elsewhere on this page to the generated files. This allows new file generations to be activated simply by changing the link. If a link is present, <tt>ntpd</tt> follows it to the file name to extract the filestamp. If a link is not present, <tt>ntpd</tt> extracts the filestamp from the file itself. This allows clients to verify that the file and generation times are always current. The <tt>ntp-keygen</tt> program uses the same extension for all files generated at one time, so each generation is distinct and can be readily recognized in monitoring data.</p>
-		<h4 id="run">Running the program</h4>
-		<p>The safest way to run the <tt>ntp-keygen</tt> program is logged in directly as root. The recommended procedure is change to the keys directory, usually <tt>/ust/local/etc</tt>, then run the program. When run for the first time, or if all <tt>ntpkey</tt> files have been removed, the program generates a RSA host key file and matching RSA-MD5 certificate file, which is all that is necessary in many cases. The program also generates soft links from the generic names to the respective files. If run again, the program uses the same host key file, but generates a new certificate file and link.</p>
-		<p>The host key is used to encrypt the cookie when required and so must be RSA type. By default, the host key is also the sign key used to encrypt signatures. When necessary, a different sign key can be specified and this can be either RSA or DSA type. By default, the message digest type is MD5, but any combination of sign key type and message digest type supported by the OpenSSL library can be specified, including those using the MD2, MD5, SHA, SHA1, MDC2 and RIPE160 message digest algorithms. However, the scheme specified in the certificate must be compatible with the sign key. Certificates using any digest algorithm are compatible with RSA sign keys; however, only SHA and SHA1 certificates are compatible with DSA sign keys.</p>
-		<p>Private/public key files and certificates are compatible with other OpenSSL applications and very likely other libraries as well. Certificates or certificate requests derived from them should be compatible with extant industry practice, although some users might find the interpretation of X509v3 extension fields somewhat liberal. However, the identification parameter files, although encoded as the other files, are probably not compatible with anything other than Autokey.</p>
-		<p>Running the program as other than root and using the Unix <tt>su</tt> command to assume root may not work properly, since by default the OpenSSL library looks for the random seed file <tt>.rnd</tt> in the user home directory. However, there should be only one <tt>.rnd</tt>, most conveniently in the root directory, so it is convenient to define the <tt>$RANDFILE</tt> environment variable used by the OpenSSL library as the path to <tt>/.rnd</tt>.</p>
-		<p>Installing the keys as root might not work in NFS-mounted shared file systems, as NFS clients may not be able to write to the shared keys directory, even as root. In this case, NFS clients can specify the files in another directory such as <tt>/etc</tt> using the <tt>keysdir</tt> command. There is no need for one client to read the keys and certificates of other clients or servers, as these data are obtained automatically by the Autokey protocol.</p>
-		<p>Ordinarily, cryptographic files are generated by the host that uses them, but it is possible for a trusted agent (TA) to generate these files for other hosts; however, in such cases files should always be encrypted. The subject name and trusted name default to the hostname of the host generating the files, but can be changed by command line options. It is convenient to designate the owner name and trusted name as the subject and issuer fields, respectively, of the certificate. The owner name is also used for the host and sign key files, while the trusted name is used for the identity files.</p>
-		<h4 id="trust">Trusted Hosts and Groups</h4>
-		<p>Each cryptographic configuration involves selection of a signature scheme and identification scheme, called a cryptotype, as explained in the <a href="authopt.html">Authentication Options</a> page. The default cryptotype uses RSA encryption, MD5 message digest and TC identification. First, configure a NTP subnet including one or more low-stratum trusted hosts from which all other hosts derive synchronization directly or indirectly. Trusted hosts have trusted certificates; all other hosts have nontrusted certificates. These hosts will automatically and dynamically build authoritative certificate trails to one or more trusted hosts. A trusted group is the set of all hosts that have, directly or indirectly, a certificate trail ending at a trusted host. The trail is defined by static configuration file entries or dynamic means described on the <a href="manyopt.html">Automatic NTP Configuration Options</a> page.</p>
-		<p>On each trusted host as root, change to the keys directory. To insure a fresh fileset, remove all <tt>ntpkey</tt> files. Then run <tt>ntp-keygen -T</tt> to generate keys and a trusted certificate. On all other hosts do the same, but leave off the <tt>-T</tt> flag to generate keys and nontrusted certificates. When complete, start the NTP daemons beginning at the lowest stratum and working up the tree. It may take some time for Autokey to instantiate the certificate trails throughout the subnet, but setting up the environment is completely automatic.</p>
-		<p>If it is necessary to use a different sign key or different digest/signature scheme than the default, run <tt>ntp-keygen</tt> with the <tt>-S</tt><i><tt> type</tt></i> option, where <i><tt>type</tt></i> is either <tt>RSA</tt> or <tt>DSA</tt>. The most often need to do this is when a DSA-signed certificate is used. If it is necessary to use a different certificate scheme than the default, run <tt>ntp-keygen</tt> with the <tt>-c <i>scheme</i></tt> option and selected <i><tt>scheme</tt></i> as needed. If <tt>ntp-keygen</tt> is run again without these options, it generates a new certificate using the same scheme and sign key.</p>
-		<p>After setting up the environment it is advisable to update certificates from time to time, if only to extend the validity interval. Simply run <tt>ntp-keygen</tt> with the same flags as before to generate new certificates using existing keys. However, if the host or sign key is changed, <tt>ntpd</tt> should be restarted. When ntpd is restarted, it loads any new files and restarts the protocol. Other dependent hosts will continue as usual until signatures are refreshed, at which time the protocol is restarted.</p>
-		<h4 id="idexp">Identity Schemes</h4>
-		<p>As mentioned on the Autonomous Authentication page, the default TC identity scheme is vulnerable to a middleman attack. However, there are more secure identity schemes available, including PC, IFF, GQ and MV described on the <a href="http://www.eecis.udel.edu/%7emills/keygen.html">Identification Schemes</a> page. These schemes are based on a TA, one or more trusted hosts and some number of nontrusted hosts. Trusted hosts prove identity using values provided by the TA, while the remaining hosts prove identity using values provided by a trusted host and certificate trails that end on that host. The name of a trusted host is also the name of its sugroup and also the subject and issuer name on its trusted certificate. The TA is not necessarily a trusted host in this sense, but often is.</p>
-		<p>In some schemes there are separate keys for servers and clients. A server can also be a client of another server, but a client can never be a server for another client. In general, trusted hosts and nontrusted hosts that operate as both server and client have parameter files that contain both server and client keys. Hosts that operate only as clients have key files that contain only client keys.</p>
-		<p>The PC scheme supports only one trusted host in the group. On trusted host <i>alice</i> run <tt>ntp-keygen -P -p <i>password</i></tt> to generate the host key file <tt>ntpkey_RSAkey_<i>alice.filestamp</i></tt> and trusted private certificate file <tt>ntpkey_RSA-MD5_cert_<i>alice.filestamp</i></tt>. Copy both files to all group hosts; they replace the files which would be generated in other schemes. On each host <i>bob</i> install a soft link from the generic name <tt>ntpkey_host_<i>bob</i></tt> to the host key file and soft link <tt>ntpkey_cert_<i>bob</i></tt> to the private certificate file. Note the generic links are on <i>bob</i>, but point to files generated by trusted host <i>alice</i>. In this scheme it is not possible to refresh either the keys or certificates without copying them to all other hosts in the group.</p>
-		<p>For the IFF scheme proceed as in the TC scheme to generate keys and certificates for all group hosts, then for every trusted host in the group, generate the IFF&nbsp;parameter file. On trusted host <i>alice</i> run <tt>ntp-keygen -T </tt><tt>-I -p <i>password</i></tt> to produce her parameter file <tt>ntpkey_IFFpar_<i>alice.filestamp</i></tt>, which includes both server and client keys. Copy this file to all group hosts that operate as both servers and clients and install a soft link from the generic <tt>ntpkey_iff_<i>alice</i></tt> to this file. If there are no hosts restricted to operate only as clients, there is nothing further to do. As the IFF scheme is independent of keys and certificates, these files can be refreshed as needed.</p>
-		<p>If a rogue client has the parameter file, it could masquerade as a legitimate server and present a middleman threat. To eliminate this threat, the client keys can be extracted from the parameter file and distributed to all restricted clients. After generating the parameter file, on <i>alice</i> run <tt>ntp-keygen</tt> <tt>-e</tt> and pipe the output to a file or mail program. Copy or mail this file to all restricted clients. On these clients install a soft link from the generic <tt>ntpkey_iff_<i>alice</i></tt> to this file. To further protect the integrity of the keys, each file can be encrypted with a secret password.</p>
-		<p>For the GQ scheme proceed as in the TC scheme to generate keys and certificates for all group hosts, then for every trusted host in the group, generate the IFF parameter file. On trusted host <i>alice</i> run <tt>ntp-keygen -T </tt><tt>-G -p <i>password</i></tt> to produce her parameter file <tt>ntpkey_GQpar_<i>alice.filestamp</i></tt>, which includes both server and client keys. Copy this file to all group hosts and install a soft link from the generic <tt>ntpkey_gq_<i>alice</i></tt> to this file. In addition, on each host <i>bob</i> install a soft link from generic <tt>ntpkey_gq_<i>bob</i></tt> to this file. As the GQ scheme updates the GQ parameters file and certificate at the same time, keys and certificates can be regenerated as needed.</p>
-		<p>For the MV scheme, proceed as in the TC scheme to generate keys and certificates for all group hosts. For illustration assume <i>trish</i> is the TA, <i>alice</i> one of several trusted hosts and <i>bob</i> one of her clients. On TA <i>trish</i> run <tt>ntp-keygen </tt><tt>-V&nbsp;<i>n</i> -p <i>password</i></tt>, where <i>n</i> is the number of revokable keys (typically 5) to produce the parameter file <tt>ntpkeys_MVpar_<i>trish.filestamp </i></tt>and client key files <tt>ntpkeys_MVkey<i>d</i>_<i>trish.filestamp</i></tt> where <i><tt>d</tt></i> is the key number (0 &lt; <i><tt>d</tt></i> &lt; <i>n</i>). Copy the parameter file to <i>alice</i> and install a soft link from the generic <tt>ntpkey_mv_<i>alice</i></tt> to this file. Copy one of the client key files to <i>alice</i> for later distribution to her clients. It doesn't matter which client key file goes to <i>alice</i>, since they all work the same way. <i>Alice</i> copies the client key file to all of her cliens. On client <i>bob</i> install a soft link from generic <tt>ntpkey_mvkey_<i>bob </i></tt>to the client key file. As the MV scheme is independent of keys and certificates, these files can be refreshed as needed.</p>
-		<h4 id="cmd">Command Line Options</h4>
-		<dl>
-			<dt><tt>-c [ RSA-MD2 | RSA-MD5 | RSA-SHA | RSA-SHA1 | RSA-MDC2 | RSA-RIPEMD160 | DSA-SHA | DSA-SHA1 ]</tt>
-			<dd>Select certificate message digest/signature encryption scheme. Note that RSA schemes must be used with a RSA sign key and DSA schemes must be used with a DSA sign key. The default without this option is <tt>RSA-MD5</tt>.
-			<dt><tt>-d</tt>
-			<dd>Enable debugging. This option displays the cryptographic data produced in eye-friendly billboards.
-			<dt><tt>-e</tt>
-			<dd>Write the IFF&nbsp;client keys to the standard output. This is intended for automatic key distribution by mail.
-			<dt><tt>-G</tt>
-			<dd>Generate parameters and keys for the GQ identification scheme, obsoleting any that may exist.
-			<dt><tt>-g</tt>
-			<dd>Generate keys for the GQ identification scheme using the existing GQ parameters. If the GQ parameters do not yet exist, create them first.
-			<dt><tt>-H</tt>
-			<dd>Generate new host keys, obsoleting any that may exist.
-			<dt><tt>-I</tt>
-			<dd>Generate parameters for the IFF identification scheme, obsoleting any that may exist.
-			<dt><tt>-i <i>name</i></tt>
-			<dd>Set the suject name to <i>name</i>. This is used as the subject field in certificates and in the file name for host and sign keys.
-			<dt><tt>-M</tt>
-			<dd>Generate MD5 keys, obsoleting any that may exist.
-			<dt><tt>-P</tt>
-			<dd>Generate a private certificate. By default, the program generates public certificates.
-			<dt><tt>-p <i>password</i></tt>
-			<dd>Encrypt generated files containing private data with <tt><i>password</i></tt> and the DES-CBC algorithm.
-			<dt><tt>-q</tt>
-			<dd>Set the password for reading files to <tt><i>password</i></tt>.
-			<dt><tt>-S [ RSA | DSA ]</tt>
-			<dd>Generate a new sign key of the designated type, obsoleting any that may exist. By default, the program uses the host key as the sign key.
-			<dt><tt>-s <i>name</i></tt>
-			<dd>Set the issuer name to <i>name</i>. This is used for the issuer field in certificates and in the file name for identity files.
-			<dt><tt>-T</tt>
-			<dd>Generate a trusted certificate. By default, the program generates a non-trusted certificate.
-			<dt><tt>-V <i>nkeys</i></tt>
-			<dd>Generate parameters and keys for the Mu-Varadharajan (MV) identification scheme.
-		</dl>
-		<h4 id="rand">Random Seed File</h4>
-		<p>All cryptographically sound key generation schemes must have means to randomize the entropy seed used to initialize the internal pseudo-random number generator used by the library routines. The OpenSSL library uses a designated random seed file for this purpose. The file must be available when starting the NTP daemon and <tt>ntp-keygen</tt> program. If a site supports OpenSSL or its companion OpenSSH, it is very likely that means to do this are already available.</p>
-		<p>It is important to understand that entropy must be evolved for each generation, for otherwise the random number sequence would be predictable. Various means dependent on external events, such as keystroke intervals, can be used to do this and some systems have built-in entropy sources. Suitable means are described in the OpenSSL software documentation, but are outside the scope of this page.</p>
-		<p>The entropy seed used by the OpenSSL library is contained in a file, usually called <tt>.rnd</tt>, which must be available when starting the NTP daemon or the <tt>ntp-keygen</tt> program. The NTP daemon will first look for the file using the path specified by the <tt>randfile</tt> subcommand of the <tt>crypto</tt> configuration command. If not specified in this way, or when starting the <tt>ntp-keygen</tt> program, the OpenSSL library will look for the file using the path specified by the <tt>RANDFILE</tt> environment variable in the user home directory, whether root or some other user. If the <tt>RANDFILE</tt> environment variable is not present, the library will look for the <tt>.rnd</tt> file in the user home directory. If the file is not available or cannot be written, the daemon exits with a message to the system log and the program exits with a suitable error message.</p>
-		<h4 id="priv">Cryptographic Data Files</h4>
-		<p>All other file formats begin with two lines. The first contains the file name, including the generated host name and filestamp. The second contains the datestamp in conventional Unix <tt>date</tt> format. Lines beginning with <tt>#</tt> are considered comments and ignored by the <i><tt>ntp-keygen </tt></i>program and <tt>ntpd</tt> daemon. Cryptographic values are encoded first using ASN.1 rules, then encrypted if necessary, and finally written PEM-encoded printable ASCII format preceded and followed by MIME content identifier lines.</p>
-		<p id="symkey">The format of the symmetric keys file is somewhat different than the other files in the interest of backward compatibility. Since DES-CBC is deprecated in NTPv4, the only key format of interest is MD5 alphanumeric strings. Following hte heard the keys are entered one per line in the format</p>
-		<p><i><tt>keyno type key</tt></i></p>
-		<p>where <i><tt>keyno</tt></i> is a positive integer in the range 1-65,535, <i><tt>type</tt></i> is the string <tt>MD5</tt> defining the key format and <i><tt>key</tt></i> is the key itself, which is a printable ASCII string 16 characters or less in length. Each character is chosen from the 93 printable characters in the range 0x21 through 0x7f excluding space and the '#' character.</p>
-		<p>Note that the keys used by the <tt>ntpq</tt> and <tt>ntpdc</tt> programs are checked against passwords requested by the programs and entered by hand, so it is generally appropriate to specify these keys in human readable ASCII format.</p>
-		<p>The <tt>ntp-keygen</tt> program generates a MD5 symmetric keys file <tt>ntpkey_MD5key_<i>hostname.filestamp</i></tt>. Since the file contains private shared keys, it should be visible only to root and distributed by secure means to other subnet hosts. The NTP daemon loads the file <tt>ntp.keys</tt>, so <tt>ntp-keygen</tt> installs a soft link from this name to the generated file. Subsequently, similar soft links must be installed by manual or automated means on the other subnet hosts. While this file is not used with the Autokey Version 2 protocol, it is needed to authenticate some remote configuration commands used by the <a href="ntpdc.html"><tt>ntpq</tt></a> and <a href="ntpq.html"><tt>ntpdc</tt></a> utilities.</p>
-		<h4 id="bug">Bugs</h4>
-		<p>It can take quite a while to generate some cryptographic values, from one to several minutes with modern architectures such as UltraSPARC and up to tens of minutes to an hour with older architectures such as SPARC IPC.</p>
-		<hr>
-		<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
-	</body>
+<head>
+<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
+<meta name="generator" content="HTML Tidy, see www.w3.org">
+<title>ntp-keygen - generate public and private keys</title>
+<link href="scripts/style.css" type="text/css" rel="stylesheet">
+</head>
+
+<body>
+<h3><tt>ntp-keygen</tt> - generate public and private keys</h3>
+
+<p><img src="pic/alice23.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/%7emills/pictures.html">from <i>Alice's Adventures in Wonderland</i>, Lewis Carroll</a></p>
+
+<p>Alice holds the key.</p>
+
+<p>Last update: 
+	<!-- #BeginDate format:En2m -->13-Nov-2009  0:44<!-- #EndDate -->
+</p>
+<br clear="left">
+
+<h4>Related Links</h4>
+<script type="text/javascript" language="javascript" src="scripts/manual.txt"></script>
+
+<h4>Table of Contents</h4>
+
+<ul>
+
+<li class="inline"><a href="#synop">Synopsis</a></li>
+<li class="inline"><a href="#descrip">Description</a></li>
+<li class="inline"><a href="#run">Running the program</a></li>
+<li class="inline"><a href="#trust">Trusted Hosts and Secure Groups</a></li>
+<li class="inline"><a href="#ident">Identity Schemes</a></li>
+<li class="inline"><a href="#cmd">Command Line Options</a></li>
+<li class="inline"><a href="#rand">Random Seed File</a></li>
+<li class="inline"><a href="#fmt">Cryptographic Data Files</a></li>
+<li class="inline"><a href="#bug">Bugs</a></li>
+</ul>
+
+<hr>
+
+<h4 id="synop">Synopsis</h4>
+
+<p id="intro"><tt>ntp-keygen [ -deGHIMPT ] [ -c [RSA-MD2 | RSA-MD5 | RSA-SHA
+		| RSA-SHA1 | RSA-MDC2 | RSA-RIPEMD160 | DSA-SHA | DSA-SHA1 ] ] [
+		-i <i>group</i> ]
+		[ -m <i>modulus</i> ]  [ -p <i>passwd2</i> ] [ -q <i>passwd1</i> ] [ -S
+		[ RSA | DSA ] ] [ -s <i>host</i> ] [ -V <i>nkeys</i> ]</tt></p>
+
+<h4 id="descrip">Description</h4>
+
+<p>This program generates cryptographic data files used by the NTPv4 authentication
+	and identity schemes. It can generate  message digest keys used in symmetric
+	key cryptography and, if the OpenSSL software library has been installed,
+	it can generate host keys, sign keys, certificates and identity keys used
+	by the Autokey public key cryptography. The message digest keys file is generated
+	in a format compatible with NTPv3. All other files are in PEM-encoded printable
+	ASCII format so they can be embedded as MIME attachments in mail to other
+	sites.</p>
+
+<p>When used to generate message digest keys, the program produces a file containing
+	ten pseudo-random printable ASCII strings suitable for the MD5 message digest
+	algorithm included in the distribution. If the OpenSSL library is installed,
+	it produces an additional ten hex-encoded random bit strings suitable for
+	the SHA1 and other message digest algorithms. Printable ASCII keys can have
+	length from one to 20 characters, inclusive. Bit string keys have length
+	20 octets (40 hex characters). All keys are 160 bits in length.</p>
+<p> The file can be edited later with
+	purpose-chosen passwords for the <tt>ntpq</tt> and <tt>ntpdc</tt> programs.
+	Each line of the file contains three fields, first an integer between 1 and
+	65534, inclusive, representing the key identifier used in the <tt>server</tt> and <tt>peer</tt> configuration
+	commands. Next is the key type for the message digest algorithm,
+	which in the absence of the OpenSSL library should be the string <tt>MD5</tt> to
+	designate the  MD5 message digest algorithm.
+	If the OpenSSL library is installed, the key type can be any message digest
+	algorithm supported by that library. However, if compatibility with FIPS
+	140-2 is required, the key type must be either <tt>SHA</tt> or <tt>SHA1</tt>.Finally
+	is the key itself as a printable ASCII string excluding the space and # characters.
+	If not greater than 20 characters in length, the string is the key itself;
+	otherwise, it is interpreted as a hex-encoded bit string. As is
+	custom, # and the remaining characters on the line are ignored. Later, this
+	file can be edited to include the passwords for the <tt>ntpq</tt> and <tt>ntpdc</tt> utilities.
+	If this is the only need, run <tt>ntp-keygen</tt> with the <tt>-M</tt> option
+	and disregard the remainder of this page. </p>
+<p>The remaining generated files are compatible with other OpenSSL applications and other Public Key Infrastructure (PKI) resources. Certificates generated by this program should be compatible with extant industry practice, although some users might find the interpretation of X509v3 extension fields somewhat liberal. However, the identity keys are probably not compatible with anything other than Autokey.</p>
+
+<p>Most files used by this program are encrypted using a private password. The <tt>-p</tt> option specifies the password for local files and the <tt>-q</tt> option the password for files sent to remote sites. If no local password is specified, the host name returned by the Unix <tt>gethostname()</tt> function, normally the DNS name of the host, is used. If no remote password is specified, the local password is used.</p>
+
+<p>The <tt>pw</tt> option of the <tt>crypto</tt> configuration command specifies the read password for previously encrypted files. This must match the local password used by this program. If not specified, the host name is used. Thus, if files are generated by this program without password, they can be read back by <tt>ntpd</tt> without password, but only on the same host.</p>
+
+<p>All files and links are usually installed   in the  directory <tt>/usr/local/etc</tt>,
+	which is normally in a shared filesystem in NFS-mounted networks and cannot
+	be changed by shared clients. The location of the keys directory can be changed
+	by the <tt>keysdir</tt> configuration command in such cases. Normally, encrypted
+	files for each host are generated by that host and used only by that host,
+	although exceptions exist as noted later on this page.</p>
+
+<p>This program directs commentary and error messages to the standard error stream <tt>stderr</tt> and remote files to the standard output stream <tt>stdout</tt> where they can be piped to other applications or redirected to a file. The names used for generated files and links all begin with the string <tt>ntpkey</tt> and include the file type, generating host and filestamp, as described in the <a href="#fmt">Cryptographic Data Files</a> section below</p>
+
+<h4 id="run">Running the Program</h4>
+
+<p>To test and gain experience with Autokey concepts, log in as root and change to the keys directory, usually <tt>/usr/local/etc</tt>. When run for the first time, or if all files with names beginning <tt>ntpkey</tt> have been removed, use the <tt>ntp-keygen </tt>command without arguments to generate a default RSA host key and matching RSA-MD5 certificate with expiration date one year hence. If run again, the program uses the existing keys and parameters and generates only a new certificate with new expiration date one year hence; however, the certificate is not generated if the <tt>-e</tt> or <tt>-q</tt> options are  present.</p>
+
+<p>Run the command on as many hosts as necessary. Designate one of them as the trusted host (TH) using <tt>ntp-keygen</tt> with the <tt>-T</tt> option and configure it to synchronize from reliable Internet servers. Then configure the other hosts to synchronize to the TH directly or indirectly. A certificate trail is created when Autokey asks the immediately ascendant host towards the TH to sign its certificate, which is then provided to the immediately descendant host on request. All group hosts should have acyclic certificate trails ending on the TH.</p>
+
+<p>The host key is used to encrypt the cookie when required and so must be RSA type. By default, the host key is also the sign key used to encrypt signatures. A different sign key can be assigned using the <tt>-S</tt> option and this can be either RSA or DSA type. By default, the signature message digest type is MD5, but any combination of sign key type and sign digest type supported by the OpenSSL library can be specified using the <tt>-c</tt> option. At the moment, legacy considerations require the NTP packet header digest type to be MD5.</p>
+
+<h4 id="trust">Trusted Hosts and Secure Groups</h4>
+
+<p>As described on the <a href="authopt.html">Authentication Options</a> page, an NTP secure group consists of one or more low-stratum THs as the root from which all other group hosts derive synchronization directly or indirectly. For authentication purposes all hosts in a group must have the same group name specified by the <tt>-i</tt> option and matching the <tt>ident</tt> option of the <tt>crypto</tt> configuration command. The group name is used in the subject and issuer fields of trusted, self-signed certificates and when constructing the file names for identity keys. All hosts must have different host names, either the default host name or as specified by the <tt>-s</tt> option and matching the <tt>host</tt> option of the <tt>crypto</tt> configuration command. Most installations need not specify the <tt>-i</tt> option nor the <tt>host</tt> option. Host names are used in the subject and issuer fields of self-signed, nontrusted certificates and when constructing the file names for host and sign keys and certificates. Host and group names are used only for authentication purposes and have nothing to do with DNS names.</p>
+
+<h4 id="ident">Identity Schemes</h4>
+
+<p>As described on the <a href="authopt.html">Authentication Options</a> page, there are five identity schemes, three of which - IFF, GQ and MV - require identity keys specific to each scheme. There are two types of files for each scheme, an encrypted keys file and a nonencrypted parameters file, which usually contains a subset of the keys file. In general, NTP secondary servers operating as certificate signing authorities (CSA) use the keys file and clients use the parameters file. Both files are generated by the TA operating as a certificate authority (CA) on behalf of all servers and clients in the group.</p>
+
+<p>The parameters files are public; they can be stored in a public place and
+	sent in the clear. The keys files are encrypted with the local password. To
+	retrieve the keys file, a host can send a mail request to the TA including its
+	local password. The TA encrypts the keys file with this password and returns
+	it as an attachment. The attachment is then copied intact to the keys directory
+	with name given in the first line of the file, but all in lower case and with
+	the filestamp deleted. Alternatively, the parameters file can be retrieved from
+	a secure web site.</p>
+
+<p>For example, the TA generates default host key, IFF keys and trusted certificate using the command</p>
+
+<p><tt>ntp-keygen -p <i>local_passwd</i> -T -I -i<i>group_name</i></tt></p>
+
+<p>Each group host generates default host keys and nontrusted certificate use
+	the same command line but omitting the <tt>-i</tt> option. Once these media
+	have been generated, the TA can then generate the public parameters using the
+	command</p>
+
+<p><tt>ntp-keygen -p local_passwd -e &gt;<i>parameters_file</i></tt></p>
+
+<p>where the <tt>-e</tt> option redirects the unencrypted parameters to the standard output stream for a mail application or stored locally for later distribution. In a similar fashion the <tt>-q</tt> option redirects the encrypted server keys to the standard output stream.</p>
+
+<h4 id="cmd">Command Line Options</h4>
+
+<dl>
+
+<dt><tt>-c [ RSA-MD2 | RSA-MD5 | RSA-SHA | RSA-SHA1 | RSA-MDC2 | RSA-RIPEMD160 | DSA-SHA | DSA-SHA1 ]</tt></dt>
+<dd>Select certificate and message digest/signature encryption scheme. Note that
+	RSA schemes must be used with a RSA sign key and DSA schemes must be used
+	with a DSA sign key. The default without this option is <tt>RSA-MD5</tt>. If
+	compatibility with FIPS 140-2 is required, either the <tt>DSA-SHA</tt> or <tt>DSA-SHA1</tt> scheme
+	must be used.</dd>
+
+<dt><tt>-d</tt></dt>
+<dd>Enable debugging. This option displays the cryptographic data produced for eye-friendly billboards.</dd>
+
+<dt><tt>-e</tt></dt>
+<dd>Extract the IFF or GQ public parameters from the <tt>IFFkey</tt> or <tt>GQkey</tt> keys file previously specified. Send the unencrypted data to the standard output stream <tt>stdout</tt>. While the IFF parameters do not reveal the private group key, &nbsp;the GQ parameters  should be used with caution, as they include the group key. Use the <tt>-q</tt> option with password instead. Note: a new certificate is not generated when this option is present. This allows multiple commands with this option but  without disturbing existing media.</dd>
+
+<dt><tt>-G</tt></dt>
+<dd>Generate a new encrypted GQ key file   and link for the Guillou-Quisquater
+	(GQ) identity scheme.</dd>
+
+<dt><tt>-H</tt></dt>
+<dd>Generate a new encrypted RSA public/private host key file and link<tt></tt>.
+	Note that if the sign key is the same as the host key, generating a new host
+	key invalidates all certificates signed with the old host key.</dd>
+
+<dt><tt>-i <i>group</i></tt></dt>
+<dd>Set the group name to <tt><i>group</i></tt>. This is used in the identity file names. It must match the group name specified in the <tt>ident</tt> option of the <tt>crypto</tt> configuration command.</dd>
+
+<dt><tt>-I</tt></dt>
+<dd>Generate a new encrypted IFF key file<tt> </tt>and link<tt> </tt>for the Schnorr (IFF) identity scheme.</dd>
+
+<dt><tt>-m <i>modulus</i></tt></dt>
+<dd>Set the modulus for generating files to <i>modulus</i> bits. The modulus defaults to 512, but can be set from 256 (32 octets) to 2048 (256 octets).</dd>
+
+<dt><tt>-M</tt></dt>
+<dd>Generate a new MD5 key file containing 16, 128-bit pseudo-random keys for
+	symmetric cryptography..</dd>
+
+<dt><tt>-P</tt></dt>
+<dd>Generate a new private certificate used by the PC identity scheme. By default, the program generates public certificates. Note: the PC identity scheme is not recommended for new installations.</dd>
+
+<dt><tt>-p <i>passwd</i></tt></dt>
+<dd>Set the password for reading and writing encrypted files to <tt><i>passwd</i></tt>. By default, the password is the host name.</dd>
+
+<dt><tt>-q <i>passwd</i></tt></dt>
+<dd>Extract the encrypted IFF or GQ server keys from the <tt>IFFkey</tt> or <tt>GQkey</tt> key file previously generated. The data are sent to the standard output stream <tt>stdout</tt>. Set the password for writing the data, which is also the password to read the data file in another host. By default, the password is the host name. Note: a new certificate is not generated when this option is present. This allows multiple commands with this option but without disturbing existing media.</dd>
+
+<dt><tt>-S [ RSA | DSA ]</tt></dt>
+<dd>Generate a new sign key of the specified type. By default, the sign key is
+	the host key and has the same type. If compatibly with FIPS 140-2 is required,
+	the sign key type must be <tt>DSA</tt>. Note that generating a new sign key
+	invalidates all certificates signed with the old sign key.</dd>
+
+<dt><tt>-s <i>host</i></tt></dt>
+<dd>Set the host name to <tt><i>host</i></tt>. This is used in the host and sign key file names. It must match the host name specified in the <tt>host</tt> option of the <tt>crypto</tt> configuration command.</dd>
+
+<dt><tt>-T</tt></dt>
+<dd>Generate a trusted certificate. By default, the program generates nontrusted certificates.</dd>
+
+<dt><tt>-V <i>nkeys</i></tt></dt>
+<dd>Generate server parameters <tt>MV</tt> and <tt><i>nkeys</i></tt> client keys for the Mu-Varadharajan (MV)  identity scheme. Note: support for this option should be considered a work in progress.</dd>
+</dl>
+
+<h4 id="rand">Random Seed File</h4>
+
+<p>All cryptographically sound key generation schemes must have means to randomize the entropy seed used to initialize the internal pseudo-random number generator used by the OpenSSL library routines. If a site supports <tt>ssh</tt>, it is very likely that means to do this are already available. The entropy seed used by the OpenSSL library is contained in a file, usually called <tt>.rnd</tt>, which must be available when starting the <tt>ntp-keygen</tt> program or <tt>ntpd</tt> daemon.</p>
+
+<p>The OpenSSL library looks for the file using the path specified by the <tt>RANDFILE</tt> environment variable in the user home directory, whether root or some other user. If the <tt>RANDFILE</tt> environment variable is not present, the library looks for the <tt>.rnd</tt> file in the user home directory. Since both the <tt>ntp-keygen</tt> program and <tt>ntpd</tt> daemon must run as root, the logical place to put this file is in <tt>/.rnd</tt> or <tt>/root/.rnd</tt>. If the file is not available or cannot be written, the program exits with a message to the system log.</p>
+<p>On systems that provide /dev/urandom, the randomness device is used instead and the file specified by the <tt>randfile</tt> subcommand or the <tt>RANDFILE</tt> environment variable is ignored.</p>
+
+<h4 id="priv">Cryptographic Data Files</h4>
+
+<p>File and link names are in the form <tt>ntpkey_<i>key</i>_<i>name</i>.<i>fstamp</i></tt>, where <tt><i>key</i></tt> is the key or parameter type, <tt><i>name</i></tt> is the host or group name and <tt><i>fstamp</i></tt> is the filestamp (NTP seconds) when the file was created). By convention, key fields in generated file names include both upper and lower case alphanumeric characters, while key fields in generated link names include only lower case characters. The filestamp is not used in generated link names.</p>
+
+<p>The key type is a string defining the cryptographic function. Key types include public/private keys <tt>host</tt> and <tt>sign</tt>, certificate <tt>cert</tt> and several challenge/response key types. By convention, files used for challenges have a <tt>par</tt> subtype, as in the IFF challenge <tt>IFFpar</tt>, while files for responses have a <tt>key</tt> subtype, as in the GQ response <tt>GQkey</tt>.</p>
+
+<p>All files begin with two nonencrypted lines. The first line contains the file name in the format <tt>ntpkey_<i>key</i>_<i>host</i>.<i>fstamp</i></tt>. The second line contains the datestamp in conventional Unix <tt>date</tt> format. Lines beginning with <tt>#</tt> are ignored.</p>
+
+<p>The remainder of the file contains cryptographic data encoded first using ASN.1 rules, then encrypted using the DES-CBC algorithm and given password and finally written in PEM-encoded printable ASCII text preceded and followed by MIME content identifier lines.</p>
+
+<p id="symkey">The format of the symmetric keys file is somewhat different than the other files in the interest of backward compatibility. Since DES-CBC is deprecated in NTPv4, the only key format of interest is MD5 alphanumeric strings. Following the header the keys are entered one per line in the format</p>
+
+<p><i><tt>keyno type key</tt></i></p>
+
+<p>where <i><tt>keyno</tt></i> is a positive integer in the range 1-65,535, <i><tt>type</tt></i> is the string <tt>MD5</tt> defining the key format and <i><tt>key</tt></i> is the key itself, which is a printable ASCII string 16 characters or less in length. Each character is chosen from the 93 printable characters in the range 0x21 through 0x7f excluding space and the '#' character.</p>
+
+<p>Note that the keys used by the <tt>ntpq</tt> and <tt>ntpdc</tt> programs are checked against passwords requested by the programs and entered by hand, so it is generally appropriate to specify these keys in human readable ASCII format.</p>
+
+<p>The <tt>ntp-keygen</tt> program generates a MD5 symmetric keys file <tt>ntpkey_MD5key_<i>hostname.filestamp</i></tt>. Since the file contains private shared keys, it should be visible only to root and distributed by secure means to other subnet hosts. The NTP daemon loads the file <tt>ntp.keys</tt>, so <tt>ntp-keygen</tt> installs a soft link from this name to the generated file. Subsequently, similar soft links must be installed by manual or automated means on the other subnet hosts. While this file is not used with the Autokey Version 2 protocol, it is needed to authenticate some remote configuration commands used by the <a href="ntpq.html"><tt>ntpq</tt></a> and <a href="ntpdc.html"><tt>ntpdc</tt></a> utilities.</p>
+
+<h4 id="bug">Bugs</h4>
+
+<p>It can take quite a while to generate some cryptographic values, from one to several minutes with modern architectures such as UltraSPARC and up to tens of minutes to an hour with older architectures such as SPARC IPC.</p>
+
+<hr>
+
+<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
+
+</body>
 
 </html>
\ No newline at end of file
diff --git a/html/ldisc.html b/html/ldisc.html
deleted file mode 100644
index 428a251..0000000
--- a/html/ldisc.html
+++ /dev/null
@@ -1,47 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-
-<html>
-
-	<head>
-		<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
-		<title>Line Disciplines and Streams Modules</title>
-		<link href="scripts/style.css" type="text/css" rel="stylesheet">
-	</head>
-
-	<body>
-		<h3>Line Disciplines and Streams Modules</h3>
-		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">18:40</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="246">Thursday, July 28, 2005</csobj></p>
-		<h4>Related Links</h4>
-		<script type="text/javascript" language="javascript" src="scripts/links11.txt"></script>
-		<hr>
-		<h4>Description</h4>
-		<p>Most radio and modem clocks used for a primary (stratum-1) NTP server utilize serial ports operating at speeds of 9600 baud or greater. The intrinsic delay and jitter contributed by the serial port hardware and software driver can accumulate up to a millisecond in newer Unix systems and tens of milliseconds in older ones. In order to reduce the effects of delay and jitter, a set of special line disciplines, stream modules and operating system calls (<tt>ioctls</tt>) can be configured in some Unix kernels. These routines intercept special characters or signals provided by the radio or modem clock and save a timestamp for later processing.</p>
-		<p>The routines provide two important functions. Some insert a timestamp in the receive data stream upon occurance of a designated character or characters at the serial interface. This can be used to timestamp an on-time character produced by a radio clock, for example. Other routines support an application program interface for pulse-per-second (PPS) signals generated by some radio clocks and laboratory instruments. These routines are normally accessed through the PPSAPI application program interface described below.</p>
-		<p>The routines can be compiled in the kernel in older BSD-derived systems, or installed as System V streams modules and either compiled in the kernel or dynamically loaded when required. In either case, they require minor changes in some kernel files and in the NTP daemon <tt>ntpd</tt>. The streams modules can be pushed and popped from the streams stack using conventional System V streams program primitives. Note that some Unix kernels do not support line disciplines and some do not support System V streams. The routines described here are known to work correctly with the Unix kernels called out in the descriptions, but have not been tested for other kernels.</p>
-		<h4><tt>tty_clk</tt> Line Discipline/Streams Module</h4>
-		<p>This routine intercepts characters received from the serial port and passes unchanged all except a set of designated characters to the generic serial port discipline. For each of the exception characters, the character is inserted in the receiver buffer followed by a local timestamp in Unix <tt>timeval</tt> format. Both <tt>select()</tt> and <tt>SIGIO</tt> are supported by the routine. Support for this routine is automatically detected during the NTP build process and interface code compiled as necessary.</p>
-		<p>There are two versions of the <tt>tty_clk</tt> routine. The <tt>tty_clk.c</tt> line discipline is designed for older BSD systems and is compiled in the kernel. The <tt>tty_clk_STREAMS.c</tt> is designed for System V streams, in which case it can be either compiled in the kernel or dynamically loaded. Since these programs are small, unobtrusive, and do nothing unless specifically enabled by an application program, it probably doesn't matter which version is chosen. Instructions on how to configure and build a kernel supporting either of these routines is in the <tt>README</tt> file in the <tt>./kernel</tt> directory.</p>
-		<p>The <tt>tty_clk</tt> routine defines a new ioctl <tt>CLK_SETSTR</tt>, which takes a pointer to a string of no more than 32 characters. Until the first <tt>CLK_SETSTR</tt> is performed, the routine will simply pass through characters. Once it is passed a string by <tt>CLK_SETSTR</tt>, any character in that string will be immediately followed by a timestamp in Unix <tt>timeval</tt> format. You can change the string whenever you want by doing another <tt>CLK_SETSTR</tt>. The character must be an exact, 8 bit match. The character '\000' cannot, be used, as it is the string terminator. Passing an empty string to <tt>CLK_SETSTR</tt> turns off timestamping. Passing <tt>NULL</tt> may produce surprising results.</p>
-		<h4><tt>TIOCDCDTIMESTAMP</tt> ioctl in FreeBSD</h4>
-		<p>This ioctl is included in FreeBSD 2.2 and later. It causes a timestamp to be inserted in the serial port receive data stream when the data carrier detect (DCD) signal is asserted. This is useful for those radio clocks that indicate the on-time epoch by means of a modem control signal. It is not recommended that this be used for PPS timestamps, as this function is available using the PPS application program interface included in FreeBSD 3.4 and later.</p>
-		<p>The <tt>TIOCDCDTIMESTAMP</tt> ioctl() is detected and compiled automatically on FreeBSD systems if available. With FreeBSD 2.2 the measured delay between activation of the DCD signal and the time the timestamp is captured on a 66MHz 486DX2 is 19 <font face="Symbol">m</font>s and on a 100MHz Pentium is 6 <font face="Symbol">m</font>s.</p>
-		<h4><tt>ppsclock</tt>Streams Module (depredated)</h4>
-		<p>This routine is a streams module which causes a timestamp to be captured when the DCD signal is asserted. It is normally used in connection with a PPS signal generated by some radio clocks. However, it is normally used only by the PPSAPI interface and SunOS 4.1.3 and should be avoided in other contexts. Instructions on how to configure and build a kernel supporting either of these routines is in the <tt>README</tt> file in the <tt>./kernel</tt> directory.</p>
-		<p>The ppsclock streams module implements the <tt>CIOGETEV</tt> ioctl, which takes a pointer to the structure</p>
-		<pre>
-struct ppsclockev {
-     struct timeval tv;
-     u_int serial;
-};
-</pre>
-		<p>The <tt>ppsclock</tt> module is pushed on the streams stack of the serial port connected to the DCD line. At each positive-going edge of the PPS signal, the routine latches the current local timestamp and increments a counter. At each <tt>CIOGETEV</tt> ioctl call, the current values of the timestamp and counter are returned in the <tt>ppsclockev</tt> structure.</p>
-		<h4><tt>TIOCSPPS</tt> and <tt>TIOCGETPPSEV</tt> ioctls in Solaris</h4>
-		<p>These ioctls are included in Solaris 2.4 and later. They implement the same function as the <tt>ppsclock</tt> streams module, but are implemented as integrated system calls independent of the streams facility. They are normally used in connection with a pulse-per-second (PPS) signal generated by some radio clocks. However, these ioctls are normally used only by the PPSAPI interface and should be avoided in other contexts. See the Sun documentation for the calling sequence and return values.</p>
-		<p>Users are cautioned that these ioctls function improperly in Solaris versions prior to 2.8 with patch Generic_108528-02.</p>
-		<h4><tt>tty_chu</tt> Line Discipline/Streams Module (depredated)</h4>
-		<p>This routine is a special purpose line discipline for receiving a special timecode broadcast by Canadian time and frequency standard station CHU. It has been removed from the distribution since its function has been replaced by the <a href="drivers/driver7.html">Radio CHU Audio Demodulator/Decoder (type 7)</a> clock driver.</p>
-		<hr>
-		<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
-	</body>
-
-</html>
\ No newline at end of file
diff --git a/html/manyopt.html b/html/manyopt.html
index 83869ca..a236f4f 100644
--- a/html/manyopt.html
+++ b/html/manyopt.html
@@ -5,77 +5,60 @@
 	<head>
 		<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
 		<meta name="generator" content="HTML Tidy, see www.w3.org">
-		<title>Automatic NTP Configuration Options</title>
+		<title>Automatic Server Discovery</title>
 		<link href="scripts/style.css" type="text/css" rel="stylesheet">
 	</head>
 
 	<body>
-		<h3>Automatic NTP Configuration Options</h3>
+		<h3>Automatic Server Discovery</h3>
 		<img src="pic/alice51.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/%7emills/pictures.html">from <i>Alice's Adventures in Wonderland</i>, Lewis Carroll</a>
 		<p>Make sure who your friends are.</p>
-		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">20:55</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="275">Tuesday, October 11, 2005</csobj></p>
-		<br clear="left">
+		<p>Last update: 
+			<!-- #BeginDate format:En2 -->25-Nov-2009<!-- #EndDate -->
+		UTC</p>
+<br clear="left">
 		<h4>Related Links</h4>
-		<script type="text/javascript" language="javascript" src="scripts/links9.txt"></script>
+		<script type="text/javascript" language="javascript" src="scripts/config.txt"></script>
 		<h4>Table of Contents</h4>
 		<ul>
-			<li class="inline"><a href="#bcst">Broadcasting</a>
-			<li class="inline"><a href="#mcst">Manycasting</a>
-			<li class="inline"><a href="#orphan">Orphan Mode</a>
-			<li class="inline"><a href="#opt">Server Discovery Options</a>
+			<li class="inline"><a href="#bcst">Broadcast/Multicast Scheme</a></li>
+			<li class="inline"><a href="#mcst">Manycast Scheme</a></li>
+			<li class="inline"><a href="#pool">Server Pool Scheme</a></li>
 		</ul>
 		<hr>
-		<h4 id="bcst">Broadcasting</h4>
-		<p>Broadcasting is the simplest way to provide automatic server discovery. It uses the multi-destination paradigm, where the subnet spanning tree is constructed automatically, either by the switches in an Ethernet LAN&nbsp;or the DVMRP&nbsp;or PIM&nbsp;protocols when spanning multiple networks.</p>
-		<p>A broadcast or multicast server is mobilized by the broadcast configuration command. The addresses can be either from the IPv4 broadcast/mulitcast address family or the IPv6 address family. Multiple broadcast server associations can be specified for a single host.</p>
-		<p>A host is enabled for broadcast reception using the <tt>broadcastclient</tt> configuration command, with or without the <tt>novolley</tt> option. Upon receiving the first message from a broadcast server, the client mobilizes an ephemeral client association and exchanges a volley of client/server messages in order to quickly authenticate the source, set the clock and measure the propagation delay, then reverts to listen-only mode. A multicast client is mobilized in the same way using the <tt>multicastclient</tt> configuration command and specified multicast group address.</p>
-		<p>Broadcasting can be used with either symmetric key or public key cryptography. Public key cryptography offers the best protection against compromised keys and is generally considered stronger. By default, either of these two means is required, but this can be overridden by the <tt>disable auth</tt> command.</p>
-		<p>In both broadcast and multicast client operations the client association is demobilized in case of error or timeout due to loss of server or connectivity. </p>
-		<h4 id="mcst">Manycasting</h4>
-		<p>Manycasting is a automatic discovery and configuration paradigm new to NTPv4. It is intended as a means for a client to troll the nearby network neighborhood to find cooperating servers, validate them using cryptographic means and evaluate their time values with respect to other servers that might be lurking in the vicinity. The intended result is that each client mobilizes associations with a given number of the &quot;best&quot; nearby servers, yet automatically reconfigures to sustain this number of servers should one or another fail.</p>
-		<p>Note that the manycast paradigm does not coincide with the anycast paradigm described in RFC-1546, which is designed to find a single server from a clique of servers providing the same service. The manycast paradigm is designed to find a plurality of redundant servers satisfying defined optimality criteria.</p>
-		<p>Manycasting can be used with either symmetric key or public key cryptography. Public key cryptography offers the best protection against compromised keys and is generally considered stronger. By default, either of these two means is required, but this can be overridden by the <tt>disable auth</tt> command.</p>
-		<p>A manycast client association is configured using the <tt>manycastclient</tt> configuration command, which is similar to the <tt>server</tt> configuration command, but with a broadcast or multicast address. Depending on address family. The manycast client sends ordinary client mode messages, but with a broadcast address rather than a unicast address. It sends only if less than a given threshold of servers have been found and then only at the minimum feasible rate and minimum feasible time-to-live (TTL) hops. There can be as many manycast client associations as different broadcast addresses, each one serving as a template for a future unicast client/server association.</p>
-		<p>Manycast servers configured with the <tt>manycastserver</tt> command listen on the specified broadcast address for manycast client messages. If a manycast server is in scope of the current TTL and is itself synchronized to a valid source and operating at a stratum level equal to or lower than the manycast client, it replies to the manycast client message with an ordinary unicast server message.</p>
-		<p>The manycast client receiving this message mobilizes a preemptable client association according to the matching manycast client template, but only if cryptographically authenticated and the server stratum is less than or equal to the client stratum. The client runs the NTP mitigation algorithms, which act to demobilize all but a threshold number of associations according to stratum and synchronization distance. The surviving associations then continue in ordinary client/server mode.</p>
-		<p>If for some reason the number of available servers falls below the threshold, the manycast client resumes sending broadcast messages. The polling strategy is designed to reduce as much as possible the volume of broadcast messages and the effects of implosion due to near-simultaneous arrival of manycast server messages. The strategy is determined by the <tt>tos</tt> and <tt>ttl</tt> configuration commands described below.</p>
-		<p>It is possible and frequently useful to configure a host as both manycast client and manycast server. A number of hosts configured this way and sharing a common group address will automatically organize themselves in an optimum configuration based on stratum and synchronization distance.</p>
-		<p>For example, consider an NTP subnet of two primary servers and several secondary servers and a number of dependent clients. With twoAll servers and clients have identical configuration files including both <tt>multicastclient</tt> and <tt>multicastserver</tt> commands using, for instance, multicast group address 239.1.1.1. Each primary server configuration file must include commands for the primary reference source such as a GPS receiver.</p>
-		<p>The remaining configuration files for all secondary servers and clients have the same contents, except for the <tt>tos</tt> command, which is specific for each stratum level. For stratum 1 and stratum 2 servers, that command is not necessary. For stratum 3 and above servers the <tt>tos floor</tt> value is set to the intended stratum number. Thus, all stratum 3 configuration files use <tt>tos floor 3</tt>, all stratum 4 files use <tt>tos floor 4</tt> and so forth.</p>
-		<p>Once operations have stabilized, the primary servers will find the primary reference source and each other, since they both operate at the same stratum (1), but not with any secondary server or client, since these operate at a higher stratum. The secondary servers will find the servers at the same stratum level. If one of the primary servers loses its GPS receiver, it will continue to operate as a client and other clients will time out the corresponding association and re-associate accordingly.</p>
-		<h4 id="orphan">Orphan Mode</h4>
-		<p>Sometimes it is necessary to operate an NTP&nbsp;subnet in isolation, because a local reference clock is unavailable or connectivity to the Internet is not provided. In such cases it may be necessary that the subnet servers and clients remain synchronized to a common timescale, not necessarily the UTC&nbsp;timescale. Previously, this function was provided by the local clock driver, which could be configured for a server that could be reached, directly or indirectly from all other servers and clients in the subnet.</p>
-		<p>There are many disadvantages using the local clock driver: multiple source redundancy is not possible and the subnet is vulnerable to single-point failures. Orphan mode is intended to replace the need for the local clock driver. It operates in subnet configurations in all modes, including broadcast, and multiple servers and clients and handles seamless switching as primary sources fail and recover.</p>
-		<p>A server or client is enabled for orphan mode using the <tt>tos orphan <i>stratum</i></tt> command, where <tt><i>stratum</i></tt> is some stratum less than 16 and greater than any anticipated stratum that might occur with ordinary Internet servers. This is the same consideration that guides the local clock driver stratum.</p>
-		<p>As long as the stratum of any orphan is less than the orphan stratum, the servers and clients operate in the normal way. However, if the stratum equals or exceeds this stratum, the server or client is considered an orphan. If under these conditions a host has no sources of the same or lower stratum, it is designated an orphan parent; otherwise, it is considered an orphan child. Orphan parents show offset zero, root delay zero and reference ID&nbsp;127.0.0.1, which of course is the Unix loopback address. Orphan children show the mitigated offset of their servers, root delay randomized over a moderate range and reference ID of their system peer. An important distinction is that the entire subnet operates at the same orphan stratum and that the order of preference is the root delay, not the stratum and root distance as usual.</p>
-		<p>For the most flexible and reliable operation, all servers and clients in the subnet should include the <tt>orphan</tt> command in the configuration file and with the same orphan stratum. This provides mutual redundancy and diversity for all NTP&nbsp;modes of operation, including broadcast.</p>
-		<p>For example, consider the case where several campus secondary (stratum 2) servers are configured for public Internet primary servers and with each other using symmetric modes. These servers provide synchronization with a number of department servers using broadcast mode, where each of these servers is configured as both a broadcast server and broadcast client. Individual workstations on the department LAN&nbsp;are configured as broadcast clients only. All servers (not necessarily the clients) have the <tt>orphan 5</tt> command, for example.</p>
-		<p>In normal operation all servers and clients operate below stratum 5, so operate with the subnet configuration determined by stratum and root distance. If all sources are lost at any stratum level, the server or client continues operation as orphan parent. However, if sources at the orphan stratum are found, the host synchronizes to the source with lowest root delay. Since orphan root delay is determined randomly at startup, loops are avoided, even in broadcast modes where multiple servers are available.</p>
-		<h4 id="opt">Server Discovery Options</h4>
-		<dl>
-			<dt><tt>tos [ ceiling <i>ceiling</i> | cohort {0 | 1} | floor <i>floor</i> | orphan <i>orphan</i> | maxdistance <i>maxdistance</i> | minclock <i>minclock</i> | minsane <i>minsane</i> ]</tt>
-			<dd>This command affects the clock selection and clustering algorithms. It can be used to select the quality and quantity of peers used to synchronize the system clock and is most useful in manycast mode. The variables operate as follows:
-				<dl>					<dt><tt>beacon <i>beacon</i></tt>
-					<dd>The manycast server sends packets at intervals of 64 s if less than  <i><tt>maxclock</tt></i> servers are available. Otherwise, it sends packets at the <i><tt>beacon</tt></i> interval in seconds. The default is 3600 s.<dt><tt>ceiling <i>ceiling</i></tt>
-					<dd>Servers with stratum at or above <i>ceiling</i> will be discarded if there are at least <i><tt>minclock</tt></i> peers remaining. This value defaults to 15, but can be changed to any number from 1 to 15.
-					<dt><tt>cohort { 0 | 1 }</tt>
-					<dd>This is a binary flag which enables (0) or disables (1) manycast server replies to manycast clients with the same stratum level. This is useful to reduce implosions where large numbers of clients with the same stratum level are present. The default is to enable these replies.
-					<dt><tt>floor <i>floor</i></tt>
-					<dd>Peers with strata below <i>floor</i> will be discarded if there are at least <i>minclock</i> peers remaining. This value defaults to 1, but can be changed to any number from 1 to 15.
-					<dt><tt>orphan <i>stratum</i></tt>
-					<dd>If <tt><i>stratum</i></tt> is set at some value less than 16 a special orphan mode is enterred when no outside source of synchronization is available. To use orphan mode a number of participants are identically configured both as broadcast client and as broadcast server. One or more participants are configured to use an outside source, either a reference clock or another Internet server. When the source or sources fail, the system stratum is set at <tt><i>stratum</i></tt> and a leader is elected to serve as the reference source. When an outside source of synchronization is again available, the orphan mode is disabled.<dt><tt>mindist <i>mindistance</i></tt>
-					<dd>The slection algorithm normally pads each intersection a minimum of one millisecond to avoid needless classification. In some cases, such as reference clocks with high jitter and a PPS signal, it is useful to increase the padding. This command can be used for that purpose. As a general rule, set the mindistance to the maximum expected offset plus the maxiumum expected jitter, in seconds.
-					<dt><tt>maxdist <i>maxdistance</i></tt>
-					<dd>The selection algorithm accumulates a number of packets before setting the clock in order to use the best data available. The number is determined by the synchronization distance for each association and a limit called the distance threshold. The synchronization distance starts at 16, then drops by a factor of about two as each packet is received. The default distance threshold is 1.0, which usually results in four packets. Setting maxdistance to some value between 1 and 16 can be used to change the number of packets required. For instance, setting it to 16 will set the clock on the first packet received; howver, setting it to this value essentially disables the mitigation and grooming algorithms.
-					<dt><tt>minclock <i>minclock</i></tt>
-					<dd>The clustering algorithm repeatedly casts out outlyer associations until no more than <i>minclock</i> associations remain. This value defaults to 3, but can be changed to any number from 1 to the number of configured sources.
-					<dt><tt>minsane <i>minsane</i></tt>
-					<dd>This is the minimum number of candidates available to the clock selection algorithm in order to produce one or more truechimers for the clustering algorithm. If fewer than this number are available, the clock is undisciplined and allowed to run free. The default is 1 for legacy purposes. However, according to principles of Byzantine agreement, <i>minsane</i> should be at least 4 in order to detect and discard a single falseticker.
-				</dl>
-			
-			<dt><tt>ttl <i>hop</i> ...</tt>
-			<dd>This command specifies a list of TTL values in increasing order. up to 8 values can be specified. In manycast mode these values are used in turn in an expanding-ring search. The default is eight multiples of 32 starting at 31.
-		</dl>
+		<h4 id="modes">Introduction</h4>
+		<p>This page describes the automatic server discovery schemes provided in NTPv4. Details about the configuration commands and options are described on the <a href="confopt.html">Configuration Options</a> page. Details about the cryptographic authentication schemes are described on the <a href="authopt.html">Authentication Options</a> page. Details about the other modes not directly involved in these schemes are described on the <a href="assoc.html">Association Management</a> page. Additional information is available in the papers, reports, memoranda and briefings on the <a href="http://www.eecis.udel.edu/%7emills/ntp.html">NTP Project</a> page.</p>
+		<p>There are three automatic server discovery schemes: broadcast/multicast, manycast and server pool described on this page. The broadcast/multicast and manycast schemes utilize the ubiquitous broadcast or one-to-many paradigm native to IPv4 and IPv6. The server pool scheme uses DNS to resolve addresses of multiple volunteer servers scattered throughout the world. All three schemes work in much the same way and might be described as <i>grab-n'-prune</i>. Through one means or another they grab a number of associations either directly or indirectly from the configuration file, order them from best to worst according to a defined metric, then cast off the associations with the lowest  metric until no more than the number specified by the <tt>maxclock</tt> option of the <tt>tos </tt>command remain.</p>
+		<h4>Association Management</h4>
+		<p>All schemes use a stratum filter to select just those servers with stratum considered useful. This can avoid large numbers of clients ganging up on a small number of low-stratum servers and avoid servers below or above specified stratum levels. By default, servers of all strata are acceptable; however, the <tt>tos</tt> command can be used to restrict the acceptable range from the <tt>floor</tt> option, inclusive, to the <tt>ceiling</tt> option, exclusive. Potential servers operating at the same stratum as the client will be avoided, unless the <tt>cohort</tt> option is present.</p>
+		<p>The pruning process is handled using a set of counters, one for each preemptible association. Once each poll interval the counter is increased by one. If the association survives the selection and clustering algorithms; that is, it is a candidate for synchronization, the counter is reset to zero. If not and the counter reaches a defined threshold and the number of assocations is greater than <tt>maxclock</tt>, the association becomes a candidate for pruning. The pruning algorithm assigns to each association a metric ranging from the lowest, corresponding to no possibility of synchronization, to the highest, corresponding to a very likely possibility of synchronization. Upon reaching the threshold, an association is demobilized if it has the lowest metric of all associations. Operation continues in this way until the number of remaining associations is not greater than <tt>maxclock</tt>.</p>
+		<p>Following is a summary of each scheme. Note that reference to option applies to the commands described on the <a href="confopt.html">Configuration Options</a> page. See that page for applicability and defaults.</p>
+		<h4 id="bcst">Broadcast/Multicast Scheme</h4>
+		<p>A broadcast server generates messages continuously at intervals by default 64 s and time-to-live by default 127. These defaults can be overriden by the <tt>minpoll</tt> and <tt>ttl</tt> options, respectively. Not all kernels support the <tt>ttl</tt> option. A broadcast client responds to the first message received by waiting a randomized interval to avoid implosion at the server. It then polls the server in client/server mode using the <tt>iburst</tt> option in order to quickly authenticate the server, calibrate the propagation delay and set the host clock. This normally results in a volley of six client/server exchanges at 2-s intervals during which both the synchronization and cryptographic protocols run concurrently.</p>
+		<p>Following the volley, the server continues in listen-only mode and sends no further messages. If for some reason the broadcast server does not respond to these messages, the client will cease transmission and continue in listen-only mode with a default propagation delay. The volley can be avoided by using the <tt>authdelay</tt> command with nonzero argument.</p>
+		<p>A server is configured in broadcast mode using the <tt>broadcast</tt> command and specifying the broadcast address of a local interface. If two or more local interfaces are installed with different broadcast addresses, a <tt>broadcast</tt> command is needed for each address. This provides a way to limit exposure in a firewall, for example. A broadcast client is configured using the <tt>broadcastclient</tt> command. </p>
+		<p>NTP multicast mode can be used to extend the scope using IPv4 multicast or IPv6 broadcast with defined span. The IANA has assigned IPv4 multicast address 224.0.1.1 and IPv6 address FF05::101 (site local) to NTP, but these addresses should be used only where the multicast span can be reliably constrained to protect neighbor networks. In general, administratively scoped IPv4 group addresses should be used, as described in RFC-2365, or GLOP group addresses, as described in RFC-2770.</p>
+		<p>A multicast server is configured using the <tt>broadcast</tt> command, but specifying a multicast address instead of a broadcast address. A multicast client is configured using the <tt>multicastclient</tt> command specifying a list of one or more multicast addresses. Note that there is a subtle distinction between the IPv4 and IPv6 address families. The IPv4 broadcast or mulitcast mode is determined by the IPv4 class. For IPv6 the same distinction can be made using the link-local prefix FF02 for each interface and site-local prefix FF05 for all interfaces.</p>
+		<p>It is possible and frequently useful to configure a host as both broadcast client and broadcast server. A number of hosts configured this way and sharing a common broadcast address will automatically organize themselves in an optimum configuration based on stratum and synchronization distance.</p>
+		<p>Since an intruder can impersonate a broadcast server and inject false time values, broadcast mode should always be cryptographically authenticated. By default, a broadcast association will not be mobilized unless cryptographically authenticated. If necessary, the <tt>auth</tt> option of the <tt>disable</tt> command will disable this feature. The feature can be selectively enabled using the <tt>notrust</tt> option of the <tt>restrict</tt> command.</p>
+		<p>With symmetric key cryptography each broadcast server can use the same or different keys. In one scenario on a broadcast LAN,&nbsp;a set of broadcast clients and servers share the same key along with another set that share a different key. Only the clients with matching key will respond to a server broadcast.</p>
+		<p>Public key cryptography can be used with some restrictions. If multiple servers belonging to different secure groups share the same broadcast LAN, the clients on that LAN&nbsp;must have the client keys for all of them. This scenario is illustrated in the example on the <a href="authopt.html">Authentication Options</a> page.</p>
+		<h4 id="mcst">Manycast Scheme</h4>
+		<p>Manycast is a automatic server discovery and configuration paradigm new to NTPv4. It is intended as a means for a client to troll the nearby network neighborhood to find cooperating servers, validate them using cryptographic means and evaluate their time values with respect to other servers that might be lurking in the vicinity. It uses the grab-n'-drop paradigm with the additional feature that active means are used to grab additional servers should the number of survivors fall below the <tt>minclock</tt> option of the <tt>tos</tt> command.</p>
+		<p>The manycast paradigm is not the anycast paradigm described in RFC-1546, which is designed to find a single server from a clique of servers providing the same service. The manycast paradigm is designed to find a plurality of redundant servers satisfying defined optimality criteria.</p>
+		<p>A manycast clients is configured using the <tt>manycastclient</tt> configuration command, which is similar to the <tt>server</tt> configuration command. It sends ordinary client mode messages, but with a broadcast address rather than a unicast address and sends only if less than <tt>minclock</tt> associateons remain and then only at the minimum feasible rate and minimum feasible time-to-live (TTL) hops. The polling strategy is designed to reduce as much as possible the volume of broadcast messages and the effects of implosion due to near-simultaneous arrival of manycast server messages. There can be as many manycast client associations as different addresses, each one serving as a template for a future unicast client/server association.</p>
+		<p>A manycast server is configured using the <tt>manycastserver</tt> command, which listens on the specified broadcast address for manycast client messages. If a manycast server is in scope of the current TTL and is itself synchronized to a valid source and operating at a stratum level equal to or lower than the manycast client, it replies with an ordinary unicast server message.</p>
+		<p>The manycast client receiving this message mobilizes a preemptable client association according to the matching manycast client template, but only if cryptographically authenticated and the server stratum is less than or equal to the client stratum. </p>
+		<p>It is possible and frequently useful to configure a host as both manycast client and manycast server. A number of hosts configured this way and sharing a common multicast group address will automatically organize themselves in an optimum configuration based on stratum and synchronization distance.</p>
+		<p>The use of cryptograpic authentication is always a good idea in any server descovery scheme. Both symmetric key and public key cryptography can be used in the same scenarios as described above for the broadast/multicast scheme.</p>
+		<h4 id="pool">Server Pool Scheme</h4>
+		<p>The idea of targeting servers on a random basis to distribute and balance the load is not a new one; however, the NTP pool scheme puts this on steroids. At present, several hundred operators around the globe have volunteered their servers for public access. In general, NTP&nbsp;is a lightweight service and servers used for other purposes don't mind an additional small load. The trick is to randomize over the population and minimize the load on any one server while retaining the advantages of multiple servers using the NTP&nbsp;mitigation algorithms.</p>
+		<p>To support this service the DNS&nbsp;for some volunteer servers as been
+			modified to collect a number of other volunteer&nbsp;servers and return a
+			randomized list in response to a DNS query. The client receiving this list
+			mobilizes some or all of them just as in the other discovery schemes and casts
+			off the excess.</p>
+		<p>The pool scheme is configured using one or <tt>pool</tt> commands with the DNS name <tt><i>region</i>.pool.ntp.org</tt>, where <tt><i>region</i></tt> is a region of the world, country of the region or state of the country or even the whole world if absent. The <tt>pool</tt> command can be used more than once; duplicate servers are detected and discarded. In principle, it is possible to use a configuration file containing a single line <tt>pool pool.ntp.org</tt>.</p>
 		<hr>
 		<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
 	</body>
diff --git a/html/measure.html b/html/measure.html
deleted file mode 100644
index 9cce97a..0000000
--- a/html/measure.html
+++ /dev/null
@@ -1,23 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-
-<html>
-
-	<head>
-		<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
-		<title>Time and Time Interval Measurement with Application to Computer and Network Performance Evaluation</title>
-		<link href="scripts/style.css" type="text/css" rel="stylesheet">
-	</head>
-
-	<body>
-		<h3>Time and Time Interval Measurement with Application to Computer and Network Performance Evaluation</h3>
-		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">18:41</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="246">Thursday, July 28, 2005</csobj></p>
-		<hr>
-		<p>The technical memorandum: <cite>Time and Time Interval Measurement with Application to Computer and Network Performance Evaluation</cite><a href="http://www.eecis.udel.edu/%7emills/database/memos/memo96a.ps">(PostScript) </a>describes a number of techniques for conducting experiments typical of computer network and transmission systems engineering.</p>
-		<p>In most experiments in which time is involved, it is necessary to develop estimates of time, frequency and measurement errors from a series of time measurements between the clocks of a number of computers and ancillary devices interconnected by some kind of computer network. However, time is not a physical quantity, such as mass, nor can it be measured relative to an absolute frame of reference, such as velocity. The only way to measure time in our universe is to compare the reading of one clock, which runs according to its own timescale, with another clock, which runs according to a given timescale, at some given instant or epoch. The errors arise from the precision of time comparisons and the accuracy of frequency estimates between the timescales involved.</p>
-		<p>The usual data collected during a performance run of some experiment might include time offsets, time delays, frequency offsets and various error statistics. While time offsets between two clocks can be measured directly, frequency offsets can be estimated only from two or more time offsets made over some time interval in the experiment. In practice, a sequence of time comparisons can be performed over the lifetime of the experiment and the instantaneous frequency estimated either in real time with a recurrence relation, or retrospectively with a polynomial fit to the data.</p>
-		<p>Estimating time and frequency errors in real time has been studied by a distinct subspecies of physicists who have made a career of the technology involved. Various means including autoregressive models, Kalman filters and simple weighted-average algorithms are used extensively by national standards laboratories to model cesium-clock ensembles. These techniques have been adapted to computer network and transmission engineering problems as well. This memorandum explores issues in performing experiments of this type and summarizes various techniques found useful in practice.</p>
-		<hr>
-		<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
-	</body>
-
-</html>
\ No newline at end of file
diff --git a/html/miscopt.html b/html/miscopt.html
index 54041b1..800a4f2 100644
--- a/html/miscopt.html
+++ b/html/miscopt.html
@@ -12,110 +12,123 @@
 		<h3>Miscellaneous Options</h3>
 		<img src="pic/boom3.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/~mills/pictures.html">from <i>Pogo</i>, Walt Kelly</a>
 		<p>We have three, now looking for more.</p>
-		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">18:50</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="271">Monday, January 09, 2006</csobj></p>
+		<p>Last update:
+			<!-- #BeginDate format:En2m -->13-Nov-2009  19:08<!-- #EndDate --> 
+			UTC</p>
 		<br clear="left">
-		<h4>Related Links</h4>
-		<script type="text/javascript" language="javascript" src="scripts/links7.txt"></script>
+	<h4>Related Links</h4>
+		<script type="text/javascript" language="javascript" src="scripts/command.txt"></script>
+		<script type="text/javascript" language="javascript" src="scripts/miscopt.txt"></script>
 		<hr>
 		<dl>
-			<dt><tt>broadcastdelay <i>seconds</i></tt>
-			<dd>The broadcast and multicast modes require a special calibration to determine the network delay between the local and remote servers. Ordinarily, this is done automatically by the initial protocol exchanges between the client and server. In some cases, the calibration procedure may fail due to network or server access controls, for example. This command specifies the default delay to be used under these circumstances. Typically (for Ethernet), a number between 0.003 and 0.007 seconds is appropriate. The default when this command is not used is 0.004 seconds.
-			<dt><tt>calldelay <i>delay</i></tt>
-			<dd>This option controls the delay in seconds between the first and second packets sent in burst or iburst mode to allow additional time for a modem or ISDN call to complete.
-			<dt><tt>driftfile <i>driftfile</i> [<i>
-		minutes </i> [<i> tolerance </i>] ]</tt>
-			<dd>This command specifies the complete path and name of the file used to record the frequency of the local clock oscillator. This is the same operation as the <tt>-f</tt> command linke option. If the file exists, it is read at startup in order to set the initial frequency and then updated once per hour with the current frequency computed by the daemon. If the file name is specified, but the file itself does not exist, the starts with an initial frequency of zero and creates the file when writing it for the first time. If this command is not given, the daemon will always start with an initial frequency of zero.
-				<p>The file format consists of a single line containing a single floating point number, which records the frequency offset measured in parts-per-million (PPM). The file is updated by first writing the current drift value into a temporary file and then renaming this file to replace the old version. This implies that <tt>ntpd</tt> must have write permission for the directory the drift file is located in, and that file system links, symbolic or otherwise, should be avoided.</p>
-			
-<p>The two optional values determine how often the file is written, and
-are particuarly useful when is it desirable to avoid spinning up the
-disk unnecessarily.  The parameter <tt>minutes</tt> is how often the file will be written.  If omitted or less
-than 1, the interval will be 60 minutes (one hour).  The parameter <tt>tolerance</tt> is the
-threshold to skip writing the new value.  If the new value is within
-<tt>tolerance</tt> percent of the last value written (compared out to 3
-decimal places), the write will be
-skipped. The default is 0.0, which means that the write will occur
-unless the current and previous values are the same.  A tolerance of
-.1 equates roughly to a difference in the 2nd decimal place.</p>
-<dt><tt>enable [ auth | bclient | calibrate | kernel | monitor | ntp | pps | stats]</tt><br>
-				<tt>disable [ auth | bclient | calibrate | kernel | monitor | ntp | pps | stats ]</tt>
+			<dt id="broadcastdelay"><tt>broadcastdelay <i>seconds</i></tt></dt>
+			<dd>The broadcast and multicast modes require a special calibration to determine the network delay between the local and remote servers. Ordinarily, this is done automatically by the initial protocol exchanges between the client and server. In some cases, the calibration procedure may fail due to network or server access controls, for example. This command specifies the default delay to be used under these circumstances. Typically (for Ethernet), a number between 0.003 and 0.007 seconds is appropriate.</dd>
+			<dt id="driftfile"><tt>driftfile <i>driftfile</i> { <i>tolerance</i> ]</tt></dt>
+			<dd>This command specifies the complete path and name of the file used to record the frequency of the local clock oscillator. This is the same operation as the <tt>-f</tt> command linke option. If the file exists, it is read at startup in order to set the initial frequency and then updated once per hour or more with the current frequency computed by the daemon. If the file name is specified, but the file itself does not exist, the starts with an initial frequency of zero and creates the file when writing it for the first time. If this command is not given, the daemon will always start with an initial frequency of zero.</dd>
+				<dd>The file format consists of a single line containing a single floating point number, which records the frequency offset measured in parts-per-million (PPM). The file is updated by first writing the current drift value into a temporary file and then renaming this file to replace the old version. This implies that <tt>ntpd</tt> must have write permission for the directory the drift file is located in, and that file system links, symbolic or otherwise, should be avoided.</dd>
+				<dd>The parameter <tt>tolerance</tt> is the wander threshold to skip writing the new value. If the value of wander computed from recent frequency changes is greater than this threshold the file will be updated once per hour. If below the threshold, the file will not be written.</dd>
+			<dt id="enable"><tt>enable [ auth | bclient | calibrate | kernel | monitor | ntp | pps | stats]</tt><br>
+			<tt>disable [ auth | bclient | calibrate | kernel | monitor | ntp | pps | stats ]</tt></dt>
 			<dd>Provides a way to enable or disable various system options. Flags not mentioned are unaffected. Note that all of these flags can be controlled remotely using the <a href="ntpdc.html"><tt>ntpdc</tt></a> utility program.
 				<dl>
-					<dt><tt>auth</tt>
-					<dd>Enables the server to synchronize with unconfigured peers only if the peer has been correctly authenticated using either public key or private key cryptography. The default for this flag is enable.
-					<dt><tt>bclient</tt>
-					<dd>Enables the server to listen for a message from a broadcast or multicast server, as in the <tt>multicastclient</tt> command with default address. The default for this flag is disable.
-					<dt><tt>calibrate</tt>
-					<dd>Enables the calibrate feature for reference clocks. The default for this flag is disable.
-					<dt><tt>kernel</tt>
-					<dd>Enables the kernel time discipline, if available. The default for this flag is enable if support is available, otherwise disable.
-					<dt><tt>monitor</tt>
-					<dd>Enables the monitoring facility. See the <tt>ntpdc</tt> program and the <tt>monlist</tt> command or further information. The default for this flag is enable.
-					<dt><tt>ntp</tt>
-					<dd>Enables time and frequency discipline. In effect, this switch opens and closes the feedback loop, which is useful for testing. The default for this flag is enable.
-					<dt><tt>pps</tt>
-					<dd>Enables the pulse-per-second (PPS) signal when frequency and time is disciplined by the precision time kernel modifications. See the <a href="kern.html">A Kernel Model for Precision Timekeeping</a> page for further information. The default for this flag is disable.
-					<dt><tt>stats</tt>
-					<dd>Enables the statistics facility. See the <a href="monopt.html">Monitoring Options</a> page for further information. The default for this flag is disable
+					<dt><tt>auth</tt></dt>
+					<dd>Enables the server to synchronize with unconfigured peers only if the peer has been correctly authenticated using either public key or private key cryptography. The default for this flag is enable.</dd>
+					<dt><tt>bclient</tt></dt>
+					<dd>Enables the server to listen for a message from a broadcast or multicast server, as in the <tt>multicastclient</tt> command with default address. The default for this flag is disable.</dd>
+					<dt><tt>calibrate</tt></dt>
+					<dd>Enables the calibrate feature for reference clocks. The default for this flag is disable.</dd>
+					<dt><tt>kernel</tt></dt>
+					<dd>Enables the kernel time discipline, if available. The default for this flag is enable if support is available, otherwise disable.</dd>
+					<dt><tt>monitor</tt></dt>
+					<dd>Enables the monitoring facility. See the <tt>ntpdc</tt> program and the <tt>monlist</tt> command or further information. The default for this flag is enable.</dd>
+					<dt><tt>ntp</tt></dt>
+					<dd>Enables time and frequency discipline. In effect, this switch opens and closes the feedback loop, which is useful for testing. The default for this flag is enable.</dd>
+					<dt><tt>stats</tt></dt>
+					<dd>Enables the statistics facility. See the <a href="monopt.html">Monitoring Options</a> page for further information. The default for this flag is disable.</dd>
 				</dl>
-			<dt><tt>includefile <i>includefile</i></tt>
-			<dd>This command allows additional configuration commands to be included from a separate file. Include files may be nested to a depth of five; upon reaching the end of any include file, command processing resumes in the previous configuration file. This option is useful for sites that run <tt>ntpd</tt> on multiple hosts, with (mostly) common options (e.g., a restriction list).
-			<dt><tt>logconfig <i>configkeyword</i></tt>
-			<dd>This command controls the amount and type of output written to the system <tt>syslog</tt> facility or the alternate <tt>logfile</tt> log file. All <i><tt>configkeyword</tt></i> keywords can be prefixed with <tt>=</tt>, <tt>+</tt> and <tt>-</tt>, where <tt>=</tt> sets the <tt>syslogmask</tt>, <tt>+</tt> adds and <tt>-</tt> removes messages. <tt>syslog messages</tt> can be controlled in four classes (<tt>clock</tt>, <tt>peer</tt>, <tt>sys</tt> and <tt>sync</tt>). Within these classes four types of messages can be controlled: informational messages (<tt>info</tt>), event messages (<tt>events</tt>), statistics messages (<tt>statistics</tt>) and status messages (<tt>status</tt>).
-				<p>Configuration keywords are formed by concatenating the message class with the event class. The <tt>all</tt> prefix can be used instead of a message class. A message class may also be followed by the <tt>all</tt> keyword to enable/disable all messages of the respective message class. By default, <tt>logconfig</tt> output is set to <tt>allsync</tt>.
-			<p>Thus, a minimal log configuration could look like this:</p>
-				<p><tt>logconfig=syncstatus +sysevents</tt></p>
-				<dl>
-					<dd>
-						<p>This would just list the synchronizations state of <tt>ntpd</tt> and the major system events. For a simple reference server, the following minimum message configuration could be useful:</p>
-					
-				</dl>
-			
-			<dd>
-				<p><tt>logconfig=allsync +allclock</tt></p>
-				<dl>
-					<dd>
-						<p>This configuration will list all clock information and synchronization information. All other events and messages about peers, system events and so on is suppressed.</p>
-					
-				</dl>
-				<dt><tt>logfile <i>logfile</i></tt>
-				<dl>
-					<dd>
-						<p>This command specifies the location of an alternate log file to be used instead of the default system <tt>syslog</tt> facility. This is the same operation as the <tt>-l </tt>command line option.</p>
-					
-				</dl>
-			<dt><tt>phone <i>dial</i>1 <i>dial</i>2 ...</tt>
-				<dl>
-					<dd>This command is used in conjunction with the ACTS modem driver (type 18). The arguments consist of a maximum of 10 telephone numbers used to dial USNO, NIST or European time services. The Hayes command ATDT&nbsp;is normally prepended to the number, which can contain other modem control codes as well.
-				</dl>
-			<dt><tt>setvar <i>variable</i> [default]</tt>
-			<dd>This command adds an additional system variable. These variables can be used to distribute additional information such as the access policy. If the variable of the form <tt><i>name</i> = <i>value</i></tt> is followed by the <tt>default</tt> keyword, the variable will be listed as part of the default system variables (<tt>ntpq rv</tt> command). These additional variables serve informational purposes only. They are not related to the protocol other that they can be listed. The known protocol variables will always override any variables defined via the <tt>setvar</tt> mechanism. There are three special variables that contain the names of all variable of the same group. The <tt>sys_var_list</tt> holds the names of all system variables. The <tt>peer_var_list</tt> holds the names of all peer variables and the <tt>clock_var_list</tt> holds the names of the reference clock variables.
-			<dt><tt>tinker [ allan <i>allan</i> | dispersion <i>dispersion</i> | freq <i>freq</i> | huffpuff <i>huffpuff</i> | panic <i>panic</i> | step <i>step</i> | stepout <i>stepout</i> ]</tt>
-			<dd>This command can be used to alter several system variables in very exceptional circumstances. It should occur in the configuration file before any other configuration options. The default values of these variables have been carefully optimized for a wide range of network speeds and reliability expectations. In general, they interact in intricate ways that are hard to predict and some combinations can result in some very nasty behavior. Very rarely is it necessary to change the default values; but, some folks can't resist twisting the knobs anyway and this command is for them. Emphasis added: twisters are on their own and can expect no help from the support group.
-				<p>The variables operate as follows:</p>
-				<dl>
-					<dt><tt>allan <i>allan</i></tt>
-					<dd>The argument becomes the new value for the Allan intercept, which is a parameter of the PLL/FLL clock discipline algorithm. The value is in  seconds with default 1500 s, which is appropriate for most computer clocks.<dt><tt>dispersion <i>dispersion</i></tt>
-					<dd>The argument becomes the new value for the dispersion increase rate, normally .000015 s/s.
-					<dt><tt>freq <i>freq</i></tt>
-					<dd>The argument becomes the initial value of the frequency offset in parts-per-million. This overrides the value in the frequency file, if present, and avoids the initial training state if it is not.
-					<dt><tt>huffpuff <i>huffpuff</i></tt>
-					<dd>The argument becomes the new value for the experimental huff-n'-puff filter span, which determines the most recent interval the algorithm will search for a minimum delay. The lower limit is 900 s (15 m), but a more reasonable value is 7200 (2 hours). There is no default, since the filter is not enabled unless this command is given.
-					<dt><tt>panic <i>panic</i></tt>
-					<dd>The argument is the panic threshold, by default 1000 s. If set to zero, the panic sanity check is disabled and a clock offset of any value will be accepted.
-					<dt><tt>step <i>step</i></tt>
-					<dd>The argument is the step threshold, by default 0.128 s. It can be set to any positive number in seconds. If set to zero, step adjustments will never occur. Note:&nbsp;The kernel time discipline is disabled if the step threshold is set to zero or greater than the default.
-					<dt><tt>stepout <i>stepout</i></tt>
-					<dd>The argument is the stepout timeout, by default 900 s. It can be set to any positive number in seconds. If set to zero, the stepout pulses will not be suppressed.
-				</dl>
-			<dt><tt>trap <i>host_address</i> [port <i>port_number</i>] [interface <i>interface_address</i>]</tt>
-			<dd>This command configures a trap receiver at the given host address and port number for sending messages with the specified local interface address. If the port number is unspecified, a value of 18447 is used. If the interface address is not specified, the message is sent with a source address of the local interface the message is sent through. Note that on a multihomed host the interface used may vary from time to time with routing changes.
-				<p>The trap receiver will generally log event messages and other information from the server in a log file. While such monitor programs may also request their own trap dynamically, configuring a trap receiver will ensure that no messages are lost when the server is started.</p>
-			<dt><tt>ttl <i>hop</i> ...</tt>
-			<dd>This command specifies a list of TTL values in increasing order. up to 8 values can be specified. In manycast mode these values are used in turn in an expanding-ring search. The default is eight multiples of 32 starting at 31.
+				</dd>
+			<dt id="includefile"><tt>includefile <i>includefile</i></tt></dt>
+			<dd>This command allows additional configuration commands to be included from a separate file. Include files may be nested to a depth of five; upon reaching the end of any include file, command processing resumes in the previous configuration file. This option is useful for sites that run <tt>ntpd</tt> on multiple hosts, with (mostly) common options (e.g., a restriction list).</dd>
+			<dt id="interface"><tt>interface [listen | ignore | drop] [all | ipv4 | ipv6 | wildcard | <i>name</i> | <i>address</i>[/<i>prefixlen</i>]]</tt></dt>
+			<dd>This command controls which network addresses <tt>ntpd</tt> opens, and whether input is dropped without processing. The first parameter determines the action for addresses which match the second parameter. That parameter specifies a class of addresses, or a specific interface name, or an address. In the address case, <tt><i>prefixlen</i></tt> determines how many bits must match for this rule to apply. <tt>ignore</tt> prevents opening matching addresses, <tt>drop</tt> causes <tt>ntpd</tt> to open the address and drop all received packets without examination. Multiple <tt>interface</tt> commands can be used. The last rule which matches a particular address determines the action for it. <tt>interface</tt> commands are disabled if any <a href="ntpd.html#--interface"><tt>-I</tt></a>, <a href="ntpd.html#--interface"><tt>--interface</tt></a>, <a href="ntpd.html#--novirtualips"><tt>-L</tt></a>, or <a href="ntpd.html#--novirtualips"><tt>--novirtualips</tt></a> command-line options are used.  If none of those options are used and no <tt>interface</tt> actions are specified in the configuration file, all available network addresses are opened. The <tt>nic</tt> command is an alias for <tt>interface</tt>.</dd>
+			<dt id="leapfile"><tt>leapfile <i>leapfile</i></tt></dt>
+			<dd>This command loads the NIST leapseconds file and initializes the leapsecond values for the next leapsecond time, expiration time and TAI offset. The file can be obtained directly from NIST national time servers using <tt>ftp</tt> as the ASCII file <tt>pub/leap-seconds</tt>.</dd>
+			<dd>While not strictly a security function, the Autokey protocol provides means to securely retrieve the current or updated leapsecond values from a server.</dd>
+			<dt id="logconfig"><tt>logconfig <i>configkeyword</i></tt></dt>
+			<dd>This command controls the amount and type of output written to the system <tt>syslog</tt> facility or the alternate <tt>logfile</tt> log file. All <i><tt>configkeyword</tt></i> keywords can be prefixed with <tt>=</tt>, <tt>+</tt> and <tt>-</tt>, where <tt>=</tt> sets the <tt>syslogmask</tt>, <tt>+</tt> adds and <tt>-</tt> removes messages. <tt>syslog messages</tt> can be controlled in four classes (<tt>clock</tt>, <tt>peer</tt>, <tt>sys</tt> and <tt>sync</tt>). Within these classes four types of messages can be controlled: informational messages (<tt>info</tt>), event messages (<tt>events</tt>), statistics messages (<tt>statistics</tt>) and status messages (<tt>status</tt>).</dd>
+				<dd>Configuration keywords are formed by concatenating the message class with the event class. The <tt>all</tt> prefix can be used instead of a message class. A message class may also be followed by the <tt>all</tt> keyword to enable/disable all messages of the respective message class. By default, <tt>logconfig</tt> output is set to <tt>allsync</tt>.</dd>
+				<dd>Thus, a minimal log configuration could look like this:</dd>
+				<dd><tt>logconfig=syncstatus +sysevents</tt></dd>
+						<dd>This would just list the synchronizations state of <tt>ntpd</tt> and the major system events. For a simple reference server, the following minimum message configuration could be useful:</dd>
+				<dd><tt>logconfig allsync +allclock</tt></dd>
+				<dd>This configuration will list all clock information and synchronization information. All other events and messages about peers, system events and so on is suppressed.</dd>
+			<dt id="logfile"><tt>logfile <i>logfile</i></tt></dt>
+			<dd>This command specifies the location of an alternate log file to be used instead of the default system <tt>syslog</tt> facility. This is the same operation as the <tt>-l </tt>command line option.</dd>
+			<dt id="phone"><tt>phone <i>dial</i>1 <i>dial</i>2 ...</tt></dt>
+			<dd>This command is used in conjunction with the ACTS modem driver (type 18). The arguments consist of a maximum of 10 telephone numbers used to dial USNO, NIST or European time services. The Hayes command ATDT&nbsp;is normally prepended to the number, which can contain other modem control codes as well.</dd>
+			<dt id="saveconfigdir"><tt>saveconfigdir <i>directory_path</i></tt></dt>
+			<dd>Specify the directory in which to write configuration snapshots requested with <tt>ntpq</tt>'s <a href="ntpq.html#saveconfig">saveconfig</a> command.  If <tt>saveconfigdir</tt> does not appear in the configuration file, saveconfig requests are rejected by ntpd.</dd>
+			<dt id="setvar"><tt>setvar <i>variable</i> [default]</tt></dt>
+			<dd>This command adds an additional system variable. These variables can be used to distribute additional information such as the access policy. If the variable of the form <tt><i>name</i> = <i>value</i></tt> is followed by the <tt>default</tt> keyword, the variable will be listed as part of the default system variables (<tt>ntpq rv</tt> command). These additional variables serve informational purposes only. They are not related to the protocol other that they can be listed. The known protocol variables will always override any variables defined via the <tt>setvar</tt> mechanism. There are three special variables that contain the names of all variable of the same group. The <tt>sys_var_list</tt> holds the names of all system variables. The <tt>peer_var_list</tt> holds the names of all peer variables and the <tt>clock_var_list</tt> holds the names of the reference clock variables.</dd>
+			<dt id="tinker"><tt>tinker [ allan <i>allan</i> | dispersion <i>dispersion</i> | freq <i>freq</i> | huffpuff <i>huffpuff</i> | panic <i>panic</i> | step <i>step</i> | stepout <i>stepout</i> ]</tt></dt>
+			<dd>This command alters certain system variables used by the clock discipline algorithm. The default values of these variables have been carefully optimized for a wide range of network speeds and reliability expectations. Very rarely is it necessary to change the default values; but, some folks can't resist twisting the knobs. The options are as follows:</dd>
+				<dd><dl>
+					<dt><tt>allan <i>allan</i></tt></dt>
+					<dd>Spedifies the Allan intercept, which is a parameter of the PLL/FLL clock discipline algorithm, in seconds with default 1500 s.</dd>
+					<dt><tt>dispersion <i>dispersion</i></tt></dt>
+					<dd>Specifies the dispersion increase rate in parts-per-million (PPM) with default 15 PPM.</dd>
+					<dt><tt>freq <i>freq</i></tt></dt>
+					<dd>Spedifies the frequency offset in parts-per-million (PPM) with default the value in the frequency file.</dd>
+					<dt><tt>huffpuff <i>huffpuff</i></tt></dt>
+					<dd>Spedifies the huff-n'-puff filter span, which determines the most recent interval the algorithm will search for a minimum delay. The lower limit is 900 s (15 m), but a more reasonable value is 7200 (2 hours).</dd>
+					<dt><tt>panic <i>panic</i></tt></dt>
+					<dd>Spedifies the panic threshold in seconds with default 1000 s. If set to zero, the panic sanity check is disabled and a clock offset of any value will be accepted.</dd>
+					<dt><tt>step <i>step</i></tt></dt>
+					<dd>Spedifies the step threshold in seconds. The default without this command
+						is 0.128 s. If set to zero, step adjustments will never
+						occur. Note: The kernel time discipline is disabled if
+						the step threshold is set to zero or greater than 0.5
+						s.</dd>
+					<dt><tt>stepout <i>stepout</i></tt></dt>
+					<dd>Specifies the stepout threshold in seconds. The default without this
+						command is 900 s.  If set to zero, popcorn spikes will
+						not be suppressed.</dd>
+			</dl></dd>
+			<dt id="tos"><tt>tos [ beacon <i>beacon</i> | ceiling <i>ceiling</i> | cohort {0 | 1} | floor <i>floor</i> | maxclock <i>maxclock </i>| maxdist <i>maxdist</i> | minclock <i>minclock</i> | mindist <i>mindist </i>| minsane <i>minsane</i> | orphan <i>stratum</i> ]</tt></dt>
+			<dd>This command alters certain system variables used by the the clock selection and clustering algorithms. The default values of these variables have been carefully optimized for a wide range of network speeds and reliability expectations. Very rarely is it necessary to change the default values; but, some folks can't resist twisting the knobs. It can be used to select the quality and quantity of peers used to synchronize the system clock and is most useful in dynamic server discovery schemes. The options are as follows:</dd>
+				<dd><dl>
+					<dt><tt>beacon <i>beacon</i></tt></dt>
+					<dd>The manycast server sends packets at intervals of 64 s if less than  <tt>maxclock</tt> servers are available. Otherwise, it sends packets at the <i><tt>beacon</tt></i> interval in seconds. The default is 3600 s. See the <a href="manyopt.html">Automatic Server Discovery</a> page for further details.</dd>
+					<dt><tt>ceiling <i>ceiling</i></tt></dt>
+					<dd>Specify the maximum stratum (exclusive) for acceptable server packets. The default is 16. See the <a href="manyopt.html">Automatic Server Discovery</a> page for further details.</dd>
+					<dt><tt>cohort { 0 | 1 }</tt></dt>
+					<dd>Specify whether (1) or whether not (0) a server packet will be accepted for the same stratum as the client. The default is 0. See the <a href="manyopt.html">Automatic Server Discovery</a> page for further details.</dd>
+					<dt><tt>floor <i>floor</i></tt></dt>
+					<dd>Specify the minimum stratum (inclusive) for acceptable server packest. The default is 1. See the <a href="manyopt.html">Automatic Server Discovery</a> page for further details.</dd>
+					<dt><tt>maxclock <i>maxclock</i></tt></dt>
+					<dd>Specify the maximum number of servers retained by the server discovery schemes. The default is 10. See the <a href="manyopt.html">Automatic Server Discovery</a> page for further details.</dd>
+					<dt><tt>maxdist <i>maxdistance</i></tt></dt>
+					<dd>Specify the synchronization distance threshold used by the clock selection algorithm. The default is 1.5 s. This determines both the minimum number of packets to set the system clock and the maximum roundtrip delay. It can be decreased to improve reliability or increased to synchronize clocks on the Moon or planets.</dd>
+					<dt><tt>minclock <i>minclock</i></tt></dt>
+					<dd>Specify the number of servers used by the clustering algorithm as the minimum to include on the candidate list. The default is 3. This is also the number of servers to be averaged by the combining algorithm.</dd>
+					<dt><tt>mindist <i>mindistance</i></tt></dt>
+					<dd>Specify the minimum distance used by the selection and anticlockhop
+						algorithm. Larger values increase the tolerance for outliers;
+						smaller values increase the selectivity. The default is .001 s. In some
+						cases, such as reference clocks with high jitter and a PPS signal, it is
+						useful to increase the value to insure the intersection interval is
+						always nonempty.</dd>
+					<dt><tt>minsane <i>minsane</i></tt></dt>
+					<dd>Specify the number of servers used by the selection algorithm as the minimum to set the system clock. The default is 1 for legacy purposes; however, for critical applications the value should be somewhat higher but less than <tt>minclock</tt>.</dd>
+					<dt><tt>orphan <i>stratum</i></tt></dt>
+					<dd>Specify the orphan stratum with default 16. If less than 16 this is the stratum assumed by the root servers. See the <a href="assoc.html">Association Management</a> page for further details.</dd>
+			</dl></dd>
+			<dt id="trap"><tt>trap <i>host_address</i> [port <i>port_number</i>] [interface <i>interfSace_address</i>]</tt></dt>
+			<dd>This command configures a trap receiver at the given host address and port number for sending messages with the specified local interface address. If the port number is unspecified, a value of 18447 is used. If the interface address is not specified, the message is sent with a source address of the local interface the message is sent through. Note that on a multihomed host the interface used may vary from time to time with routing changes.</dd>
+				<dd>The trap receiver will generally log event messages and other information from the server in a log file. While such monitor programs may also request their own trap dynamically, configuring a trap receiver will ensure that no messages are lost when the server is started.</dd>
+			<dt id="ttl"><tt>ttl <i>hop</i> ...</tt></dt>
+			<dd>This command specifies a list of TTL values in increasing order. up to 8 values can be specified. In manycast mode these values are used in turn in an expanding-ring search. The default is eight multiples of 32 starting at 31.</dd>
 		</dl>
-		<h4>Files</h4>
-		<tt>ntp.drift</tt> frequency compensation (PPM)
 		<hr>
 		<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
 	</body>
diff --git a/html/monopt.html b/html/monopt.html
index a4c073a..cd9f3c6 100644
--- a/html/monopt.html
+++ b/html/monopt.html
@@ -1,132 +1,519 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-
 <html>
-
-	<head>
-		<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
-		<meta name="generator" content="HTML Tidy, see www.w3.org">
-		<title>Monitoring Options</title>
-		<link href="scripts/style.css" type="text/css" rel="stylesheet">
-	</head>
-
-	<body>
-		<h3>Monitoring Options</h3>
-		<img src="pic/pogo8.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/~mills/pictures.html">from <i>Pogo</i>, Walt Kelly</a>
-		<p>The pig watches the logs.</p>
-		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">00:40</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="290">Sunday, December 24, 2006</csobj></p>
-		<br clear="left">
-		<h4>Related Links</h4>
-		<script type="text/javascript" language="javascript" src="scripts/links7.txt"></script>
-		<hr>
-		<tt>ntpd</tt> includes a comprehensive monitoring facility suitable for continuous, long term recording of server and client timekeeping performance. See the <tt>statistics</tt> command below for a listing and example of each type of statistics currently supported. Statistic files are managed using file generation sets and scripts in the <tt>./scripts</tt> directory of this distribution. Using these facilities and Unix <tt>cron</tt> jobs, the datacan be automatically summarized and archived for retrospective analysis.
-		<h4>Monitoring Commands</h4>
+<head>
+<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
+<meta name="generator" content="HTML Tidy, see www.w3.org">
+<title>Monitoring Options</title>
+<link href="scripts/style.css" type="text/css" rel="stylesheet">
+</head>
+<body>
+<h3>Monitoring Options</h3>
+<img src="pic/pogo8.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/~mills/pictures.html">from <i>Pogo</i>,
+Walt Kelly</a>
+<p>Pig was hired to watch the logs.</p>
+<p>Last update:
+	<!-- #BeginDate format:En2m -->10-May-2009  16:19<!-- #EndDate -->
+	UTC</p>
+<br clear="left">
+<h4>Related Links</h4>
+<script type="text/javascript" language="javascript" src="scripts/command.txt"></script>
+<script type="text/javascript" language="javascript" src="scripts/monopt.txt"></script>
+<h4>Table of Contents</h4>
+<ul>
+	<li class="inline"><a href="#intro">introduction</a></li>
+	<li class="inline"><a href="#cmd">Monitoring Options</a></li>
+	<li class="inline"><a href="#types">File Set Types</a></li>
+</ul>
+<hr>
+<h4 id="intro">Introduction</h4>
+<p>The <tt>ntpd</tt> includes a comprehensive monitoring facility which collects
+	statistical data of various types and writes the data to files associated with
+	each type at defined events or intervals. The files associated with a particular
+	type are collectively called the generation file set for that type. The files
+	in the file set are the members of that set.</p>
+<p>File sets have names specific to the type and generation epoch. The names
+	are constructed from three concatenated elements <i><tt>prefix</tt></i>, <i><tt>filename</tt></i> and <i><tt>suffix</tt></i>:</p>
+<dl>
+	<dt><i><tt>prefix</tt></i></dt>
+	<dd>The directory path specified in the <tt>statsdir</tt> command.</dd>
+	<dt><i><tt>name</tt></i></dt>
+	<dd>The name specified by the <tt>file</tt> option of the <tt>filegen</tt> command.</dd>
+	<dt><i><tt>suffix</tt></i></dt>
+	<dd>A string of elements bdginning with . (dot) followed by a number of elements
+		depending on the file set type.</dd>
+</dl>
+<p>Statistics files can be managed using scripts, examples of which are in the <tt>./scripts</tt> directory.
+	Using these or similar scripts and Unix <tt>cron</tt> jobs, the files can be
+	automatically summarized and archived for retrospective analysis.</p>
+<h4 id="cmd">Monitoring Commands</h4>
+<dl>
+	<dt id="filegen"><tt>filegen <i>name</i> file <i>filename</i> [type <i>type</i>]
+			[link | nolink] [enable | disable]</tt></dt>
+	<dd>
 		<dl>
-			<dt><tt>statistics <i>name</i> [...]</tt>
-			<dd>Enables writing of statistics records. Currently, six kinds of <i><tt>name</tt></i>statistics are supported.
+			<dt><i><tt>name</tt></i></dt>
+			<dd>Specifies the file set type from the list in the next section.</dd>
+			<dt><tt>file <i>filename</i></tt></dt>
+			<dd>Specfies the file set name.</dd>
+			<dt><tt>type <i>typename</i></tt></dt>
+			<dd>Specifies the file set interval. The following intervals are supported
+				with default <tt>day</tt>:</dd>
+			<dd>
 				<dl>
-					<dt><tt>clockstats</tt>
-					<dd>Enables recording of clock driver statistics information. Each update received from a clock driver appends a line of the following form to the file generation set named <tt>clockstats</tt>:
-					<dd><tt>49213 525.624 127.127.4.1 93 226 00:08:29.606 D</tt>
-					<dd>The first two fields show the date (Modified Julian Day) and time (seconds and fraction past UTC midnight). The next field shows the clock address in dotted-quad notation, The final field shows the last timecode received from the clock in decoded ASCII format, where meaningful. In some clock drivers a good deal of additional information can be gathered and displayed as well. See information specific to each clock for further details.
-					<dt><tt>cryptostats</tt>
-					<dd>This option requires the OpenSSL cryptographic software library. It enables recording of cryptographic public key protocol information. Each message received by the protocol module appends a line of the following form to the file generation set named <tt>cryptostats</tt>:
-					<dd><tt>49213 525.624 127.127.4.1 <i>message</i></tt>
-					<dd>The first two fields show the date (Modified Julian Day) and time (seconds and fraction past UTC midnight). The next field shows the peer address in dotted-quad notation, The final <tt><i>message</i></tt> field includes the message type and certain ancillary information. See the <a href="authopt.html">Authentication Options</a> page for further information.
-					<dt><tt>loopstats</tt>
-					<dd>Enables recording of loop filter statistics information. Each update of the local clock outputs a line of the following form to the file generation set named <tt>loopstats</tt>:
-					<dd><tt>50935 75440.031 0.000006019 13.778190 0.000351733 0.0133806	6</tt>
-					<dd>The first two fields show the date (Modified Julian Day) and time (seconds and fraction past UTC midnight). The next five fields show time offset (seconds), frequency offset (parts per million - PPM), RMS jitter (seconds), Allan deviation (PPM) and clock discipline time constant.
-					<dt><tt>peerstats</tt>
-					<dd>Enables recording of peer statistics information. This includes statistics records of all peers of a NTP server and of special signals, where present and configured. Each valid update appends a line of the following form to the current element of a file generation set named <tt>peerstats</tt>:
-					<dt><tt>48773 10847.650 127.127.4.1 9714 -0.001605376 0.000000000 0.001424877 0.000958674</tt>
-					<dd>The first two fields show the date (Modified Julian Day) and time (seconds and fraction past UTC midnight). The next two fields show the peer address in dotted-quad notation and status, respectively. The status field is encoded in hex in the format described in Appendix B of the NTP specification RFC 1305. The final four fields show the offset, delay, dispersion and RMS jitter, all in seconds.
-					<dt><tt>rawstats</tt>
-					<dd>Enables recording of raw-timestamp statistics information. This includes statistics records of all peers of a NTP server and of special signals, where present and configured. Each NTP message received from a peer or clock driver appends a line of the following form to the file generation set named <tt>rawstats</tt>:
-					<dt><tt>50928 2132.543 128.4.1.1 128.4.1.20 3102453281.584327000 3102453281.58622800031 02453332.540806000 3102453332.541458000</tt>
-					<dd>The first two fields show the date (Modified Julian Day) and time (seconds and fraction past UTC midnight). The next two fields show the remote peer or clock address followed by the local address in dotted-quad notation, The final four fields show the originate, receive, transmit and final NTP timestamps in order. The timestamp values are as received and before processing by the various data smoothing and mitigation algorithms.
-					<dt><tt>sysstats</tt>
-					<dd>Enables recording of <tt>ntpd</tt> statistics counters on a periodic basis. Each hour a line of the following form is appended to the file generation set named <tt>sysstats</tt>:
-					<dd><tt>50928 2132.543 36000 81965 0 9546 56 71793 512 540 10 147</tt>
-					<dd>The first two fields show the date (Modified Julian Day) and time (seconds and fraction past UTC midnight). The remaining ten fields show the statistics counter values accumulated since the last generated line.
-						<dl>
-							<dt>Time since restart <tt>36000</tt>
-							<dd>Time in hours since the system was last rebooted.
-							<dt>Packets received <tt>81965</tt>
-							<dd>Total number of packets received.
-							<dt>Packets processed <tt>0</tt>
-							<dd>Number of packets received in response to previous packets sent
-							<dt>Current version <tt>9546</tt>
-							<dd>Number of packets matching the current NTP version.
-							<dt>Previous version <tt>56</tt>
-							<dd>Number of packets matching the previous NTP version.
-							<dt>Bad version <tt>71793</tt>
-							<dd>Number of packets matching neither NTP version.
-							<dt>Access denied <tt>512</tt>
-							<dd>Number of packets denied access for any reason.
-							<dt>Bad length or format <tt>540</tt>
-							<dd>Number of packets with invalid length, format or port number.
-							<dt>Bad authentication <tt>10</tt>
-							<dd>Number of packets not verified as authentic.
-							<dt>Rate exceeded <tt>147</tt>
-							<dd>Number of packets discarded due to rate limitation.
-						</dl>
-					<dt><tt>timingstats</tt>
-					<dd><b>ONLY</b> available when the deamon is compiled with process time debugging support (--enable-debug-timing - costs performance). Enables recording of <tt>ntpd</tt> processing time information for various selected code paths:
-	                                <dd><tt>53876 36.920 10.0.3.5 1 0.000014592 input processing delay</tt>
-	                                <dd>The first two fields show the date (Modified Julian Day) and time (seconds and fraction past UTC midnight). The next field is a potential <tt>peer address</tt>, <tt>-</tt> or <tt>-REFCLOCK-</tt> depending on the associated io source. Then an event count for the number of processed events in the code path follows. The fifth field is the total time spend for the events. The rest of the line denotes the code path description (see source for more information).
-					<dt><tt>statsdir <i>directory_path</i></tt>
-					<dd>Indicates the full path of a directory where statistics files should be created (see below). This keyword allows the (otherwise constant) <tt>filegen</tt> filename prefix to be modified for file generation sets, which is useful for handling statistics logs.
-					<dt><tt>filegen <i>name</i> [file <i>filename</i>] [type <i>typename</i>] [link | nolink] [enable | disable]</tt>
-					<dd>Configures setting of generation file set <i>name</i>. Generation file sets provide a means for handling files that are continuously growing during the lifetime of a server. Server statistics are a typical example for such files. Generation file sets provide access to a set of files used to store the actual data. At any time at most one element of the set is being written to. The type given specifies when and how data will be directed to a new element of the set. This way, information stored in elements of a file set that are currently unused are available for administrational operations without the risk of disturbing the operation of <tt>ntpd</tt>. (Most important: they can be removed to free space for new data produced.)
-					<dd>Note that this command can be sent from the <tt>ntpdc</tt> program running at a remote location.
-						<dl>
-							<dt><i><tt>name</tt></i>
-							<dd>This is the type of the statistics records, as shown in the <tt>statistics</tt> command.
-						</dl>
-					<dd><tt>file <i>filename</i></tt>
-						<dl>
-							<dd>This is the file name for the statistics records. Filenames of set members are built from three concatenated elements <i><tt>prefix</tt></i>, <i><tt>filename</tt></i> and <i><tt>suffix</tt></i>:
-								<dl>
-									<dt><i><tt>prefix</tt></i>
-									<dd>This is a constant filename path. It is not subject to modifications via the <tt>filegen</tt> option. It is defined by the server, usually specified as a compile-time constant. It may, however, be configurable for individual file generation sets via other commands. For example, the prefix used with <tt>loopstats</tt> and <tt>peerstats</tt> generation can be configured using the <tt>statsdir</tt> option explained above.
-									<dt><i><tt>filename</tt></i>
-									<dd>This string is directly concatenated to the prefix mentioned above (no intervening <tt>/</tt> (slash)). This can be modified using the <tt>file</tt> argument to the <tt>filegen</tt> statement. No <tt>..</tt> elements are allowed in this component to prevent filenames referring to parts outside the filesystem hierarchy denoted by <tt>prefix</tt>.
-									<dt><i><tt>suffix</tt></i>
-									<dd>This part is reflects individual elements of a file set. It is generated according to the type of a file set.
-								</dl>
-						</dl>
-					<dd><tt>type <i>typename</i></tt>
-						<dl>
-							<dd>A file generation set is characterized by its type. The following types are supported:
-								<dl>
-									<dt><tt>none</tt>
-									<dd>The file set is actually a single plain file.
-									<dt><tt>pid</tt>
-									<dd>One element of file set is used per incarnation of a <tt>ntpd</tt> server. This type does not perform any changes to file set members during runtime, however it provides an easy way of separating files belonging to different <tt>ntpd</tt> server incarnations. The set member filename is built by appending a <tt>.</tt> (dot) to concatenated <i>prefix</i> and <i>filename</i> strings, and appending the decimal representation of the process ID of the <tt>ntpd</tt> server process.
-									<dt><tt>day</tt>
-									<dd>One file generation set element is created per day. A day is defined as the period between 00:00 and 24:00 UTC. The file set member suffix consists of a <tt>.</tt> (dot) and a day specification in the form <tt>YYYYMMdd. YYYY</tt> is a 4-digit year number (e.g., 1992). <tt>MM</tt> is a two digit month number. <tt>dd</tt> is a two digit day number. Thus, all information written at 10 December 1992 would end up in a file named <tt><i>prefix filename</i>.19921210</tt>.
-									<dt><tt>week</tt>
-									<dd>Any file set member contains data related to a certain week of a year. The term week is defined by computing day-of-year modulo 7. Elements of such a file generation set are distinguished by appending the following suffix to the file set filename base: A dot, a 4-digit year number, the letter <tt>W</tt>, and a 2-digit week number. For example, information from January, 10th 1992 would end up in a file with suffix <tt>.1992W1</tt>.
-									<dt><tt>month</tt>
-									<dd>One generation file set element is generated per month. The file name suffix consists of a dot, a 4-digit year number, and a 2-digit month.
-									<dt><tt>year</tt>
-									<dd>One generation file element is generated per year. The filename suffix consists of a dot and a 4 digit year number.
-									<dt><tt>age</tt>
-									<dd>This type of file generation sets changes to a new element of the file set every 24 hours of server operation. The filename suffix consists of a dot, the letter <tt>a</tt>, and an 8-digit number. This number is taken to be the number of seconds the server is running at the start of the corresponding 24-hour period. Information is only written to a file generation by specifying <tt>enable</tt>; output is prevented by specifying <tt>disable</tt>.
-								</dl>
-						</dl>
-					<dd><tt>link | nolink</tt>
-						<dl>
-							<dd>It is convenient to be able to access the current element of a file generation set by a fixed name. This feature is enabled by specifying <tt>link</tt> and disabled using <tt>nolink</tt>. If <tt>link</tt> is specified, a hard link from the current file set element to a file without suffix is created. When there is already a file with this name and the number of links of this file is one, it is renamed appending a dot, the letter <tt>C</tt>, and the pid of the <tt>ntpd</tt> server process. When the number of links is greater than one, the file is unlinked. This allows the current file to be accessed by a constant name.
-						</dl>
-					<dd><tt>enable | disable</tt>
-						<dl>
-							<dd>Enables or disables the recording function.
-						</dl>
+					<dt><tt>none</tt></dt>
+					<dd>The file set is actually a single plain file.</dd>
+					<dt><tt>pid</tt></dt>
+					<dd>One file set member is created for every incarnation of <tt>ntpd</tt>.
+						The file name suffix is the string .<tt>n</tt>, where <tt>n</tt> is the
+						process ID of the <tt>ntpd</tt> server process.</dd>
+					<dt><tt>day</tt></dt>
+					<dd>One file set member is created per day. A day is defined as the period
+						between 00:00 and 23:59 UTC. The file name suffix is the string .<tt>yyyymmdd</tt>,
+						where <tt>yyyy</tt> is the year, <tt>mm</tt> the month of the year and <tt>dd</tt> the
+						day of the month. Thus, member created on 10 December 1992 would have suffix <tt>.19921210</tt>.</dd>
+					<dt><tt>week</tt></dt>
+					<dd>One file set member is created per week. The week is defined as the
+						day of year modulo 7. The file name suffix is the string .<tt>yyyyWww</tt>,
+						where <tt>yyyy</tt> is the year, <tt>W</tt> stands for itself and <tt>ww</tt> the
+						week number starting from 0. For example, The member created on 10 January
+						1992 would have suffix <tt>.1992W1</tt>.</dd>
+					<dt><tt>month</tt></dt>
+					<dd>One file set member is created per month. The file name suffix is the
+						string .<tt>yyyymm</tt>, where <tt>yyyy</tt> is the year and <tt>mm</tt> the
+						month of the year starting from 1. For example, The member created on 10
+						January 1992 would have suffix <tt>.199201</tt>.</dd>
+					<dt><tt>year</tt></dt>
+					<dd>One file set member is generated per year. The file name suffix is the
+						string .<tt>yyyy</tt>, where <tt>yyyy</tt> is the year. For example, The
+						member created on 1 January 1992 would have suffix <tt>.1992</tt>.</dd>
+					<dt><tt>age</tt></dt>
+					<dd>One file set member is generated every 24 hours of <tt>ntpd</tt> operation.
+						The filename suffix is the string <tt>.adddddddd</tt>, where <tt>a</tt> stands
+						for itself and <tt>dddddddd</tt> is the <tt>ntpd</tt> running time in seconds
+						at the start of the corresponding 24-hour period.</dd>
 				</dl>
-				<hr>
-				<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
+			</dd>
+			<dt><tt>link | nolink</tt></dt>
+			<dd>It is convenient to be able to access the current file set members by
+				file name, but without the suffix. This feature is enabled by <tt>link</tt> and
+				disabled by <tt>nolink</tt>. If enabled, which is the default, a hard link
+				from the current file set member to a file without suffix is created. When
+				there is already a file with this name and the number of links to this file
+				is one, it is renamed by appending a dot, the letter <tt>C</tt>, and the
+				pid of the <tt>ntpd</tt> server process. When the number of links is greater
+				than one, the file is unlinked. This allows the current file to be accessed
+				by a constant name.</dd>
+			<dt><tt>enable | disable</tt></dt>
+			<dd>Enable or disable the recording function, with default <tt>enable</tt>.
+				These options are intended for remote configutation commands.</dd>
 		</dl>
-	</body>
-
+	</dd>
+	<dt><tt>statsdir <i>directory_path</i></tt></dt>
+	<dd>Specify the directory path prefix for statistics file names.</dd>
+</dl>
+<h4 id="types">File Set Types</h4>
+<dl>
+	<dt><tt>clockstats</tt></dt>
+	<dd>Record reference clock statistics. Each update received from a reference
+		clock driver appends one line to the <tt>clockstats</tt> file set:</dd>
+	<dd><tt>49213 525.624 127.127.4.1 93 226 00:08:29.606 D</tt></dd>
+	<dd>
+		<table width="100%" border="1" cellspacing="2" cellpadding="2">
+			<tr>
+				<td>Item</td>
+				<td>Units</td>
+				<td>Description</td>
+			</tr>
+			<tr>
+				<td><tt>49213</tt></td>
+				<td>MJD</td>
+				<td>date</td>
+			</tr>
+			<tr>
+				<td><tt>525.624</tt></td>
+				<td>s</td>
+				<td>time past midnight</td>
+			</tr>
+			<tr>
+				<td><tt>127.127.4.1</tt></td>
+				<td>IP</td>
+				<td>reference clock address</td>
+			</tr>
+			<tr>
+				<td><tt><i>message</i></tt></td>
+				<td>text</td>
+				<td>log message</td>
+			</tr>
+		</table>
+	</dd>
+	<dd>The <tt><i>message</i></tt> field includes the last timecode received in
+		decoded ASCII format, where meaningful. In some cases a good deal of additional
+		information is displayed. See information specific to each reference clock
+		for further details.</dd>
+	<dt><tt>cryptostats</tt></dt>
+	<dd>Record significant events in the Autokey protocol. This option requires
+		the OpenSSL cryptographic software library. Each event appends one line to
+		the <tt>cryptostats</tt> file set:</dd>
+	<dd><tt>49213 525.624 128.4.1.1 <i>message</i></tt></dd>
+	<dd>
+		<table width="100%" border="1" cellspacing="2" cellpadding="2">
+			<tr>
+				<td>Item</td>
+				<td>Units</td>
+				<td>Description</td>
+			</tr>
+			<tr>
+				<td><tt>49213</tt></td>
+				<td>MJD</td>
+				<td>date</td>
+			</tr>
+			<tr>
+				<td><tt>525.624</tt></td>
+				<td>s</td>
+				<td>time past midnight</td>
+			</tr>
+			<tr>
+				<td><tt>128.4.1.1</tt></td>
+				<td>IP</td>
+				<td>source address (<tt>0.0.0.0</tt> for system)</td>
+			</tr>
+			<tr>
+				<td><tt><i>message</i></tt></td>
+				<td>text</td>
+				<td>log message</td>
+			</tr>
+		</table>
+	</dd>
+	<dd>The <tt><i>message</i></tt> field includes the message type and certain
+		ancillary information. See the <a href="authopt.html">Authentication Options</a> page
+		for further information.</dd>
+	<dt><tt>loopstats</tt></dt>
+	<dd>Record clock discipline loop statistics. Each system clock update appends
+		one line to the <tt>loopstats</tt> file set:</dd>
+	<dd><tt>50935 75440.031 0.000006019 13.778 0.000351733 0.013380 6</tt></dd>
+	<dd>
+		<table width="100%" border="1" cellspacing="2" cellpadding="2">
+			<tr>
+				<td>Item</td>
+				<td>Units</td>
+				<td>Description</td>
+			</tr>
+			<tr>
+				<td><tt>50935</tt></td>
+				<td>MJD</td>
+				<td>date</td>
+			</tr>
+			<tr>
+				<td><tt>75440.031</tt></td>
+				<td>s</td>
+				<td>time past midnight</td>
+			</tr>
+			<tr>
+				<td><tt>0.000006019</tt></td>
+				<td>s</td>
+				<td>clock offset</td>
+			</tr>
+			<tr>
+				<td><tt>13.778</tt></td>
+				<td>PPM</td>
+				<td>frequency offset</td>
+			</tr>
+			<tr>
+				<td><tt>0.000351733</tt></td>
+				<td>s</td>
+				<td>RMS jitter</td>
+			</tr>
+			<tr>
+				<td><tt>0.013380</tt></td>
+				<td>PPM</td>
+				<td>RMS&nbsp;frequency jitter (aka wander)</td>
+			</tr>
+			<tr>
+				<td><tt>6 </tt></td>
+				<td>log<sub>2</sub> s</td>
+				<td>clock discipline loop time constant</td>
+			</tr>
+		</table>
+	</dd>
+	<dt><tt>peerstats</tt></dt>
+	<dd>Record peer statistics. Each NTP packet or reference clock update received
+		appends one line to the <tt>peerstats</tt> file set:</dd>
+	<dd><tt>48773 10847.650 127.127.4.1 9714 -0.001605376 0.000000000 0.001424877
+			0.000958674</tt></dd>
+	<dd>
+		<table width="100%" border="1" cellspacing="2" cellpadding="2">
+			<tr>
+				<td>Item</td>
+				<td>Units</td>
+				<td>Description</td>
+			</tr>
+			<tr>
+				<td><tt>48773</tt></td>
+				<td>MJD</td>
+				<td>date</td>
+			</tr>
+			<tr>
+				<td><tt>10847.650</tt></td>
+				<td>s</td>
+				<td>time past midnight</td>
+			</tr>
+			<tr>
+				<td><tt>127.127.4.1</tt></td>
+				<td>IP</td>
+				<td>source address</td>
+			</tr>
+			<tr>
+				<td><tt>9714</tt></td>
+				<td>hex</td>
+				<td>status word</td>
+			</tr>
+			<tr>
+				<td><tt>-0.001605376</tt></td>
+				<td>s</td>
+				<td>clock offset</td>
+			</tr>
+			<tr>
+				<td><tt>0.000000000 </tt></td>
+				<td>s</td>
+				<td>roundtrip delay</td>
+			</tr>
+			<tr>
+				<td><tt>0.001424877</tt></td>
+				<td>s</td>
+				<td>dispersion</td>
+			</tr>
+			<tr>
+				<td><tt>0.000958674</tt></td>
+				<td>s</td>
+				<td>RMS&nbsp;jitter</td>
+			</tr>
+		</table>
+	</dd>
+	<dd>The status field is encoded in hex format as described in Appendix B of
+		the NTP specification RFC 1305.</dd>
+	<dt><tt>protostats</tt></dt>
+	<dd>Record significant peer, system and [rptpcp; events. Each significant event
+		appends one line to the <tt>protostats</tt> file set:</dd>
+	<dd><tt>49213 525.624 128.4.1.1 963a 8a <i>message</i></tt></dd>
+	<dd>
+		<table width="100%" border="1" cellspacing="2" cellpadding="2">
+			<tr>
+				<td>Item</td>
+				<td>Units</td>
+				<td>Description</td>
+			</tr>
+			<tr>
+				<td><tt>49213</tt></td>
+				<td>MJD</td>
+				<td>date</td>
+			</tr>
+			<tr>
+				<td><tt>525.624</tt></td>
+				<td>s</td>
+				<td>time past midnight</td>
+			</tr>
+			<tr>
+				<td><tt>128.4.1.1</tt></td>
+				<td>IP</td>
+				<td>source address (<tt>0.0.0.0</tt> for system)</td>
+			</tr>
+			<tr>
+				<td><tt>963a</tt></td>
+				<td>code</td>
+				<td>status word</td>
+			</tr>
+			<tr>
+				<td><tt>8a</tt></td>
+				<td>code</td>
+				<td>event message code</td>
+			</tr>
+			<tr>
+				<td><tt><i>message</i></tt></td>
+				<td>text</td>
+				<td>event message</td>
+			</tr>
+		</table>
+	</dd>
+	<dd>The event message code and <tt><i>message</i></tt> field are described on
+		the <a href="decode.html">Event Messages and Status Words</a> page.</dd>
+	<dt><tt>rawstats</tt></dt>
+	<dd>Record timestamp statistics. Each NTP packet received appends one line to
+		the <tt>rawstats</tt> file set:</dd>
+	<dd><tt>50928 2132.543 128.4.1.1 128.4.1.20 3102453281.584327000 3102453281.58622800031
+			02453332.540806000 3102453332.541458000</tt></dd>
+	<dd>
+		<table width="100%" border="1" cellspacing="2" cellpadding="2">
+			<tr>
+				<td>Item</td>
+				<td>Units</td>
+				<td>Description</td>
+			</tr>
+			<tr>
+				<td><tt>50928</tt></td>
+				<td>MJD</td>
+				<td>date</td>
+			</tr>
+			<tr>
+				<td><tt>2132.543</tt></td>
+				<td>s</td>
+				<td>time past midnight</td>
+			</tr>
+			<tr>
+				<td><tt>128.4.1.1</tt></td>
+				<td>IP</td>
+				<td>source address</td>
+			</tr>
+			<tr>
+				<td><tt>128.4.1.20</tt></td>
+				<td>IP</td>
+				<td>destination address</td>
+			</tr>
+			<tr>
+				<td><tt>3102453281.584327000</tt></td>
+				<td>NTP&nbsp;s</td>
+				<td>origin timestamp</td>
+			</tr>
+			<tr>
+				<td><tt>3102453281.586228000</tt></td>
+				<td>NTP s</td>
+				<td>receive timestamp</td>
+			</tr>
+			<tr>
+				<td><tt>3102453332.540806000 </tt></td>
+				<td>NTP s</td>
+				<td>transmit timestamp</td>
+			</tr>
+			<tr>
+				<td><tt>3102453332.541458000</tt></td>
+				<td>NTP&nbsp;s</td>
+				<td>destination timestamp</td>
+			</tr>
+		</table>
+	</dd>
+	<dt><tt>sysstats</tt></dt>
+	<dd>Record system statistics. Each hour one line is appended to the <tt>sysstats</tt> file
+		set in the following format:</dd>
+	<dd><tt>50928 2132.543 3600 81965 0 9546 56 512 540 10 4 147 1</tt></dd>
+	<dd>
+		<table width="100%" border="1" cellspacing="2" cellpadding="2">
+			<tr>
+				<td>Item</td>
+				<td>Units</td>
+				<td>Description</td>
+			</tr>
+			<tr>
+				<td><tt>50928</tt></td>
+				<td>MJD</td>
+				<td>date</td>
+			</tr>
+			<tr>
+				<td><tt>2132.543</tt></td>
+				<td>s</td>
+				<td>time past midnight</td>
+			</tr>
+			<tr>
+				<td><tt>3600</tt></td>
+				<td>s</td>
+				<td>time since reset</td>
+			</tr>
+			<tr>
+				<td><tt>81965</tt></td>
+				<td>#</td>
+				<td>packets received</td>
+			</tr>
+			<tr>
+				<td><tt>0</tt></td>
+				<td>#</td>
+				<td>packets for this host</td>
+			</tr>
+			<tr>
+				<td><tt>9546</tt></td>
+				<td>#</td>
+				<td>current versions</td>
+			</tr>
+			<tr>
+				<td><tt>56</tt></td>
+				<td>#</td>
+				<td>old version</td>
+			</tr>
+			<tr>
+				<td><tt>512</tt></td>
+				<td>#</td>
+				<td>access denied</td>
+			</tr>
+			<tr>
+				<td><tt>540</tt></td>
+				<td>#</td>
+				<td>bad length or format</td>
+			</tr>
+			<tr>
+				<td><tt>10</tt></td>
+				<td>#</td>
+				<td>bad authentication</td>
+			</tr>
+			<tr>
+				<td><tt>4</tt></td>
+				<td>#</td>
+				<td>declined</td>
+			</tr>
+			<tr>
+				<td><tt>147</tt></td>
+				<td>#</td>
+				<td>rate exceeded</td>
+			</tr>
+			<tr>
+				<td><tt>1</tt></td>
+				<td>#</td>
+				<td>kiss-o'-death packets sent</td>
+			</tr>
+		</table>
+	</dd>
+	<dt><tt>timingstats</tt></dt>
+	<dd>(Only available when the deamon is compiled with process time debugging
+		support (--enable-debug-timing - costs performance). Record processing time
+		statistics for various selected code paths.</dd>
+	<dd><tt>53876 36.920 10.0.3.5 1 0.000014592 input processing delay</tt></dd>
+	<dd>
+		<table width="100%" border="1" cellspacing="2" cellpadding="2">
+			<tr>
+				<td>Item</td>
+				<td>Units</td>
+				<td>Description</td>
+			</tr>
+			<tr>
+				<td><tt>53876</tt></td>
+				<td>MJD</td>
+				<td>date</td>
+			</tr>
+			<tr>
+				<td><tt>36.920</tt></td>
+				<td>s</td>
+				<td>time past midnight</td>
+			</tr>
+			<tr>
+				<td><tt>10.0.3.5</tt></td>
+				<td>IP</td>
+				<td>server address</td>
+			</tr>
+			<tr>
+				<td><tt>1</tt></td>
+				<td>#</td>
+				<td>event count</td>
+			</tr>
+			<tr>
+				<td><tt>0.000014592</tt></td>
+				<td>s</td>
+				<td>total time</td>
+			</tr>
+			<tr>
+				<td><tt><i>message</i></tt></td>
+				<td>text</td>
+				<td>code path description (see source)</td>
+			</tr>
+		</table>
+	</dd>
+</dl>
+<hr>
+<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
+</body>
 </html>
diff --git a/html/msyslog.html b/html/msyslog.html
index 9e03cf8..476cad2 100644
--- a/html/msyslog.html
+++ b/html/msyslog.html
@@ -8,12 +8,12 @@
 	</head>
 	<body>
 		<h3><tt>ntpd</tt> System Log Messages</h3>
-		<img src="pic/alice47.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/~mills/pictures.html">from <i>Alice's Adventures in Wonderland</i>, Lewis Carroll</a>
-		<p>The mushroom knows all the error codes, which is more than most of us do.</p>
-		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">19:24</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="284">Saturday, October 01, 2005</csobj></p>
+		<img src="pic/flatheads.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/~mills/pictures.html">from <i>Alice's Adventures in Wonderland</i>, Lewis Carroll</a>
+		<p>The log can be shrill at times.</p>
+		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">02:22</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="252">Monday, March 03, 2008</csobj></p>
 		<br clear="left">
 		<h4>Related Links</h4>
-		<p><script type="text/javascript" language="javascript" src="scripts/links7.txt"></script>
+		<p><script type="text/javascript" language="javascript" src="scripts/install.txt"></script>
 		</p>
 		<hr>
 		<p>You have come here because you found a cryptic message in the system log. This page by no means lists all messages that might be found, since new ones come and old ones go. Generally, however, the most common ones will be found here. They are listed by program module and log severity code in bold: <tt><b>LOG_ERR</b></tt>, <b><tt>LOG_NOTICE</tt></b> and <tt><b>LOG_INFO</b></tt>.</p>
@@ -32,8 +32,11 @@
 			<dd>In <tt>ntpdate</tt> mode no servers have been found. The server(s) and/or network may be down. Standard debugging procedures apply.
 				<p><tt><b>LOG_INFO</b></tt></p>
 			<dt><tt>proto_config: illegal item ?, value ?</tt>
-			<dd>Program error. Please report to bugs@ntp.org.
-			<dt><tt>pps sync enabled</tt>
+			<dd>Program error. Bugs can be reported <a href="bugs.html">here</a>.
+			<dt><tt>receive:&nbsp;autokey requires two-way communication</tt>
+			<dd>Configuration error on the <tt>broadcastclient</tt> command.
+			<dt><tt>receive: server <i>server</i> maaximum rate exceeded</tt>
+			<dd>A kiss-o'death packet has been received. The transmit rate is automatically reduced.<dt><tt>pps sync enabled</tt>
 			<dd>The PPS signal has been detected and enabled.
 			<dt><tt>transmit: encryption key ? not found</tt>
 			<dd>The encryption key is not defined or not trusted.
@@ -51,7 +54,7 @@
 			<dd>Fatal error. Better do what it says, then restart the daemon. Be advised NTP and Unix know nothing about local time zones. The clock must be set to Coordinated Universal Time (UTC). Believe it; by international agreement abbreviations are in French and descriptions are in English.
 			<dt><tt>sigaction() fails to save SIGSYS trap: ?<br>
 				</tt><tt>sigaction() fails to restore SIGSYS trap: ?</tt>
-			<dt>Program error. Please report to bugs@ntp.org.
+			<dt>Program error. Bugs can be reported <a href="bugs.html">here</a>.
 		</dl>
 		<p><tt><b>LOG_NOTICE</b></tt></p>
 		<dl>
diff --git a/html/notes.html b/html/notes.html
deleted file mode 100644
index e757dbd..0000000
--- a/html/notes.html
+++ /dev/null
@@ -1,280 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-
-<html>
-
-	<head>
-		<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
-		<meta name="generator" content="HTML Tidy, see www.w3.org">
-		<title>Notes on setting up a NTP subnet</title>
-		<link href="scripts/style.css" type="text/css" rel="stylesheet">
-	</head>
-
-	<body>
-		<h3>Notes on setting up a NTP subnet</h3>
-		<img src="pic/tonea.gif" alt="gif" align="left">From NBS Special Publication 432 (out of print)
-		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">18:44</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="246">Thursday, July 28, 2005</csobj></p>
-		<br clear="left">
-		<hr>
-		<h4>Introduction</h4>
-		<p>This document is a collection of notes concerning the use of ntpd and related programs, and on coping with the Network Time Protocol (NTP) in general. It is a major rewrite and update of an earlier document written by Dennis Ferguson of the University of Toronto and includes many changes and additions resulting from the NTP Version 3 specification and new Version 4 implementation features. It supersedes earlier documents, which should no longer be used for new configurations.</p>
-		<p><tt>ntpd</tt> includes a complete implementation of the NTP Version 3 specification, as defined in:</p>
-		<ul>
-			<li>Mills, D.L. Network Time Protocol (Version 3) specification, implementation and analysis. Network Working Group Report RFC-1305, University of Delaware, March 1992, 113 pp. Abstract: <a href="http://www.eecis.udel.edu/%7emills/database/rfc/rfc1305/rfc1305a.ps">PostScript</a> | <a href="http://www.eecis.udel.edu/%7emills/database/rfc/rfc1305/rfc1305a.pdf">PDF</a>, Body: <a href="http://www.eecis.udel.edu/%7emills/database/rfc/rfc1305/rfc1305b.ps">PostScript</a> | <a href="http://www.eecis.udel.edu/%7emills/database/rfc/rfc1305/rfc1305b.pdf">PDF</a>, Appendices: <a href="http://www.eecis.udel.edu/%7emills/database/rfc/rfc1305/rfc1305c.ps">PostScript</a> | <a href="http://www.eecis.udel.edu/%7emills/database/rfc/rfc1305/rfc1305c.pdf">PDF</a>
-		</ul>
-		<p>Additional features have are described for <a href="release.html">NTP Version 4 Release Notes</a>. It also retains compatibility with both NTP Version 2, as defined in RFC-1119, and NTP Version 1, as defined in RFC-1059, although this compatibility is sometimes strained and only semiautomatic. In order to support in principle the ultimate precision of about 232 picoseconds in the NTP specification, <tt>ntpd</tt> uses NTP timestamp format for external communication and double precision floating point arithmetic internally. <tt>ntpd</tt> fully implements NTP Versions 2 and 3 authentication and in addition Version 4 autokey. It supports the NTP mode-6 control message facility along with a private mode-7 control- message facility used to remotely reconfigure the system and monitor a considerable amount of internal detail. As extensions to the specification, a flexible address-and-mask restriction facility has been included.</p>
-		<p>The code is biased towards the needs of a busy time server with numerous, often hundreds, of clients and other servers. Tables are hashed to allow efficient handling of many associations, though at the expense of additional overhead when the number of associations is small. Many fancy features have been included to permit efficient management and monitoring of a busy primary server, features which are probably excess baggage for a high stratum client. In such cases, a stripped-down version of the protocol, the Simple Network Time Protocol (SNTP) can be used. SNTP and NTP servers and clients can interwork in most situations, as described in: Mills, D.L. Simple Network Time Protocol (SNTP). Network Working Group Report RFC-2030, University of Delaware, October 1996, 14 pp. <a href="http://www.eecis.udel.edu/%7emills/database/rfc2030.txt">(ASCII)</a>.</p>
-		<p>The code was written with near demonic attention to details which can affect precision and as a consequence should be able to make good use of high performance, special purpose hardware such as precision oscillators and radio clocks. The present code supports a number of radio clocks, including those for the WWV, CHU, WWVB, MSF, DCF77, GOES and GPS radio and satellite time services and USNO, ACTS and PTB modem time services. It also supports the IRIG-B and IRIG-E signal format connected via an audio codec. The server methodically avoids the use of Unix-specific library routines where possible by implementing local versions, in order to aid in porting the code to perverse Unix and non-Unix platforms.</p>
-		<p>While this implementation conforms in most respects to the NTP Version 3 specification RFC-1305, a number of improvements have been made which are described in the conformance statement in the <a href="http://www.eecis.udel.edu/%7emills/biblio.html">NTP Protocol Conformance Statement</a> page. It has been specifically tuned to achieve the highest accuracy possible on whatever hardware and operating-system platform is available. In general, its precision and stability are limited only by the characteristics of the onboard clock source used by the hardware and operating system, usually an uncompensated crystal oscillator. On modern RISC-based processors connected directly to radio clocks via serial-asynchronous interfaces, the accuracy is usually limited by the radio clock and interface to the order of a millisecond or less. The code includes special features to support a pulse-per-second (PPS) signal and/or an IRIG-B signal generated by some radio clocks. When used in conjunction with a suitable hardware level converter, the accuracy can be improved to a few tens of microseconds. Further improvement is possible using an outboard, stabilized frequency source, in which the accuracy and stability are limited only by the characteristics of that source.</p>
-		<p>The NTP Version 4 distribution includes, in addition to the daemon itself (<tt><a href="ntpd.html">ntpd</a></tt>), several utility programs, including two remote-monitoring programs (<a href="ntpq.html"><tt>ntpq</tt></a>, <tt><a href="ntpdc.html">ntpdc</a></tt>), a remote clock-setting program similar to the Unix rdate program (<tt>ntpdate</tt>), a traceback utility useful to discover suitable synchronization sources (<tt>ntptrace</tt>), and various programs used to configure the local platform and calibrate the intrinsic errors. NTP has been ported to a large number of platforms, including most RISC and CISC workstations and mainframes manufactured today. Example configuration files for many models of these machines are included in the distribution. While in most cases the standard version of the implementation runs with no hardware or operating system modifications, not all features of the distribution are available on all platforms. For instance, a special feature allowing Sun workstations to achieve accuracies in the order of 100 microseconds requires some minor changes and additions to the kernel and input/output support.</p>
-		<p>There are, however, several drawbacks to all of this. <tt>ntpd</tt> is quite fat. This is rotten if your intended platform for the daemon is memory limited. <tt>ntpd</tt> uses <tt>SIGIO</tt> for all input, a facility which appears to not enjoy universal support and whose use seems to exercise the parts of your vendors' kernels which are most likely to have been done poorly. The code is unforgiving in the face of kernel problems which affect performance, and generally requires that you repair the problems in order to achieve acceptable performance. The code has a distinctly experimental flavour and contains features which could charitably be termed failed experiments, but which have not been completely hacked out. Much was learned from the addition of support for a variety of radio clocks, with the result that some radio clock drivers could use some rewriting.</p>
-		<h4>How NTP Works</h4>
-		<p>The approach used by NTP to achieve reliable time synchronization from a set of possibly unreliable remote time servers is somewhat different than other protocols. In particular, NTP does not attempt to synchronize clocks to each other. Rather, each server attempts to synchronize to Universal Coordinated Time (UTC) using the best available source and available transmission paths to that source. This is a fine point which is worth understanding. A group of NTP-synchronized clocks may be close to each other in time, but this is not a consequence of the clocks in the group having synchronized to each other, but rather because each clock has synchronized closely to UTC via the best source it has access to. As such, trying to synchronize a set of clocks to a set of servers whose time is not in mutual agreement may not result in any sort of useful synchronization of the clocks, even if you don't care about UTC. However, in networks isolated from UTC sources, provisions can made to nominate one of them as a phantom UTC source.</p>
-		<p>NTP operates on the premise that there is one true standard time, and that if several servers which claim synchronization to standard time disagree about what that time is, then one or more of them must be broken. There is no attempt to resolve differences more gracefully since the premise is that substantial differences cannot exist. In essence, NTP expects that the time being distributed from the root of the synchronization subnet will be derived from some external source of UTC (e.g., a radio clock). This makes it somewhat inconvenient (though by no means impossible) to synchronize hosts together without a reliable source of UTC to synchronize them to. If your network is isolated and you cannot access other people's servers across the Internet, a radio clock may make a good investment.</p>
-		<p>Time is distributed through a hierarchy of NTP servers, with each server adopting a <i>stratum</i> which indicates how far away from an external source of UTC it is operating at. Stratum-1 servers, which are at the top of the pile (or bottom, depending on your point of view), have access to some external time source, usually a radio clock synchronized to time signal broadcasts from radio stations which explicitly provide a standard time service. A stratum-2 server is one which is currently obtaining time from a stratum-1 server, a stratum-3 server gets its time from a stratum-2 server, and so on. To avoid long lived synchronization loops the number of strata is limited to 15.</p>
-		<p>Each client in the synchronization subnet (which may also be a server for other, higher stratum clients) chooses exactly one of the available servers to synchronize to, usually from among the lowest stratum servers it has access to. This is, however, not always an optimal configuration, for indeed NTP operates under another premise as well, that each server's time should be viewed with a certain amount of distrust. NTP really prefers to have access to several sources of lower stratum time (at least three) since it can then apply an agreement algorithm to detect insanity on the part of any one of these. Normally, when all servers are in agreement, NTP will choose the best of these, where &quot;best&quot; is defined in terms of lowest stratum, closest (in terms of network delay) and claimed precision, along with several other considerations. The implication is that, while one should aim to provide each client with three or more sources of lower stratum time, several of these will only be providing backup service and may be of lesser quality in terms of network delay and stratum (i.e., a same-stratum peer which receives time from lower stratum sources the local server doesn't access directly can also provide good backup service).</p>
-		<p>Finally, there is the issue of association modes. There are a number of modes in which NTP servers can associate with each other, with the mode of each server in the pair indicating the behaviour the other server can expect from it. In particular, when configuring a server to obtain time from other servers, there is a choice of two modes which may be used. Configuring an association in symmetric-active mode (usually indicated by a <tt>peer</tt> declaration in the configuration file) indicates to the remote server that one wishes to obtain time from the remote server and that one is also willing to supply time to the remote server if need be. This mode is appropriate in configurations involving a number of redundant time servers interconnected via diverse network paths, which is presently the case for most stratum-1 and stratum-2 servers on the Internet today. Configuring an association in client mode (usually indicated by a <tt>server</tt> declaration in the configuration file) indicates that one wishes to obtain time from the remote server, but that one is not willing to provide time to the remote server. This mode is appropriate for file-server and workstation clients that do not provide synchronization to other local clients. Client mode is also useful for boot-date-setting programs and the like, which really have no time to provide and which don't retain state about associations over the longer term.</p>
-		<p>Where the requirements in accuracy and reliability are modest, clients can be configured to use broadcast and/or multicast modes. These modes are not normally utilized by servers with dependent clients. The advantage of these modes is that clients do not need to be configured for a specific server, so that all clients operating can use the same configuration file. Broadcast mode requires a broadcast server on the same subnet, while multicast mode requires support for IP multicast on the client machine, as well as connectivity via the MBONE to a multicast server. Since broadcast messages are not propagated by routers, only those broadcast servers on the same subnet will be used. There is at present no way to select which of possibly many multicast servers will be used, since all operate on the same group address.</p>
-		<p>Where the maximum accuracy and reliability provided by NTP are needed, clients and servers operate in either client/server or symmetric modes. Symmetric modes are most often used between two or more servers operating as a mutually redundant group. In these modes, the servers in the group members arrange the synchronization paths for maximum performance, depending on network jitter and propagation delay. If one or more of the group members fail, the remaining members automatically reconfigure as required. Dependent clients and servers normally operate in client/server mode, in which a client or dependent server can be synchronized to a group member, but no group member can synchronize to the client or dependent server. This provides protection against malfunctions or protocol attacks.</p>
-		<p>Servers that provide synchronization to a sizeable population of clients normally operate as a group of three or more mutually redundant servers, each operating with three or more stratum-one or stratum-two servers in client-server modes, as well as all other members of the group in symmetric modes. This provides protection against malfunctions in which one or more servers fail to operate or provide incorrect time. The NTP algorithms have been specifically engineered to resist attacks where some fraction of the configured synchronization sources accidently or purposely provide incorrect time. In these cases a special voting procedure is used to identify spurious sources and discard their data.</p>
-		<h4>Configuring Your Subnet</h4>
-		At startup time the <tt>ntpd</tt> daemon running on a host reads the initial configuration information from a file, usually <tt>/etc/ntp.conf</tt>, unless a different name has been specified at compile time. Putting something in this file which will enable the host to obtain time from somewhere else is usually the first big hurdle after installation of the software itself, which is described in the <a href="build/build.html">Building and Installing the Distribution</a> page. At its simplest, what you need to do in the configuration file is declare the servers that the daemon should poll for time synchronization. In principle, no such list is needed if some other time server operating in broadcast/multicast mode is available, which requires the client to operate in a broadcastclient mode.
-		<p>In the case of a workstation operating in an enterprise network for a public or private organization, there is often an administrative department that coordinates network services, including NTP. Where available, the addresses of appropriate servers can be provided by that department. However, if this infrastructure is not available, it is necessary to explore some portion of the existing NTP subnet now running in the Internet. There are at present many thousands of time servers running NTP in the Internet, a significant number of which are willing to provide a public time- synchronization service. Some of these are listed in the list of public time servers, which can be accessed via the <a href="http://www.eecis.udel.edu/%7entp">NTP web page</a>. These data are updated on a regular basis using information provided voluntarily by various site administrators. There are other ways to explore the nearby subnet using the <tt><a href="ntptrace.html">ntptrace</a></tt> and <tt><a href="ntpdc.html">ntpdc</a></tt> programs.</p>
-		<p>It is vital to carefully consider the issues of robustness and reliability when selecting the sources of synchronization. Normally, not less than three sources should be available, preferably selected to avoid common points of failure. It is usually better to choose sources which are likely to be &quot;close&quot; to you in terms of network topology, though you shouldn't worry overly about this if you are unable to determine who is close and who isn't. Normally, it is much more serious when a server becomes faulty and delivers incorrect time than when it simply stops operating, since an NTP-synchronized host normally can coast for hours or even days without its clock accumulating serious error approaching a second, for instance. Selecting at least three sources from different operating administrations, where possible, is the minimum recommended, although a lesser number could provide acceptable service with a degraded degree of robustness.</p>
-		<p>Normally, it is not considered good practice for a single workstation to request synchronization from a primary (stratum-1) time server. At present, these servers provide synchronization for hundreds of clients in many cases and could, along with the network access paths, become seriously overloaded if large numbers of workstation clients requested synchronization directly. Therefore, workstations located in sparsely populated administrative domains with no local synchronization infrastructure should request synchronization from nearby stratum-2 servers instead. In most cases the keepers of those servers in the lists of public servers provide unrestricted access without prior permission; however, in all cases it is considered polite to notify the administrator listed in the file upon commencement of regular service. In all cases the access mode and notification requirements listed in the file must be respected. Under no conditions should servers not in these lists be used without prior permission, as to do so can create severe problems in the local infrastructure, especially in cases of dial-up access to the Internet.</p>
-		<p>In the case of a gateway or file server providing service to a significant number of workstations or file servers in an enterprise network it is even more important to provide multiple, redundant sources of synchronization and multiple, diversity-routed, network access paths. The preferred configuration is at least three administratively coordinated time servers providing service throughout the administrative domain including campus networks and subnetworks. Each of these should obtain service from at least two different outside sources of synchronization, preferably via different gateways and access paths. These sources should all operate at the same stratum level, which is one less than the stratum level to be used by the local time servers themselves. In addition, each of these time servers should peer with all of the other time servers in the local administrative domain at the stratum level used by the local time servers, as well as at least one (different) outside source at this level. This configuration results in the use of six outside sources at a lower stratum level (toward the primary source of synchronization, usually a radio clock), plus three outside sources at the same stratum level, for a total of nine outside sources of synchronization. While this may seem excessive, the actual load on network resources is minimal, since the interval between polling messages exchanged between peers usually ratchets back to no more than one message every 17 minutes.</p>
-		<p>The stratum level to be used by the local time servers is an engineering choice. As a matter of policy, and in order to reduce the load on the primary servers, it is desirable to use the highest stratum consistent with reliable, accurate time synchronization throughout the administrative domain. In the case of enterprise networks serving hundreds or thousands of client file servers and workstations, conventional practice is to obtain service from stratum-1 primary servers listed for public access. When choosing sources away from the primary sources, the particular synchronization path in use at any time can be verified using the <tt>ntptrace</tt> program included in this distribution. It is important to avoid loops and possible common points of failure when selecting these sources. Note that, while NTP detects and rejects loops involving neighboring servers, it does not detect loops involving intervening servers. In the unlikely case that all primary sources of synchronization are lost throughout the subnet, the remaining servers on that subnet can form temporary loops and, if the loss continues for an interval of many hours, the servers will drop off the subnet and free-run with respect to their internal (disciplined) timing sources. After some period with no outside timing source (currently one day), a host will declare itself unsynchronized and provide this information to local application programs.</p>
-		<p>In many cases the purchase of one or more radio clocks is justified, in which cases good engineering practice is to use the configurations described above anyway and connect the radio clock to one of the local servers. This server is then encouraged to participate in a special primary-server subnetwork in which each radio-equipped server peers with several other similarly equipped servers. In this way the radio-equipped server may provide synchronization, as well as receive synchronization, should the local or remote radio clock(s) fail or become faulty. <tt>ntpd</tt> treats attached radio clock(s) in the same way as other servers and applies the same criteria and algorithms to the time indications, so can detect when the radio fails or becomes faulty and switch to alternate sources of synchronization. It is strongly advised, and in practice for most primary servers today, to employ the authentication or access-control features of the NTP specification in order to protect against hostile intruders and possible destabilization of the time service. Using this or similar strategies, the remaining hosts in the same administrative domain can be synchronized to the three (or more) selected time servers. Assuming these servers are synchronized directly to stratum-1 sources and operate normally as stratum-2, the next level away from the primary source of synchronization, for instance various campus file servers, will operate at stratum 3 and dependent workstations at stratum 4. Engineered correctly, such a subnet will survive all but the most exotic failures or even hostile penetrations of the various, distributed timekeeping resources.</p>
-		<p>The above arrangement should provide very good, robust time service with a minimum of traffic to distant servers and with manageable loads on the local servers. While it is theoretically possible to extend the synchronization subnet to even higher strata, this is seldom justified and can make the maintenance of configuration files unmanageable. Serving time to a higher stratum peer is very inexpensive in terms of the load on the lower stratum server if the latter is located on the same concatenated LAN. When justified by the accuracy expectations, NTP can be operated in broadcast and multicast modes, so that clients need only listen for periodic broadcasts and do not need to send anything.</p>
-		<p>When planning your network you might, beyond this, keep in mind a few generic don'ts, in particular:</p>
-		<ul>
-			<li>Don't synchronize a local time server to another peer at the same stratum, unless the latter is receiving time from lower stratum sources the former doesn't talk to directly. This minimizes the occurrence of common points of failure, but does not eliminate them in cases where the usual chain of associations to the primary sources of synchronization are disrupted due to failures.
-			<li style="list-style: none"><br>
-			<li>Don't configure peer associations with higher stratum servers. Let the higher strata configure lower stratum servers, but not the reverse. This greatly simplifies configuration file maintenance, since there is usually much greater configuration churn in the high stratum clients such as personal workstations.
-			<li style="list-style: none"><br>
-			<li>Don't synchronize more than one time server in a particular administrative domain to the same time server outside that domain. Such a practice invites common points of failure, as well as raises the possibility of massive abuse, should the configuration file be automatically distributed do a large number of clients.
-		</ul>
-		There are many useful exceptions to these rules. When in doubt, however, follow them.
-		<h4>Configuring Your Server or Client</h4>
-		<p>As mentioned previously, the configuration file is usually called /etc/ntp.conf. This is an ASCII file conforming to the usual comment and whitespace conventions. A working configuration file might look like (in this and other examples, do not copy this directly):</p>
-		<pre>
-     # peer configuration for host whimsy
-     # (expected to operate at stratum 2)
-
-     server rackety.udel.edu
-     server umd1.umd.edu
-     server lilben.tn.cornell.edu
-
-     driftfile /etc/ntp.drift
-</pre>
-		(Note the use of host names, although host addresses in dotted-quad notation can also be used. It is always preferable to use names rather than addresses, since over time the addresses can change, while the names seldom change.)
-		<p>This particular host is expected to operate as a client at stratum 2 by virtue of the <tt>server</tt> keyword and the fact that two of the three servers declared (the first two) have radio clocks and usually run at stratum 1. The third server in the list has no radio clock, but is known to maintain associations with a number of stratum 1 peers and usually operates at stratum 2. Of particular importance with the last host is that it maintains associations with peers besides the two stratum 1 peers mentioned. This can be verified using the <tt>ntpq</tt> program mentioned above. When configured using the <tt>server</tt> keyword, this host can receive synchronization from any of the listed servers, but can never provide synchronization to them.</p>
-		<p>Unless restricted using facilities described later, this host can provide synchronization to dependent clients, which do not have to be listed in the configuration file. Associations maintained for these clients are transitory and result in no persistent state in the host. These clients are normally not visible using the <tt>ntpq</tt> program included in the distribution; however, <tt>ntpd</tt> includes a monitoring feature (described later) which caches a minimal amount of client information useful for debugging administrative purposes.</p>
-		<p>A time server expected to both receive synchronization from another server, as well as to provide synchronization to it, is declared using the <tt>peer</tt> keyword instead of the <tt>server</tt> keyword. In all other aspects the server operates the same in either mode and can provide synchronization to dependent clients or other peers. If a local source of UTC time is available, it is considered good engineering practice to declare time servers outside the administrative domain as <tt>peer</tt> and those inside as <tt>server</tt> in order to provide redundancy in the global Internet, while minimizing the possibility of instability within the domain itself. A time server in one domain can in principle heal another domain temporarily isolated from all other sources of synchronization. However, it is probably unwise for a casual workstation to bridge fragments of the local domain which have become temporarily isolated.</p>
-		<p>Note the inclusion of a <tt>driftfile</tt> declaration. One of the things the NTP daemon does when it is first started is to compute the error in the intrinsic frequency of the clock on the computer it is running on. It usually takes about a day or so after the daemon is started to compute a good estimate of this (and it needs a good estimate to synchronize closely to its server). Once the initial value is computed, it will change only by relatively small amounts during the course of continued operation. The <tt>driftfile</tt> declaration indicates to the daemon the name of a file where it may store the current value of the frequency error so that, if the daemon is stopped and restarted, it can reinitialize itself to the previous estimate and avoid the day's worth of time it will take to recompute the frequency estimate. Since this is a desirable feature, a <tt>driftfile</tt> declaration should always be included in the configuration file.</p>
-		<p>An implication in the above is that, should <tt>ntpd</tt> be stopped for some reason, the local platform time will diverge from UTC by an amount that depends on the intrinsic error of the clock oscillator and the time since last synchronized. In view of the length of time necessary to refine the frequency estimate, every effort should be made to operate the daemon on a continuous basis and minimize the intervals when for some reason it is not running.</p>
-		<h4>Configuring NTP with NetInfo</h4>
-		If NetInfo support is compiled into NTP, you can opt to configure NTP in your NetInfo domain. NTP will look in the NetInfo directory <tt>/locations/ntp</tt> for property/value pairs which are equivalent to the lines in the configuration file described above. Each configuration keyword may have a corresponding property in NetInfo. Each value for a given property is treated as arguments to that property, similar to a line in the configuration file.
-		<p>For example, the configuration shown in the configuration file above can be duplicated in NetInfo by adding a property &quot;<tt>server</tt>&quot; with values &quot;<tt>rackety.udel.edu</tt>&quot;, &quot;<tt>umd1.umd.edu</tt>&quot;, and &quot;<tt>lilben.tn.cornell.edu</tt>&quot;; and a property &quot;<tt>driftfile</tt>&quot; with the single value &quot;<tt>/etc/ntp.drift</tt>&quot;.</p>
-		<p>Values may contain multiple tokens similar to the arguments available in the configuration file. For example, to use <tt>mimsy.mil</tt> as an NTP version 1 time server, you would add a value &quot;<tt>mimsy.mil version 1</tt>&quot; to the &quot;<tt>server</tt>&quot; property.</p>
-		<h4>Ntp4 Versus Previous Versions</h4>
-		There are several items of note when dealing with a mixture of <tt>ntp4</tt> and previous distributions of NTP Version 2 (<tt>ntpd</tt>) and NTP Version 1 (<tt>ntp3.4</tt>). The <tt>ntp4</tt> implementation conforms to the NTP Version 3 specification RFC-1305 and, in addition, contains additional features documented in the <a href="release.html">Release Notes</a> page. As such, by default when no additional information is available concerning the preferences of the peer, <tt>ntpd</tt> claims to be version 4 in the packets that it sends from configured associations. The <tt>version</tt> subcommand of the <tt>server</tt>, <tt>peer</tt>, <tt>broadcast</tt> and <tt>manycastclient</tt> command can be used to change the default. In unconfigured (ephemeral) associaitons, the daemon always replies in the same version as the request.
-		<p>An NTP implementation conforming to a previous version specification ordinarily discards packets from a later version. However, in most respects documented in RFC-1305, The version 2 implementation is compatible with the version 3 algorithms and protocol. The version 1 implementation contains most of the version 2 algorithms, but without important features for clock selection and robustness. Nevertheless, in most respects the NTP versions are backwards compatible. The sticky part here is that, when a previous version implementation receives a packet claiming to be from a version 4 server, it discards it without further processing. Hence there is a danger that in some situations synchronization with previous versions will fail.</p>
-		<p>The trouble occurs when an previous version is to be included in an <tt>ntpd</tt> configuration file. With no further indication, <tt>ntpd</tt> will send packets claiming to be version 4 when it polls. To get around this, <tt>ntpd</tt> allows a qualifier to be added to configuration entries to indicate which version to use when polling. Hence the entries</p>
-		<pre>
-     # specify NTP version 1
-
-     server mimsy.mil version
-1     # server running ntpd version 1
-     server apple.com version
-2     # server running ntpd version 2
-</pre>
-		will cause version 1 packets to be sent to the host mimsy.mil and version 2 packets to be sent to apple.com. If you are testing <tt>ntpd</tt> against previous version servers you will need to be careful about this. Note that, as indicated in the RFC-1305 specification, there is no longer support for the original NTP specification, once called NTP Version 0.
-		<h4>Traffic Monitoring</h4>
-		<tt>ntpd</tt> handles peers whose stratum is higher than the stratum of the local server and polls using client mode by a fast path which minimizes the work done in responding to their polls, and normally retains no memory of these pollers. Sometimes, however, it is interesting to be able to determine who is polling the server, and how often, as well as who has been sending other types of queries to the server.
-		<p>To allow this, <tt>ntpd</tt> implements a traffic monitoring facility which records the source address and a minimal amount of other information from each packet which is received by the server. This feature is normally enabled, but can be disabled if desired using the configuration file entry:</p>
-		<pre>
-     # disable monitoring feature
-     disable monitor
-</pre>
-		The recorded information can be displayed using the <tt>ntpdc</tt> query program, described briefly below.
-		<h4>Address-and-Mask Restrictions</h4>
-		The address-and-mask configuration facility supported by <tt>ntpd</tt> is quite flexible and general, but is not an integral part of the NTP Version 3 specification. The major drawback is that, while the internal implementation is very nice, the user interface is not. For this reason it is probably worth doing an example here. Briefly, the facility works as follows. There is an internal list, each entry of which holds an address, a mask and a set of flags. On receipt of a packet, the source address of the packet is compared to each entry in the list, with a match being posted when the following is true:
-		<pre>
-     (source_addr &amp; mask) == (address &amp;
-mask)
-</pre>
-		A particular source address may match several list entries. In this case the entry with the most one bits in the mask is chosen. The flags associated with this entry are used to control the access.
-		<p>In the current implementation the flags always add restrictions. In effect, an entry with no flags set leaves matching hosts unrestricted. An entry can be added to the internal list using a <tt>restrict</tt> declaration. The flags associated with the entry are specified textually. For example, the <tt>notrust</tt> flag indicates that hosts matching this entry, while treated normally in other respects, shouldn't be trusted to provide synchronization even if otherwise so enabled. The <tt>nomodify</tt> flag indicates that hosts matching this entry should not be allowed to do run-time configuration. There are many more flags, see the <a href="ntpd.html"><tt>ntpd</tt></a> page.</p>
-		<p>Now the example. Suppose you are running the server on a host whose address is 128.100.100.7. You would like to ensure that run time reconfiguration requests can only be made from the local host and that the server only ever synchronizes to one of a pair of off-campus servers or, failing that, a time source on net 128.100. The following entries in the configuration file would implement this policy:</p>
-		<pre>
-     # by default, don't trust and don't allow
-modifications
-
-     restrict default notrust nomodify
-
-     # these guys are trusted for time, but no
-modifications allowed
-
-     restrict 128.100.0.0 mask 255.255.0.0 nomodify
-     restrict 128.8.10.1 nomodify
-     restrict 192.35.82.50 nomodify
-
-     # the local addresses are unrestricted
-
-     restrict 128.100.100.7
-     restrict 127.0.0.1
-</pre>
-		The first entry is the default entry, which all hosts match and hence which provides the default set of flags. The next three entries indicate that matching hosts will only have the <tt>nomodify</tt> flag set and hence will be trusted for time. If the mask isn't specified in the <tt>restrict</tt> keyword, it defaults to 255.255.255.255. Note that the address 128.100.100.7 matches three entries in the table, the default entry (mask 0.0.0.0), the entry for net 128.100 (mask 255.255.0.0) and the entry for the host itself (mask 255.255.255.255). As expected, the flags for the host are derived from the last entry since the mask has the most bits set.
-		<p>The only other thing worth mentioning is that the <tt>restrict</tt> declarations apply to packets from all hosts, including those that are configured elsewhere in the configuration file and even including your clock pseudopeer(s), if any. Hence, if you specify a default set of restrictions which you don't wish to be applied to your configured peers, you must remove those restrictions for the configured peers with additional <tt>restrict</tt> declarations mentioning each peer separately.</p>
-		<h4>Authentication</h4>
-		<tt>ntpd</tt> supports the optional authentication procedure specified in the NTP Version 2 and 3 specifications. Briefly, when an association runs in authenticated mode, each packet transmitted has appended to it a 32-bit key ID and a 64/128-bit cryptographic checksum of the packet contents computed using either the Data Encryption Standard (DES) or Message Digest (MD5) algorithms. Note that, while either of these algorithms provide sufficient protection from message- modification attacks, distribution of the former algorithm implementation is restricted to the U.S. and Canada, while the latter presently is free from such restrictions. For this reason, the DES algorithm is not included in the current distribution. Directions for obtaining it in other countries is in the <a href="build/build.html">Building and Installing the Distribution</a> page. With either algorithm the receiving peer recomputes the checksum and compares it with the one included in the packet. For this to work, the peers must share at least one encryption key and, furthermore, must associate the shared key with the same key ID.
-		<p>This facility requires some minor modifications to the basic packet processing procedures, as required by the specification. These modifications are enabled by the <tt>enable auth</tt> configuration declaration, which is currently the default. In authenticated mode, peers which send unauthenticated packets, peers which send authenticated packets which the local server is unable to decrypt and peers which send authenticated packets encrypted using a key we don't trust are all marked untrustworthy and unsuitable for synchronization. Note that, while the server may know many keys (identified by many key IDs), it is possible to declare only a subset of these as trusted. This allows the server to share keys with a client which requires authenticated time and which trusts the server, but which is not trusted by the server. Also, some additional configuration language is required to specify the key ID to be used to authenticate each configured peer association. Hence, for a server running in authenticated mode, the configuration file might look similar to the following:</p>
-		<pre>
-     # peer configuration for 128.100.100.7
-     # (expected to operate at stratum 2)
-     # fully authenticated this time
-
-     peer 128.100.49.105 key 22 #
-suzuki.ccie.utoronto.ca
-     peer 128.8.10.1 key 4    #
-umd1.umd.edu
-     peer 192.35.82.50 key 6  #
-lilben.tn.cornell.edu
-
-     keys /usr/local/etc/ntp.keys  # path for
-key file
-     trustedkey 1 2 14 15     #
-define trusted keys
-     requestkey
-15            #
-key (7) for accessing server variables
-     controlkey
-15            #
-key (6) for accessing server variables
-
-     authdelay
-0.000094       # authentication delay
-(Sun4c/50 IPX)
-</pre>
-		There are a couple of previously unmentioned things in here. The <tt>keys</tt> line specifies the path to the keys file (see below and the <tt>ntpd</tt> document page for details of the file format). The <tt>trustedkey</tt> declaration identifies those keys that are known to be uncompromised; the remainder presumably represent the expired or possibly compromised keys. Both sets of keys must be declared by key identifier in the <tt>ntp.keys</tt> file described below. This provides a way to retire old keys while minimizing the frequency of delicate key-distribution procedures. The <tt>requestkey</tt> line establishes the key to be used for mode-6 control messages as specified in RFC-1305 and used by the <tt>ntpq</tt> utility program, while the <tt>controlkey</tt> line establishes the key to be used for mode-7 private control messages used by the <tt>ntpdc</tt> utility program. These keys are used to prevent unauthorized modification of daemon variables.
-		<p>Ordinarily, the authentication delay; that is, the processing time taken between the freezing of a transmit timestamp and the actual transmission of the packet when authentication is enabled (i.e. more or less the time it takes for the DES or MD5 routine to encrypt a single block) is computed automatically by the daemon. If necessary, the delay can be overridden by the <tt>authdelay</tt> line, which is used as a correction for the transmit timestamp.</p>
-		Additional utility programs included in the <tt>./authstuff</tt> directory can be used to generate random keys, certify implementation correctness and display sample keys. As a general rule, keys should be chosen randomly, except possibly the request and control keys, which must be entered by the user as a password.
-		<p>The <tt>ntp.keys</tt> file contains the list of keys and associated key IDs the server knows about (for obvious reasons this file is better left unreadable by anyone except root). The contents of this file might look like:</p>
-		<pre>
-     # ntp keys file (ntp.keys)
-     1    N   
-29233E0461ECD6AE    # DES key in NTP format
-     2    M   
-RIrop8KPPvQvYotM    # md5 key as an ASCII random string
-     14   M   
-sundial           
-;  # md5 key as an ASCII string
-     15   A   
-sundial           
-;  # DES key as an ASCII string
-
-     # the following 3 keys are identical
-
-     10   A    SeCReT
-     10   N   
-d3e54352e5548080
-     10   S   
-a7cb86a4cba80101
-</pre>
-		In the keys file the first token on each line indicates the key ID, the second token the format of the key and the third the key itself. There are four key formats. An <tt>A</tt> indicates a DES key written as a 1- to-8 character string in 7-bit ASCII representation, with each character standing for a key octet (like a Unix password). An <tt>S</tt> indicates a DES key written as a hex number in the DES standard format, with the low order bit (LSB) of each octet being the (odd) parity bit. An <tt>N</tt> indicates a DES key again written as a hex number, but in NTP standard format with the high order bit of each octet being the (odd) parity bit (confusing enough?). An <tt>M</tt> indicates an MD5 key written as a 1-to-31 character ASCII string in the <tt>A</tt> format. Note that, because of the simple tokenizing routine, the characters <tt>' ', '#', '\t', '\n'</tt> and <tt>'\0'</tt> can't be used in either a DES or MD5 ASCII key. Everything else is fair game, though. Key 0 (zero) is used for special purposes and should not appear in this file.
-		<p>The big trouble with the authentication facility is the keys file. It is a maintenance headache and a security problem. This should be fixed some day. Presumably, this whole bag of worms goes away if/when a generic security regime for the Internet is established. An alternative with NTP Version 4 is the autokey feature, which uses random session keys and public-key cryptography and avoids the key file entirely. While this feature is not completely finished yet, details can be found in the <a href="release.html">Release Notes</a> page.</p>
-		<h4>Query Programs</h4>
-		Three utility query programs are included with the distribution, <tt>ntpq</tt>, <tt>ntptrace</tt> and <tt>ntpdc</tt>. <tt>ntpq</tt> is a handy program which sends queries and receives responses using NTP standard mode-6 control messages. Since it uses the standard control protocol specified in RFC- 1305, it may be used with NTP Version 2 and Version 3 implementations for both Unix and Fuzzball, but not Version 1 implementations. It is most useful to query remote NTP implementations to assess timekeeping accuracy and expose bugs in configuration or operation.
-		<p><tt>ntptrace</tt> can be used to display the current synchronization path from a selected host through possibly intervening servers to the primary source of synchronization, usually a radio clock. It works with both version 2 and version 3 servers, but not version 1.</p>
-		<p><tt>ntpdc</tt> is a horrid program which uses NTP private mode-7 control messages to query local or remote servers. The format and contents of these messages are specific to this version of <tt>ntpd</tt> and some older versions. The program does allow inspection of a wide variety of internal counters and other state data, and hence does make a pretty good debugging tool, even if it is frustrating to use. The other thing of note about <tt>ntpdc</tt> is that it provides a user interface to the run time reconfiguration facility. See the respective document pages for details on the use of these programs.</p>
-		<h4>Run-Time Reconfiguration</h4>
-		<tt>ntpd</tt> was written specifically to allow its configuration to be fully modifiable at run time. Indeed, the only way to configure the server is at run time. The configuration file is read only after the rest of the server has been initialized into a running default-configured state. This facility was included not so much for the benefit of Unix, where it is handy but not strictly essential, but rather for dedicated platforms where the feature is more important for maintenance. Nevertheless, run time configuration works very nicely for Unix servers as well.
-		<p>Nearly all of the things it is possible to configure in the configuration file may be altered via NTP mode-7 messages using the <tt>ntpdc</tt> program. Mode-6 messages may also provide some limited configuration functionality (though the only thing you can currently do with mode-6 messages is set the leap-second warning bits) and the <tt>ntpq</tt> program provides generic support for the latter. The leap bits that can be set in the <tt>leap_warning</tt> variable (up to one month ahead) and in the <tt>leap_indication</tt> variable have a slightly different encoding than the usual interpretation:</p>
-		<pre>
-       
-Value           Action
-
-        
-00            
-p; The daemon passes the leap bits of its
-            
-           
-synchronisation source (usual mode of operation)
-
-        01/10   A leap
-second is added/deleted
-
-        
-11            
-p; Leap information from the synchronization source
-            
-            is
-ignored (thus LEAP_NOWARNING is passed on)
-</pre>
-		Mode-6 and mode-7 messages which would modify the configuration of the server are required to be authenticated using standard NTP authentication. To enable the facilities one must, in addition to specifying the location of a keys file, indicate in the configuration file the key IDs to be used for authenticating reconfiguration commands. Hence the following fragment might be added to a configuration file to enable the mode-6 (ntpq) and mode-7 (ntpdc) facilities in the daemon:
-		<pre>
-     # specify mode-6 and mode-7 trusted keys
-
-     requestkey 65535    # for mode-7
-requests
-     controlkey 65534    # for mode-6
-requests
-</pre>
-		If the <tt>requestkey</tt> and/or the <tt>controlkey</tt> configuration declarations are omitted from the configuration file, the corresponding run-time reconfiguration facility is disabled.
-		<p>The query programs require the user to specify a key ID and a key to use for authenticating requests to be sent. The key ID provided should be the same as the one mentioned in the configuration file, while the key should match that corresponding to the key ID in the keys file. As the query programs prompt for the key as a password, it is useful to make the request and control authentication keys typeable (in ASCII format) from the keyboard.</p>
-		<h4>Name Resolution</h4>
-		<tt>ntpd</tt> includes the capability to specify host names requiring resolution in <tt>peer</tt> and <tt>server</tt> declarations in the configuration file. However, in some outposts of the Internet, name resolution is unreliable and the interface to the Unix resolver routines is synchronous. The hangups and delays resulting from name-resolver clanking can be unacceptable once the NTP server is running (and remember it is up and running before the configuration file is read). However, it is advantageous to resolve time server names, since their addresses are occasionally changed.
-		<p>In order to prevent configuration delays due to the name resolver, the daemon runs the name resolution process in parallel with the main daemon code. When the daemon comes across a <tt>peer</tt> or <tt>server</tt> entry with a non-numeric host address, it records the relevant information in a temporary file and continues on. When the end of the configuration file has been reached and one or more entries requiring name resolution have been found, the server runs the name resolver from the temporary file. The server then continues on normally but with the offending peers/servers omitted from its configuration.</p>
-		<p>As each name is resolved, it configures the associated entry into the server using the same mode-7 run time reconfiguration facility that <tt>ntpdc</tt> uses. If temporary resolver failures occur, the resolver will periodically retry the requests until a definite response is received. The program will continue to run until all entries have been resolved.</p>
-		<h4>Dealing with Frequency Tolerance Violations (<tt>tickadj</tt> and Friends)</h4>
-		The NTP Version 3 specification RFC-1305 calls for a maximum oscillator frequency tolerance of +-100 parts-per-million (PPM), which is representative of those components suitable for use in relatively inexpensive workstation platforms. For those platforms meeting this tolerance, NTP will automatically compensate for the frequency errors of the individual oscillator and no further adjustments are required, either to the configuration file or to various kernel variables. For the NTP Version 4 release, this tolerance has been increased to +-500 PPM.
-		<p>However, in the case of certain notorious platforms, in particular Sun 4.1.1 systems, the performance can be improved by adjusting the values of certain kernel variables; in particular, <tt>tick</tt> and <tt>tickadj</tt>. The variable <tt>tick</tt> is the increment in microseconds added to the system time on each interval- timer interrupt, while the variable <tt>tickadj</tt> is used by the time adjustment code as a slew rate, in microseconds per tick. When the time is being adjusted via a call to the system routine <tt>adjtime()</tt>, the kernel increases or reduces tick by <tt>tickadj</tt> microseconds per tick until the specified adjustment has been completed. Unfortunately, in most Unix implementations the tick increment must be either zero or plus/minus exactly <tt>tickadj</tt> microseconds, meaning that adjustments are truncated to be an integral multiple of <tt>tickadj</tt> (this latter behaviour is a misfeature, and is the only reason the <tt>tickadj</tt> code needs to concern itself with the internal implementation of <tt>tickadj</tt> at all). In addition, the stock Unix implementation considers it an error to request another adjustment before a prior one has completed.</p>
-		<p>Thus, to make very sure it avoids problems related to the roundoff, the <tt>tickadj</tt> program can be used to adjust the values of <tt>tick</tt> and <tt>tickadj</tt>. This ensures that all adjustments given to <tt>adjtime()</tt> are an even multiple of <tt>tickadj</tt> microseconds and computes the largest adjustment that can be completed in the adjustment interval (using both the value of <tt>tick</tt> and the value of <tt>tickadj</tt>) so it can avoid exceeding this limit. It is important to note that not all systems will allow inspection or modification of kernel variables other than at system build time. It is also important to know that, with the current NTP tolerances, it is rarely necessary to make these changes, but in many cases they will substantially improve the general accuracy of the time service.</p>
-		<p>Unfortunately, the value of <tt>tickadj</tt> set by default is almost always too large for <tt>ntpd</tt>. NTP operates by continuously making small adjustments to the clock, usually at one-second intervals. If <tt>tickadj</tt> is set too large, the adjustments will disappear in the roundoff; while, if <tt>tickadj</tt> is too small, NTP will have difficulty if it needs to make an occasional large adjustment. While the daemon itself will read the kernel's values of these variables, it will not change the values, even if they are unsuitable. You must do this yourself before the daemon is started using the <tt>tickadj</tt> program included in the <tt>./util</tt> directory of the distribution. Note that the latter program will also compute an optimal value of <tt>tickadj</tt> for NTP use based on the kernel's value of <tt>tick</tt>.</p>
-		<p>The <tt>tickadj</tt> program can reset several other kernel variables if asked. It can change the value of <tt>tick</tt> if asked. This is handy to compensate for kernel bugs which cause the clock to run with a very large frequency error, as with SunOS 4.1.1 systems. It can also be used to set the value of the kernel <tt>dosynctodr</tt> variable to zero. This variable controls whether to synchronize the system clock to the time-of-day clock, something you really don't want to be happen when <tt>ntpd</tt> is trying to keep it under control. In some systems, such as recent Sun Solaris kernels, the <tt>dosynctodr</tt> variable is the only one that can be changed by the <tt>tickadj</tt> program. In this and other modern kernels, it is not necessary to change the other variables in any case.</p>
-		<p>We have a report that says starting with Solaris 2.6 we should leave <i>dosynctodr</i> alone.</p>
-		<p>In order to maintain reasonable correctness bounds, as well as reasonably good accuracy with acceptable polling intervals, <tt>ntpd</tt> will complain if the frequency error is greater than 500 PPM. For machines with a value of <tt>tick</tt> in the 10-ms range, a change of one in the value of <tt>tick</tt> will change the frequency by about 100 PPM. In order to determine the value of <tt>tick</tt> for a particular CPU, disconnect the machine from all sources of time (<tt>dosynctodr</tt> = 0) and record its actual time compared to an outside source (eyeball-and-wristwatch will do) over a day or more. Multiply the time change over the day by 0.116 and add or subtract the result to tick, depending on whether the CPU is fast or slow. An example call to <tt>tickadj</tt> useful on SunOS 4.1.1 is:</p>
-		<pre>
-     <tt>tickadj</tt> -t 9999 -a 5 -s
-</pre>
-		which sets tick 100 PPM fast, <tt>tickadj</tt> to 5 microseconds and turns off the clock/calendar chip fiddle. This line can be added to the <tt>rc.local</tt> configuration file to automatically set the kernel variables at boot time.
-		<p>All this stuff about diddling kernel variables so the NTP daemon will work is really silly. If vendors would ship machines with clocks that kept reasonable time and would make their <tt>adjtime()</tt> system call apply the slew it is given exactly, independent of the value of <tt>tickadj</tt>, all this could go away. This is in fact the case on many current Unix systems.</p>
-		<h4>Tuning Your Subnet</h4>
-		There are several parameters available for tuning the NTP subnet for maximum accuracy and minimum jitter. One of these is the <tt>prefer</tt> configuration declaration described in <a href="prefer.html">Mitigation Rules and the <tt>prefer</tt> Keyword</a> documentation page. When more than one eligible server exists, the NTP clock-selection and combining algorithms act to winnow out all except the &quot;best&quot; set of servers using several criteria based on differences between the readings of different servers and between successive readings of the same server. The result is usually a set of surviving servers that are apparently statistically equivalent in accuracy, jitter and stability. The population of survivors remaining in this set depends on the individual server characteristics measured during the selection process and may vary from time to time as the result of normal statistical variations. In LANs with high speed RISC-based time servers, the population can become somewhat unstable, with individual servers popping in and out of the surviving population, generally resulting in a regime called <i>clockhopping</i>.
-		<p>When only the smallest residual jitter can be tolerated, it may be convenient to elect one of the servers at each stratum level as the preferred one using the keyword <tt>prefer</tt> on the configuration declaration for the selected server:</p>
-		<pre>
-     # preferred server declaration
-
-     peer rackety.udel.edu prefer   
-# preferred server
-</pre>
-		The preferred server will always be included in the surviving population, regardless of its characteristics and as long as it survives preliminary sanity checks and validation procedures.
-		<p>The most useful application of the <tt>prefer</tt> keyword is in high speed LANs equipped with precision radio clocks, such as a GPS receiver. In order to insure robustness, the hosts need to include outside peers as well as the GPS-equipped server; however, as long as that server is running, the synchronization preference should be that server. The keyword should normally be used in all cases in order to prefer an attached radio clock. It is probably inadvisable to use this keyword for peers outside the LAN, since it interferes with the carefully crafted judgement of the selection and combining algorithms.</p>
-		<h4>Provisions for Leap Seconds and Accuracy Metrics</h4>
-		<tt>ntpd</tt> understands leap seconds and will attempt to take appropriate action when one occurs. In principle, every host running ntpd will insert a leap second in the local timescale in precise synchronization with UTC. This requires that the leap-warning bits be activated some time prior to the occurrence of a leap second at the primary (stratum 1) servers. Subsequently, these bits are propagated throughout the subnet depending on these servers by the NTP protocol itself and automatically implemented by <tt>ntpd</tt> and the time- conversion routines of each host. The implementation is independent of the idiosyncrasies of the particular radio clock, which vary widely among the various devices, as long as the idiosyncratic behavior does not last for more than about 20 minutes following the leap. Provisions are included to modify the behavior in cases where this cannot be guaranteed. While provisions for leap seconds have been carefully crafted so that correct timekeeping immediately before, during and after the occurrence of a leap second is scrupulously correct, stock Unix systems are mostly inept in responding to the available information. This caveat goes also for the maximum-error and statistical-error bounds carefully calculated for all clients and servers, which could be very useful for application programs needing to calibrate the delays and offsets to achieve a near- simultaneous commit procedure, for example. While this information is maintained in the <tt>ntpd</tt> data structures, there is at present no way for application programs to access it. This may be a topic for further development.
-		<h4>Clock Support Overview</h4>
-		<tt>ntpd</tt> was designed to support radio (and other external) clocks and does some parts of this function with utmost care. Clocks are treated by the protocol as ordinary NTP peers, even to the point of referring to them with an (invalid) IP host address. Clock addresses are of the form 127.127.<i>t.u</i>, where <i>t</i> specifies the particular type of clock (i.e., refers to a particular clock driver) and <i>u</i> is a unit number whose interpretation is clock-driver dependent. This is analogous to the use of major and minor device numbers by Unix and permits multiple instantiations of clocks of the same type on the same server, should such magnificent redundancy be required.
-		<p>Because clocks look much like peers, both configuration file syntax and run time reconfiguration commands can be used to control clocks in the same way as ordinary peers. Clocks are configured via <tt>server</tt> declarations in the configuration file, can be started and stopped using ntpdc and are subject to address-and-mask restrictions much like a normal peer, should this stretch of imagination ever be useful. As a concession to the need to sometimes transmit additional information to clock drivers, an additional configuration file is available: the <tt>fudge</tt> statement. This enables one to specify the values of two time quantities, two integral values and two flags, the use of which is dependent on the particular clock driver. For example, to configure a PST radio clock which can be accessed through the serial device <tt>/dev/pst1</tt>, with propagation delays to WWV and WWVH of 7.5 and 26.5 milliseconds, respectively, on a machine with an imprecise system clock and with the driver set to disbelieve the radio clock once it has gone 30 minutes without an update, one might use the following configuration file entries:</p>
-		<pre>
-     # radio clock fudge fiddles
-     server 127.127.3.1
-     fudge 127.127.3.1 time1 0.0075 time2 0.0265
-     fudge 127.127.3.1 value2 30 flag1 1
-</pre>
-		Additional information on the interpretation of these data with respect to various radio clock drivers is given in the <a href="refclock.html">Reference Clock Drivers</a> document page and in the individual driver documents accessible via that page.
-		<h4>Towards the Ultimate Tick</h4>
-		This section considers issues in providing precision time synchronization in NTP subnets which need the highest quality time available in the present technology. These issues are important in subnets supporting real-time services such as distributed multimedia conferencing and wide-area experiment control and monitoring.
-		<p>In the Internet of today synchronization paths often span continents and oceans with moderate to high variations in delay due to traffic spasms. NTP is specifically designed to minimize timekeeping jitter due to delay variations using intricately crafted filtering and selection algorithms; however, in cases where these variations are as much as a second or more, the residual jitter following these algorithms may still be excessive. Sometimes, as in the case of some isolated NTP subnets where a local source of precision time is available, such as a PPS signal produced by a calibrated cesium clock, it is possible to remove the jitter and retime the local clock oscillator of the NTP server. This has turned out to be a useful feature to improve the synchronization quality of time distributed in remote places where radio clocks are not available. In these cases special features of the distribution are used together with the PPS signal to provide a jitter-free timing signal, while NTP itself is used to provide the coarse timing and resolve the seconds numbering.</p>
-		<p>Most available radio clocks can provide time to an accuracy in the order of milliseconds, depending on propagation conditions, local noise levels and so forth. However, as a practical matter, all clocks can occasionally display errors significantly exceeding nominal specifications. Usually, the algorithms used by NTP for ordinary network peers, as well as radio clock peers will detect and discard these errors as discrepancies between the disciplined local clock oscillator and the decoded time message produced by the radio clock. Some radio clocks can produce a special PPS signal which can be interfaced to the server platform in a number of ways and used to substantially improve the (disciplined) clock oscillator jitter and wander characteristics by at least an order of magnitude. Using these features it is possible to achieve accuracies in the order of a few tens of microseconds with a fast RISC- based platform.</p>
-		<p>There are three ways to implement PPS support, depending on the radio clock model, platform model and serial line interface. These are described in detail in the application notes mentioned in the <a href="index.html">The Network Time Protocol (NTP) Distribution</a> document page. Each of these requires circuitry to convert the TTL signal produced by most clocks to the EIA levels used by most serial interfaces. The <a href="pps.html">Pulse-per-second (PPS) Signal Interfacing</a> page describes a device designed to do this. Besides being useful for this purpose, this device includes an inexpensive modem designed for use with the Canadian CHU time/frequency radio station.</p>
-		<p>In order to select the appropriate implementation, it is important to understand the underlying PPS mechanism used by ntpd. The PPS support depends on a continuous source of PPS pulses used to calculate an offset within +-500 milliseconds relative to the local clock. The serial timecode produced by the radio or the time determined by NTP in absence of the radio is used to adjust the local clock within +-128 milliseconds of the actual time. As long as the local clock is within this interval the PPS support is used to discipline the local clock and the timecode used only to verify that the local clock is in fact within the interval. Outside this interval the PPS support is disabled and the timecode used directly to control the local clock.</p>
-		<h4>Parting Shots</h4>
-		There are several undocumented programs which can be useful in unusual cases. They can be found in the <tt>./clockstuff</tt> and <tt>./authstuff</tt> directories of the distribution. One of these is the <tt>propdelay</tt> program, which can compute high frequency radio propagation delays between any two points whose latitude and longitude are known. The program understands something about the phenomena which allow high frequency radio propagation to occur, and will generally provide a better estimate than a calculation based on the great circle distance. Other programs of interest include <tt>clktest</tt>, which allows one to exercise the generic clock line discipline, and <tt>chutest</tt>, which runs the basic reduction algorithms used by the daemon on data received from a serial port.&nbsp;
-		<hr>
-		<center>
-			<img src="pic/pogo1a.gif" alt="gif"></center>
-		<br>
-		<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
-	</body>
-
-</html>
diff --git a/html/ntp-wait.html b/html/ntp-wait.html
new file mode 100644
index 0000000..ee1341d
--- /dev/null
+++ b/html/ntp-wait.html
@@ -0,0 +1,30 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+	<head>
+		<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
+		<meta name="generator" content="HTML Tidy, see www.w3.org">
+		<title>ntp-wait - waits until ntpd is in synchronized state</title>
+		<link href="scripts/style.css" type="text/css" rel="stylesheet">
+	</head>
+	<body>
+		<h3><tt>ntp-wait</tt> - waits until ntpd is in synchronized state</h3>
+		<hr>
+		<h4>Synopsis</h4>
+		<p><tt>ntp-wait [ -v ] [ -n <i>tries</i> ] [ -s <i>seconds</i> ]</tt></p>
+		<h4>Description</h4>
+		<p>The <tt>ntp-wait</tt> program blocks until ntpd is in synchronized state.
+		This can be useful at boot time, to delay the boot sequence
+		until after "ntpd -g" has set the time.
+		<h4>Command Line Options</h4>
+		<dl>
+			<dt><tt>-n <i>tries</i></tt>
+			<dd>Number of tries before giving up. The default is 1000.
+			<dt><tt>-s <i>seconds</i></tt>
+			<dd>Seconds to sleep between tries. The default is 6 seconds.
+			<dt><tt>-v</tt>
+			<dd>Be verbose.
+		</dl>
+		<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
+	</body>
+
+</html>
diff --git a/html/ntp_conf.html b/html/ntp_conf.html
index 520ce45..9676da1 100644
--- a/html/ntp_conf.html
+++ b/html/ntp_conf.html
@@ -11,9 +11,9 @@
 
 	<body>
 		<h3>Configuration File Definition (Advanced)</h3>
-		<img src="pic/bustardfly.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/~mills/pictures.html">from <i>Pogo</i>, Walt Kelly</a>
-		<p>A typical NTP monitoring packet</p>
-		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">19:46</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="223">Friday, June 16, 2006</csobj></p>
+		<img src="pic/pogo7.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/~mills/pictures.html">from <i>Pogo</i>, Walt Kelly</a>
+		<p>Racoon is shooting configuration bugs.</p>
+		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">02:20</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="252">Monday, March 03, 2008</csobj></p>
 		<br clear="left">
 		<hr>
 		<h4>Table of Contents</h4>
@@ -101,8 +101,9 @@
 			<dd>This file is structured as a standard Bison file and consists of three main parts, separated by <tt>%%</tt>:
 		</dl>
 		<ol>
-			<li>The prologue and bison declarations: This section contains a list of the terminal symbols, the non-terminal symbols and the types of these symbols.<li>The rules section: This section contains a description of the actual phrase-structure rules that are used to parse the configuration commands. Each rule consists of a left-hand side (LHS), a right-hand side (RHS) and an optional action. As is standard with phrase-structure grammars, the LHS consists of a single non-terminal symbol. The RHS can contain both terminal and non-terminal symbols, while the optional action can consist of any arbitrary C code.
-			<li>The epilogue: This section is left empty on purpose. It is traditionally used to code the support functions needed to build the ASTs Since, we have moved all the support functions to <b>ntp_config.c</b>, this section is left empty. 
+			<li>The prologue and bison declarations: This section contains a list of the terminal symbols, the non-terminal symbols and the types of these symbols.</li>
+			<li>The rules section: This section contains a description of the actual phrase-structure rules that are used to parse the configuration commands. Each rule consists of a left-hand side (LHS), a right-hand side (RHS) and an optional action. As is standard with phrase-structure grammars, the LHS consists of a single non-terminal symbol. The RHS can contain both terminal and non-terminal symbols, while the optional action can consist of any arbitrary C code.</li>
+			<li>The epilogue: This section is left empty on purpose. It is traditionally used to code the support functions needed to build the ASTs Since, we have moved all the support functions to <b>ntp_config.c</b>, this section is left empty.</li> 
 		</ol>
 		<h4>Prologue and Bison Declarations</h4>
 		<p>All the terminal symbols (also known as tokens) have to be declared in the prologue section. Note that terminals and non-terminals may have values associated with them and these values have types. (More on this later). An unnamed union has to be declared with all the possible types at the start of the prologue section. For example, we declare the following union at the start of the <b>ntp_config.y</b> file:</p>
@@ -153,17 +154,17 @@
 		<p><b>ntp_config.c</b></p>
 		<p>This file contains the major chunk of the configuration code including all the support functions needed for building and traversing the ASTs. As such, most of the functions in this file can be divided into two groups:</p>
 		<ol>
-			<li>Functions that have a <tt>create_</tt> prefix. These functions are used to build a node of the AST. 
-			<li>Functions that have a <tt>config_</tt> prefix. These functions are used to traverse the AST and configure NTP according to the nodes present on the tree. 
+			<li>Functions that have a <tt>create_</tt> prefix. These functions are used to build a node of the AST.</li> 
+			<li>Functions that have a <tt>config_</tt> prefix. These functions are used to traverse the AST and configure NTP according to the nodes present on the tree.</li> 
 		</ol>
 		<h4>Guidelines for Adding Configuration Commands</h4>
 		<p>The following steps may be used to add a new configuration command to the NTP reference implementation:</p>
 		<ol>
-			<li>Write phrase-structure grammar rules for the syntax of the new command. Add these rules to the rules section of the <b>ntp_config.y</b> file. 
-			<li>Write the action to be performed on recognizing the rules. These actions will be used to build the AST.
-			<li>If new reserved words are needed, add these to the <tt>struct key_tok keyword_list[]</tt>structure in the <b>ntp_config.c </b>file. This will allow the scanner to recognize these reserved words and generate the desired tokens on recognizing them. 
-			<li>Specify the types of all the terminals and non-terminal symbols in the prologue section of the <b>ntp_config.c</b> file. 
-			<li>Write a function with a <tt>config_</tt> prefix that will   be executed for this new command. Make sure this function is called in the <tt>config_ntpd()</tt>function. 
+			<li>Write phrase-structure grammar rules for the syntax of the new command. Add these rules to the rules section of the <b>ntp_config.y</b> file. </li>
+			<li>Write the action to be performed on recognizing the rules. These actions will be used to build the AST.</li>
+			<li>If new reserved words are needed, add these to the <tt>struct key_tok keyword_list[]</tt>structure in the <b>ntp_config.c </b>file. This will allow the scanner to recognize these reserved words and generate the desired tokens on recognizing them.</li> 
+			<li>Specify the types of all the terminals and non-terminal symbols in the prologue section of the <b>ntp_config.c</b> file.</li> 
+			<li>Write a function with a <tt>config_</tt> prefix that will   be executed for this new command. Make sure this function is called in the <tt>config_ntpd()</tt>function.</li> 
 		</ol>
 		<hr>
 		<address><a href="mailto:skamboj@udel.edu">Sachin Kamboj</a></address>
diff --git a/html/ntpd.html b/html/ntpd.html
index 3b70694..9a16000 100644
--- a/html/ntpd.html
+++ b/html/ntpd.html
@@ -10,123 +10,164 @@
 	</head>
 
 	<body>
-		<h3><tt>ntpd</tt> - Network Time Protocol (NTP) daemon</h3>
-		<img src="pic/alice47.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/~mills/pictures.html">from <i>Alice's Adventures in Wonderland</i>, Lewis Carroll</a>
-		<p>The mushroom knows all the command line options.</p>
-		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">18:44</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="246">Thursday, July 28, 2005</csobj></p>
-		<br clear="left">
+		<h3><tt>ntpd</tt> - Network Time Protocol (NTP) Daemon</h3>
+		<img src="pic/wingdorothy.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/~mills/pictures.html">from <i>The Wizard of Oz</i>, L. Frank Baum</a>
+		<p>You need help from the monkeys.</p>
+		<p>Last update: <!-- #BeginDate format:En1m -->14-oct-09  22:23<!-- #EndDate --></p>
+<br clear="left">
 		<h4>Related Links</h4>
-		<script type="text/javascript" language="javascript" src="scripts/links7.txt"></script>
+		<script type="text/javascript" language="javascript" src="scripts/command.txt"></script>
 		<h4>Table of Contents</h4>
 		<ul>
-			<li class="inline"><a href="#synop">Synopsis</a><br>
-			<li class="inline"><a href="#descr">Description</a><br>
-			<li class="inline"><a href="#op">How NTP Operates</a><br>
-			<li class="inline"><a href="#freq">Frequency Discipline</a><br>
-			<li class="inline"><a href="#modes">Operating Modes</a><br>
-			<li class="inline"><a href="#poll">Poll Interval Control</a><br>
-			<li class="inline"><a href="#poll">Poll Interval Control</a><br>
-			<li class="inline"><a href="#notes">Notes</a><br>
-			<li class="inline"><a href="#cmd">Command Line Options</a><br>
-			<li class="inline"><a href="#cfg">The Configuration File</a><br>
-			<li class="inline"><a href="#opt">Configuration Options</a><br>
-			<li class="inline"><a href="#files">Files</a>
+			<li class="inline"><a href="#synop">Synopsis</a></li>
+			<li class="inline"><a href="#descr">Description</a></li>
+			<li class="inline"><a href="#time">Setting the Time and Frequency</a></li>
+			<li class="inline"><a href="#modes">Operating Modes</a></li>
+			<li class="inline"><a href="#poll">Poll Interval Control</a></li>
+			<li class="inline"><a href="#leap">Leap Second Processing</a></li>
+			<li class="inline"><a href="#notes">Additional Features</a></li>
+			<li class="inline"><a href="#cmd">Command Line Options</a></li>
+			<li class="inline"><a href="#cfg">The Configuration File</a></li>
+			<li class="inline"><a href="#files">Files</a></li>
 		</ul>
 		<hr>
 		<h4 id="synop">Synopsis</h4>
-		<tt>ntpd [ -46aAbdDgLmnNqx ] [ -c <i>conffile</i> ] [ -f <i>driftfile</i> ] [ -i <i>jaildir</i> ] [ -k <i>keyfile</i> ] [ -l <i>logfile</i> ] [ -p <i>pidfile</i> ] [ -P <i>priority</i> ] [ -r <i>broadcastdelay</i> ] [ -s <i>statsdir</i> ] [ -t <i>key</i> ] [ -u <i>user</i>[:<i>group</i>] ] [ -U <i>interface_update_interval</i> ] [ -v <i>variable</i> ] [ -V <i>variable</i> ]</tt>
+		<tt>ntpd [ -46aAbdDgLnNqx ] [ -c <i>conffile</i> ] [ -f <i>driftfile</i> ] [ -i <i>jaildir</i> ] [ -I <i>iface</i> ] [ -k <i>keyfile</i> ] [ -l <i>logfile</i> ] [ -p <i>pidfile</i> ] [ -P <i>priority</i> ] [ -r <i>broadcastdelay</i> ] [ -s <i>statsdir</i> ] [ -t <i>key</i> ] [ -u <i>user</i>[:<i>group</i>] ] [ -U <i>interface_update_interval</i> ] [ -v <i>variable</i> ] [ -V <i>variable</i> ]</tt>
 		<h4 id="descr">Description</h4>
-		<p>The <tt>ntpd</tt> program is an operating system daemon which sets and maintains the system time of day in synchronism with Internet standard time servers. It is a complete implementation of the Network Time Protocol (NTP) version 4, but also retains compatibility with version 3, as defined by RFC-1305, and version 1 and 2, as defined by RFC-1059 and RFC-1119, respectively. <tt>ntpd</tt> does most computations in 64-bit floating point arithmetic and does relatively clumsy 64-bit fixed point operations only when necessary to preserve the ultimate precision, about 232 picoseconds. While the ultimate precision is not achievable with ordinary workstations and networks of today, it may be required with future gigahertz CPU clocks and gigabit LANs.</p>
-		<h4 id="op">How NTP Operates</h4>
-		<p>The <tt>ntpd</tt> program operates by exchanging messages with one or more configured servers at designated poll intervals. When started, whether for the first or subsequent times, the program requires several exchanges from the majority of these servers so the signal processing and mitigation algorithms can accumulate and groom the data and set the clock. In order to protect the network from bursts, the initial poll interval for each server is delayed an interval randomized over a few seconds. At the default initial poll interval of 64s, several minutes can elapse before the clock is set. The initial delay to set the clock can be reduced using the <tt>iburst</tt> keyword with the <tt>server</tt> configuration command, as described on the <a href="confopt.html">Configuration Options</a> page.</p>
-		<p>Most operating systems and hardware of today incorporate a time-of-year (TOY) chip to maintain the time during periods when the power is off. When the machine is booted, the chip is used to initialize the operating system time. After the machine has synchronized to a NTP server, the operating system corrects the chip from time to time. In case there is no TOY chip or for some reason its time is more than 1000s from the server time, <tt>ntpd</tt> assumes something must be terribly wrong and the only reliable action is for the operator to intervene and set the clock by hand. This causes <tt>ntpd</tt> to exit with a panic message to the system log. The <tt>-g</tt> option overrides this check and the clock will be set to the server time regardless of the chip time. However, and to protect against broken hardware, such as when the CMOS battery fails or the clock counter becomes defective, once the clock has been set, an error greater than 1000s will cause <tt>ntpd</tt> to exit anyway.</p>
-		<p>Under ordinary conditions, <tt>ntpd</tt> adjusts the clock in small steps so that the timescale is effectively continuous and without discontinuities. Under conditions of extreme network congestion, the roundtrip delay jitter can exceed three seconds and the synchronization distance, which is equal to one-half the roundtrip delay plus error budget terms, can become very large. The <tt>ntpd</tt> algorithms discard sample offsets exceeding 128 ms, unless the interval during which no sample offset is less than 128 ms exceeds 900s. The first sample after that, no matter what the offset, steps the clock to the indicated time. In practice this reduces the false alarm rate where the clock is stepped in error to a vanishingly low incidence.</p>
-		<p>As the result of this behavior, once the clock has been set, it very rarely strays more than 128 ms, even under extreme cases of network path congestion and jitter. Sometimes, in particular when <tt>ntpd</tt> is first started, the error might exceed 128 ms. This may on occasion cause the clock to be set backwards if the local clock time is more than 128 s in the future relative to the server. In some applications, this behavior may be unacceptable. If the <tt>-x</tt> option is included on the command line, the clock will never be stepped and only slew corrections will be used.</p>
-		<p>The issues should be carefully explored before deciding to use the <tt>-x</tt> option. The maximum slew rate possible is limited to 500 parts-per-million (PPM) as a consequence of the correctness principles on which the NTP protocol and algorithm design are based. As a result, the local clock can take a long time to converge to an acceptable offset, about 2,000 s for each second the clock is outside the acceptable range. During this interval the local clock will not be consistent with any other network clock and the system cannot be used for distributed applications that require correctly synchronized network time.</p>
-		<p>In spite of the above precautions, sometimes when large frequency errors are present the resulting time offsets stray outside the 128-ms range and an eventual step or slew time correction is required. If following such a correction the frequency error is so large that the first sample is outside the acceptable range, <tt>ntpd</tt> enters the same state as when the <tt>ntp.drift</tt> file is not present. The intent of this behavior is to quickly correct the frequency and restore operation to the normal tracking mode. In the most extreme cases (<tt>time.ien.it</tt> comes to mind), there may be occasional step/slew corrections and subsequent frequency corrections. It helps in these cases to use the <tt>burst</tt> keyword when configuring the server.</p>
-		<h4 id="freq">Frequency Discipline</h4>
-		<p>The <tt>ntpd</tt> behavior at startup depends on whether the frequency file, usually <tt>ntp.drift</tt>, exists. This file contains the latest estimate of clock frequency error. When the <tt>ntpd</tt> is started and the file does not exist, the <tt>ntpd</tt> enters a special mode designed to quickly adapt to the particular system clock oscillator time and frequency error. This takes approximately 15 minutes, after which the time and frequency are set to nominal values and the <tt>ntpd</tt> enters normal mode, where the time and frequency are continuously tracked relative to the server. After one hour the frequency file is created and the current frequency offset written to it. When the <tt>ntpd</tt> is started and the file does exist, the <tt>ntpd</tt> frequency is initialized from the file and enters normal mode immediately. After that the current frequency offset is written to the file at hourly intervals.</p>
+		<p>The <tt>ntpd</tt> program is an operating system daemon that synchronises the system clock with remote NTP&nbsp;time servers or local reference clocks. It is a complete implementation of the Network Time Protocol (NTP) version 4, but also retains compatibility with version 3, as defined by RFC-1305, and version 1 and 2, as defined by RFC-1059 and RFC-1119, respectively. The program can operate in any of several modes, as described on the <a href="assoc.html">Association Management</a> page, and with both symmetric key and public key cryptography, as described on the <a href="manyopt.html">Authentication Options</a> page.</p>
+		<p>The <tt>ntpd</tt> program ordinarily requires a configuration file as desccribe on the Configuration Commands and Options collection above. However a client can discover remote servers and configure them automatically. This makes it possible to deploy a fleet of workstations without specifying configuration details specific to the local environment. Further details are on the <a href="manyopt.html">Automatic Server Discovery</a> page.</p>
+		<p>Once the NTP software distribution has been compiled and installed and the configuration file constructed, the next step is to verify correct operation and fix any bugs that may result. Usually, the command line that starts the daemon is included in the system startup file, so it is executed only at system boot time; however, the daemon can be stopped and restarted from root at any time. Once started, the daemon will begin sending and receiving messages, as specified in the configuration file.</p>
+		<h4 id="time">Setting the Time and Frequency</h4>
+		<p>The <tt>ntpd</tt> program operates by exchanging messages with one or more servers at designated intervals ranging from about one minute to about 17 minutes. When started, the program requires several exchanges while the algorithms accumulate and groom the data before setting the clock. The initial delay to set the clock can be reduced using options on the <a href="confopt.html">Server Options</a> page.</p>
+		<p>Most compters today incorporate a time-of-year (TOY) chip to maintain the time during periods when the power is off. When the machine is booted, the chip is used to initialize the operating system time. In case there is no TOY chip or the TOY&nbsp;time is more than 1000 s from the server&nbsp;time, <tt>ntpd</tt> assumes something must be terribly wrong and exits with a panic message to the system operator. With the <tt>-g</tt> option the clock will be initially set to the server time regardless of the chip time. However, once the clock has been set, an error greater than 1000 s will cause <tt>ntpd</tt> to exit anyway.</p>
+		<p>Under ordinary conditions, <tt>ntpd</tt> slews the clock so that the time is effectively continuous and never runs backwards. If due to extreme network congestion an error spike exceeds the <i>step threshold</i>, by default 128 ms, the spike is discarded. However, if the error persists for more than the <i>stepout threshold</i>, by default 900 s, the system clock is stepped to the correct value. In practice the need for a step has is extremely rare and almost always the result of a hardware failure. With the <tt>-x</tt> option the step threshold is increased to 600 s. Other options are available using the <tt>tinker</tt> command on the <a href="miscopt.html">Miscellaneous Options</a> page.</p>
+		<p>The issues should be carefully considered before using these options. The maximum slew rate possible is limited to 500 parts-per-million (PPM) by the Unix kernel. As a result, the clock can take 2000 s for each second the clock is outside the acceptable range. During this interval the clock will not be consistent with any other network clock and the system cannot be used for distributed applications that require correctly synchronized network time.</p>
+		<p>The frequency file, usually called <tt>ntp.drift</tt>, contains the latest estimate  of clock frequency. If this file does not exist when <tt>ntpd</tt> is started, it enters a special mode designed to measure the particular frequency directly. The measurement takes 15 minutes, after which the frequency is set and <tt>ntpd</tt> resumes normal mode where the time and frequency are continuously adjusted. The frequency file is updated at intervals of an hour or more depending on the measured clock stability.</p>
 		<h4 id="modes">Operating Modes</h4>
-		<p><tt>ntpd</tt> can operate in any of several modes, including symmetric active/passive, client/server broadcast/multicast and manycast, as described in the <a href="assoc.html">Association Management</a> page. It normally operates continuously while monitoring for small changes in frequency and trimming the clock for the ultimate precision. However, it can operate in a one-time mode where the time is set from an external server and frequency is set from a previously recorded frequency file. A broadcast/multicast or manycast client can discover remote servers, compute server-client propagation delay correction factors and configure itself automatically. This makes it possible to deploy a fleet of workstations without specifying configuration details specific to the local environment.</p>
-		<p>By default, <tt>ntpd</tt> runs in continuous mode where each of possibly several external servers is polled at intervals determined by an intricate state machine. The state machine measures the incidental roundtrip delay jitter and oscillator frequency wander and determines the best poll interval using a heuristic algorithm. Ordinarily, and in most operating environments, the state machine will start with 64s intervals and eventually increase in steps to 1024s. A small amount of random variation is introduced in order to avoid bunching at the servers. In addition, should a server become unreachable for some time, the poll interval is increased in steps to 1024s in order to reduce network overhead.</p>
-		<p>In some cases it may not be practical for <tt>ntpd</tt> to run continuously. A common workaround has been to run the <tt>ntpdate</tt> program from a <tt>cron</tt> job at designated times. However, this program does not have the crafted signal processing, error checking and mitigation algorithms of <tt>ntpd</tt>. The <tt>-q</tt> option is intended for this purpose. Setting this option will cause <tt>ntpd</tt> to exit just after setting the clock for the first time. The procedure for initially setting the clock is the same as in continuous mode; most applications will probably want to specify the <tt>iburst</tt> keyword with the <tt>server</tt> configuration command. With this keyword a volley of messages are exchanged to groom the data and the clock is set in about 10 s. If nothing is heard after a couple of minutes, the daemon times out and exits. After a suitable period of mourning, the <tt>ntpdate</tt> program may be retired.</p>
-		<p>When kernel support is available to discipline the clock frequency, which is the case for stock Solaris, Tru64, Linux and FreeBSD, a useful feature is available to discipline the clock frequency. First, <tt>ntpd</tt> is run in continuous mode with selected servers in order to measure and record the intrinsic clock frequency offset in the frequency file. It may take some hours for the frequency and offset to settle down. Then the <tt>ntpd</tt> is stopped and run in one-time mode as required. At each startup, the frequency is read from the file and initializes the kernel frequency.</p>
+		<p>The <tt>ntpd</tt> program normally operates continuously while adjusting the time and frequency, but in some cases it may not be practical to run it continuously. With the <tt>-q</tt> option <tt>ntpd</tt> operates as in continous mode, but exits just after setting the clock for the first time with the configured servers. Most applications will probably want to specify the <tt>iburst</tt> option with the <tt>server</tt> command. With this option a volley of messages is exchanged to groom the data and set the clock in about 10 s. If nothing is heard after a few minutes, the daemon times out and exits.</p>
 		<h4 id="poll">Poll Interval Control</h4>
-		<p>This version of NTP includes an intricate state machine to reduce the network load while maintaining a quality of synchronization consistent with the observed jitter and wander. There are a number of ways to tailor the operation in order enhance accuracy by reducing the interval or to reduce network overhead by increasing it. However, the user is advised to carefully consider the consequences of changing the poll adjustment range from the default minimum of 64 s to the default maximum of 1,024 s. The default minimum can be changed with the <tt>tinker minpoll</tt> command to a value not less than 16 s. This value is used for all configured associations, unless overridden by the <tt>minpoll</tt> option on the configuration command. Note that most device drivers will not operate properly if the poll interval is less than 64 s and that the broadcast server and manycast client associations will also use the default, unless overridden.</p>
-		<p>In some cases involving dial up or toll services, it may be useful to increase the minimum interval to a few tens of minutes and maximum interval to a day or so. Under normal operation conditions, once the clock discipline loop has stabilized the interval will be increased in steps from the minimum to the maximum. However, this assumes the intrinsic clock frequency error is small enough for the discipline loop correct it. The capture range of the loop is 500 PPM at an interval of 64s decreasing by a factor of two for each doubling of interval. At a minimum of 1,024 s, for example, the capture range is only 31 PPM. If the intrinsic error is greater than this, the drift file <tt>ntp.drift</tt> will have to be specially tailored to reduce the residual error below this limit. Once this is done, the drift file is automatically updated once per hour and is available to initialize the frequency on subsequent daemon restarts.</p>
+		<p>NTP uses an intricate heuristic algorithm to automatically control the poll interval for maximum accuracy consistent with minimum network overhead. The algorithm measures the incidental offset and jitter to determine the best poll interval. When <tt>ntpd</tt> starts, the interval is the default minimum 64 s. Under normal conditions when the clock discipline has stabilized, the interval increases in steps to the default maximum 1024 s. In addition, should a server become unreachable after some time, the interval increases in steps to the maximum in order to reduce network overhead.</p>
+		<p>The default poll interval range is suitable for most conditions, but can be changed using options on the <a href="confopt.html">Server Options</a> and <a href="miscopt.html">Miscellaneous Options</a> pages. However, when using maximum intervals much larger than the default, the residual clock frequency error must be small enough for the discipline loop to capture and correct. The capture range is 500 PPM with a 64-s interval decreasing by a factor of two for each interval doubling. At a 36-hr interval, for example, the capture range is only 0.24 PPM.</p>
 		<h4 id="huff">The huff-n'-puff Filter</h4>
-		<p>In scenarios where a considerable amount of data are to be downloaded or uploaded over telephone modems, timekeeping quality can be seriously degraded. This occurs because the differential delays on the two directions of transmission can be quite large. In many cases the apparent time errors are so large as to exceed the step threshold and a step correction can occur during and after the data transfer is in progress.</p>
-		<p>The huff-n'-puff filter is designed to correct the apparent time offset in these cases. It depends on knowledge of the propagation delay when no other traffic is present. In common scenarios this occurs during other than work hours. The filter maintains a shift register that remembers the minimum delay over the most recent interval measured usually in hours. Under conditions of severe delay, the filter corrects the apparent offset using the sign of the offset and the difference between the apparent delay and minimum delay. The name of the filter reflects the negative (huff) and positive (puff) correction, which depends on the sign of the offset.</p>
-		<p>The filter is activated by the <tt>tinker</tt> command and <tt>huffpuff</tt> keyword, as described in the <a href="miscopt.html">Miscellaneous Options</a> page.</p>
-		<h4 id="notes">Notes</h4>
-		<p>If NetInfo support is built into <tt>ntpd</tt>, then <tt>ntpd</tt> will attempt to read its configuration from the NetInfo if the default ntp.conf file cannot be read and no file is specified by the <tt>-c</tt> option.</p>
+		<p>In scenarios where a considerable amount of data are to be downloaded or uploaded over telephone modems, timekeeping quality can be seriously degraded. This occurs because the differential delays on the two directions of transmission can be quite large. In many cases the apparent time errors are so large as to exceed the step threshold and a step correction can occur during and after the data transfer.</p>
+		<p>The huff-n'-puff filter is designed to correct the apparent time offset in these cases. It depends on knowledge of the propagation delay when no other traffic is present, such as during other than work hours. The filter remembers the minimum delay over the most recent interval measured usually in hours. Under conditions of severe delay, the filter corrects the apparent offset using the sign of the offset and the difference between the apparent delay and minimum delay. The name of the filter reflects the negative (huff) and positive (puff) correction, which depends on the sign of the offset. The filter is activated by the <tt>tinker huffpuff</tt> command, as described in the <a href="miscopt.html">Miscellaneous Options</a> page.</p>
+		<h4 id="leap">Leap Second Processing</h4>
+		<p>As provided by international agreement, an extra second is sometimes inserted
+			in Coordinated Universal Time (UTC) at the end of a selected month,
+			usually June or December. The National Institutes of Standards and
+			Technology (NIST) provides an historic leapseconds file at <tt>time.nist.gov</tt> for
+			retrieval via FTP. When this file, usually called <tt>ntp-leapseconds.list</tt>,
+			is copied and installed in a directory. 
+			The <tt>leapfile</tt> configuration command  specifies the path to
+			this file. At startup, <tt>ntpd</tt> reads
+			it  and initializes three leapsecond values: the NTP seconds
+			at the next leap event, the offset of UTC relative to International
+			Atomic Time (TAI) after the leap and the NTP seconds when the leapseconds
+			file expires and should be retrieved again.</p>
+	<p>If a host does not have the leapsecond values, they can be obtained over the net using the Autokey security protocol. Ordinarily, the leapseconds file is installed on the primary servers and the values flow from them via secondary servers to the clients. When multiple servers are involved, the values with the latest expiration time are used.</p>
+		<p>If the latest leap is in the past, nothing further is done other than to install the TAI offset. If the leap is in the future less than 28 days, the leap warning bits are set. If in the future less than 23 hours, the kernel is armed to insert one second at the end of the current day. If the kernel is enabled, the leap is done automatically at that time; otherwise, the clock is effectively stopped for one second at the leap. Additional details are in the <a href='http://www.eecis.udel.edu/~mills/leap.html'>The NTP Timescale and Leap Seconds</a> white paper</p>
+		<p>If none of the above provisions are available, dsependent servers and clients
+			tally the leap warning bits of surviving servers and reference clocks.
+			When a majority of the survivors show warning, a leap is programmed
+			at the end of the current month. During the month and day of insertion,
+			they operate as above. In this way the leap is is propagated at all
+			dependent servers and clients.</p>
+	<h4 id="notes">Additional Features</h4>
+		<p>A new experimental feature called interleaved modes can be used  in NTP
+			symmetric or broadcast modes. It is designed to improve accuracy
+			by avoiding kernel latency and queueing delay, as described on the <a href="xleave.html">NTP
+			Interleaved Modes</a> page. It is activated by the <tt>xleave</tt> option
+			with the <tt>peer</tt> or <tt>broadcast</tt> configuration commands. The NTP
+			protocol automatically reconfigures in normal or interleaved mode
+			as required. Ordinary broadcast clients can use the same servers
+			as interleaved clients at the same time. Further details are in the
+			white paper <a href="http://www.eecis.udel.edu/~mills/onwire.html">NTP
+			Interleaved On-Wire Protocol</a> and the briefing <a href="http://www.eecis.udel.edu/~mills/database/brief/onwire/onwire.ppt">Interleaved
+			Synchronization Protocols for LANs and Space Data Links</a>.</p>
+		<p>If <tt>ntpd</tt>, is configured with NetInfo support, it will attempt to read its configuration from the NetInfo service if the default <tt>ntp.conf</tt> file cannot be read and no file is specified by the <tt>-c</tt> option.</p>
 		<p>In contexts where a host name is expected, a <tt>-4</tt> qualifier preceding the host name forces DNS resolution to the IPv4 namespace, while a <tt>-6</tt> qualifier forces DNS resolution to the IPv6 namespace.</p>
 		<p>Various internal <tt>ntpd</tt> variables can be displayed and configuration options altered while the <tt>ntpd</tt> is running using the <tt><a href="ntpq.html">ntpq</a></tt> and <tt><a href="ntpdc.html">ntpdc</a></tt> utility programs.</p>
 		<p>When <tt>ntpd</tt> starts it looks at the value of <tt>umask</tt>, and if zero <tt>ntpd</tt> will set the <tt>umask</tt> to <tt>022</tt>.</p>
+		<p>Unless the <tt>-n</tt>, <tt>-d</tt> or <tt>-D</tt> option is used, <tt>ntpd</tt> changes the current working directory to the root directory, so any options or commands specifying paths need to use an absolute path or a path relative to the root.</p>
 		<h4 id="cmd">Command Line Options</h4>
 		<dl>
-			<dt><tt>-a</tt>
-			<dd>Require cryptographic authentication for broadcast client, multicast client and symmetric passive associations. This is the default.
-			<dt><tt>-A</tt>
-			<dd>Do not require cryptographic authentication for broadcast client, multicast client and symmetric passive associations. This is almost never a good idea.
-			<dt><tt>-b</tt>
-			<dd>Enable the client to synchronize to broadcast servers.
-			<dt><tt>-c <i>conffile</i></tt>
-			<dd>Specify the name and path of the configuration file, default <tt>/etc/ntp.conf</tt>.
-			<dt><tt>-d</tt>
-			<dd>Specify debugging mode. This option may occur more than once, with each occurrence indicating greater detail of display.
-			<dt><tt>-D <i>level</i></tt>
-			<dd>Specify debugging level directly.
-			<dt><tt>-f <i>driftfile</i></tt>
-			<dd>Specify the name and path of the frequency file, default <tt>/etc/ntp.drift</tt>. This is the same operation as the <tt>driftfile <i>driftfile</i></tt> configuration command.
-			<dt><tt>-g</tt>
-			<dd>Normally, <tt>ntpd</tt> exits with a message to the system log if the offset exceeds the panic threshold, which is 1000 s by default. This option allows the time to be set to any value without restriction; however, this can happen only once. If the threshold is exceeded after that, <tt>ntpd</tt> will exit with a message to the system log. This option can be used with the <tt>-q</tt> and <tt>-x</tt> options. See the <tt>tinker</tt> command for other options.
-			<dt><tt>-i <i>jaildir</i></tt>
-			<dd>Chroot the server to the directory <i>jaildir</i>. This option also implies that the server attempts to drop root privileges at startup (otherwise, chroot gives very little additional security), and it is only available if the OS supports to run the server without full root privileges. You may need to also specify a <tt>-u</tt> option.
-			<dt><tt>-k <i>keyfile</i></tt>
-			<dd>Specify the name and path of the symmetric key file, default <tt>/etc/ntp.keys</tt>. This is the same operation as the <tt>keys <i>keyfile</i></tt> configuration command.
-			<dt><tt>-l <i>logfile</i></tt>
-			<dd>Specify the name and path of the log file. The default is the system log file. This is the same operation as the <tt>logfile <i>logfile</i></tt> configuration command.
-			<dt><tt>-L</tt>
-			<dd>Do not listen to virtual IPs. The default is to listen.
-			<dt><tt>-n</tt>
-			<dd>Don't fork.
-			<dt><tt>-N</tt>
-			<dd>To the extent permitted by the operating system, run the <tt>ntpd</tt> at the highest priority.
-			<dt><tt>-p <i>pidfile</i></tt>
-			<dd>Specify the name and path of the file used to record the <tt>ntpd</tt> process ID. This is the same operation as the <tt>pidfile <i>pidfile</i></tt> configuration command.
-			<dt><tt>-P <i>priority</i></tt>
-			<dd>To the extent permitted by the operating system, run the <tt>ntpd</tt> at the specified priority.
-			<dt><tt>-q</tt>
-			<dd>Exit the <tt>ntpd</tt> just after the first time the clock is set. This behavior mimics that of the <tt>ntpdate</tt> program, which is to be retired. The <tt>-g</tt> and <tt>-x</tt> options can be used with this option. Note:&nbsp;The kernel time discipline is disabled with this option.
-			<dt><tt>-r <i>broadcastdelay</i></tt>
-			<dd>Specify the default propagation delay from the broadcast/multicast server to this client. This is necessary only if the delay cannot be computed automatically by the protocol.
-			<dt><tt>-s <i>statsdir</i></tt>
-			<dd>Specify the directory path for files created by the statistics facility. This is the same operation as the <tt>statsdir <i>statsdir</i></tt> configuration command.
-			<dt><tt>-t <i>key</i></tt>
-			<dd>Add a key number to the trusted key list. This option can occur more than once.
-			<dt><tt>-u <i>user[:group]</i> </tt>
-			<dd>Specify a user, and optionally a group, to switch to. This option is only available if the OS supports to run the server without full root privileges. Currently, this option is supported under NetBSD (configure with --enable-clockctl) and Linux (configure with --enable-linuxcaps).
-			<dt><tt>-U <i>interface update interval</i></tt>
+			<dt><tt>-4</tt>
+			<dd>Force DNS resolution of host names to the IPv4 namespace.
+			<dt><tt>-6</tt>
+			<dd>Force DNS resolution of host names to the IPv6 namespace.
+			<dt><tt>-a</tt></dt>
+			<dd>Require cryptographic authentication for broadcast client, multicast client and symmetric passive associations. This is the same operation as the <tt>enable auth</tt> command and is the default.</dd>
+			<dt><tt>-A</tt></dt>
+			<dd>Do not require cryptographic authentication for broadcast client, multicast client and symmetric passive associations. This is the same operation as the <tt>disable auth</tt> command and almost never a good idea.</dd>
+			<dt><tt>-b</tt></dt>
+			<dd>Enable the client to synchronize to broadcast servers.</dd>
+			<dt><tt>-c <i>conffile</i></tt></dt>
+			<dd>Specify the name and path of the configuration file, default <tt>/etc/ntp.conf</tt>.</dd>
+			<dt><tt>-d</tt></dt>
+			<dd>Specify debugging mode. This option may occur more than once, with each occurrence indicating greater detail of display.</dd>
+			<dt><tt>-D <i>level</i></tt></dt>
+			<dd>Specify debugging level directly.</dd>
+			<dt><tt>-f <i>driftfile</i></tt></dt>
+			<dd>Specify the name and path of the frequency file. This is the same operation as the <tt>driftfile <i>driftfile</i></tt> command.</dd>
+			<dt><tt>-g</tt></dt>
+			<dd>Normally, <tt>ntpd</tt> exits with a message to the system log if the offset exceeds the panic threshold, which is 1000 s by default. This option allows the time to be set to any value without restriction; however, this can happen only once. If the threshold is exceeded after that, <tt>ntpd</tt> will exit with a message to the system log. This option can be used with the <tt>-q</tt> and <tt>-x</tt> options. See the <tt>tinker</tt> command for other options.</dd>
+			<dt><tt>-i <i>jaildir</i></tt></dt>
+			<dd>Chroot the server to the directory <i><tt>jaildir</tt></i>. This option also implies that the server attempts to drop root privileges at startup (otherwise, chroot gives very little additional security), and it is only available if the OS supports to run the server without full root privileges. You may need to also specify a <tt>-u</tt> option.</dd>
+			<dt id="--interface"><tt>-I [<i>address</i> | <i>interface name</i>]</tt></dt>
+			<dd>Open the network address given, or all the addresses associated with the given interface name. This option may appear multiple times. This option also implies not opening other addresses, except wildcard and localhost. This option is deprecated. Please consider using the configuration file <a href="miscopt.html#interface">interface</a> command, which is more versatile.</dd>
+			<dt><tt>-k <i>keyfile</i></tt></dt>
+			<dd>Specify the name and path of the symmetric key file. This is the same operation as the <tt>keys <i>keyfile</i></tt>  command.</dd>
+			<dt><tt>-l <i>logfile</i></tt></dt>
+			<dd>Specify the name and path of the log file. The default is the system log file. This is the same operation as the <tt>logfile <i>logfile</i></tt> command.</dd>
+			<dt id="--novirtualips"><tt>-L</tt></dt>
+			<dd>Do not listen to virtual interfaces, defined as those with names containing a colon. This option is deprecated. Please consider using the configuration file <a href="miscopt.html#interface">interface</a> command, which is more versatile.</dd>
+			<dt><tt>-M</tt></dt>
+			<dd>Raise scheduler precision to its maximum (1 msec) using timeBeginPeriod. (Windows only)</dd>
+			<dt><tt>-n</tt></dt>
+			<dd>Don't fork.</dd>
+			<dt><tt>-N</tt></dt>
+			<dd>To the extent permitted by the operating system, run the <tt>ntpd</tt> at the highest priority.</dd>
+			<dt><tt>-p <i>pidfile</i></tt></dt>
+			<dd>Specify the name and path of the file used to record the <tt>ntpd</tt> process ID. This is the same operation as the <tt>pidfile <i>pidfile</i></tt> command.</dd>
+			<dt><tt>-P <i>priority</i></tt></dt>
+			<dd>To the extent permitted by the operating system, run the <tt>ntpd</tt> at the specified priority.</dd>
+			<dt><tt>-q</tt></dt>
+			<dd>Exit the <tt>ntpd</tt> just after the first time the clock is set. This behavior mimics that of the <tt>ntpdate</tt> program, which is to be retired. The <tt>-g</tt> and <tt>-x</tt> options can be used with this option. Note: The kernel time discipline is disabled with this option.</dd>
+			<dt><tt>-r <i>broadcastdelay</i></tt></dt>
+			<dd>Specify the default propagation delay from the broadcast/multicast server to this client. This is necessary only if the delay cannot be computed automatically by the protocol.</dd>
+			<dt><tt>-s <i>statsdir</i></tt></dt>
+			<dd>Specify the directory path for files created by the statistics facility. This is the same operation as the <tt>statsdir <i>statsdir</i></tt> command.</dd>
+			<dt><tt>-t <i>key</i></tt></dt>
+			<dd>Add a key number to the trusted key list. This option can occur more than once. This is the same operation as the <tt>trustedkey <i>key</i></tt> command.</dd>
+			<dt><tt>-u <i>user[:group]</i> </tt></dt>
+			<dd>Specify a user, and optionally a group, to switch to. This option is only available if the OS supports running the server without full root privileges. Currently, this option is supported under NetBSD (configure with <tt>--enable-clockctl</tt>) and Linux (configure with --<tt>enable-linuxcaps</tt>).</dd>
+			<dt><tt>-U <i>interface update interval</i></tt></dt>
 			<dd>Number of seconds to wait between interface list scans to pick up new and delete network interface. Set to 0 to disable dynamic interface list updating. The default is to scan every 5 minutes.</dd>
-			<dt><tt>-v <i>variable</i></tt>
-			<dt><tt>-V <i>variable</i></tt>
-			<dd>Add a system variable listed by default.
-			<dt><tt>-x</tt>
-			<dd>Normally, the time is slewed if the offset is less than the step threshold, which is 128 ms by default, and stepped if above the threshold. This option sets the threshold to 600 s, which is well within the accuracy window to set the clock manually. Note: Since the slew rate of typical Unix kernels is limited to 0.5 ms/s, each second of adjustment requires an amortization interval of 2000 s. Thus, an adjustment as much as 600 s will take almost 14 days to complete. This option can be used with the <tt>-g</tt> and <tt>-q</tt> options. See the <tt>tinker</tt> command for other options. Note:&nbsp;The kernel time discipline is disabled with this option.
-		</dl>
+			<dt><tt>-v <i>variable</i></tt></dt>
+			<dt><tt>-V <i>variable</i></tt></dt>
+			<dd>Add a system variable listed by default.</dd>
+			<dt><tt>-x</tt></dt>
+			<dd>Normally, the time is slewed if the offset is less than the step threshold, which is 128 ms by default, and stepped if above the threshold. This option sets the threshold to 600 s, which is well within the accuracy window to set the clock manually. Note: Since the slew rate of typical Unix kernels is limited to 0.5 ms/s, each second of adjustment requires an amortization interval of 2000 s. Thus, an adjustment as much as 600 s will take almost 14 days to complete. This option can be used with the <tt>-g</tt> and <tt>-q</tt> options. See the <tt>tinker</tt> command for other options. Note: The kernel time discipline is disabled with this option.</dd>
+			<dt><tt>--pccfreq <i>frequency</i></tt></dt>
+			<dd>Substitute processor cycle counter for QueryPerformanceCounter unconditionally
+				using the given frequency (in Hz). <tt>--pccfreq</tt> can be used on systems
+				which do not use the PCC to implement QueryPerformanceCounter
+				and have a fixed PCC frequency. The frequency specified must
+				be accurate within 0.5 percent. <tt>--usepcc</tt> is equivalent on many systems and should
+				be tried first, as it does not require determining the frequency
+				of the processor cycle counter. For x86-compatible processors, the PCC is
+				also referred to as <tt>RDTSC</tt>, which is the assembly-language instruction to retrieve
+				the current value.&nbsp; (Windows only)</dd>
+			<dt><tt>--usepcc</tt></dt>
+			<dd>Substitute processor cycle counter for QueryPerformanceCounter if they
+				appear equivalent. This option should be used only if the PCC
+				frequency is fixed. Power-saving functionality on many laptops varies the
+			PCC frequency. (Windows only)</dd>
+	</dl>
 		<h4 id="cfg">The Configuration File</h4>
-		<p>Ordinarily, <tt>ntpd</tt> reads the <tt>ntp.conf</tt> configuration file at startup time in order to determine the synchronization sources and operating modes. It is also possible to specify a working, although limited, configuration entirely on the command line, obviating the need for a configuration file. This may be particularly useful when the local host is to be configured as a broadcast/multicast client, with all peers being determined by listening to broadcasts at run time.</p>
-		<p>Usually, the configuration file is installed in the <tt>/etc</tt> directory, but could be installed elsewhere (see the <tt>-c <i>conffile</i></tt> command line option). The file format is similar to other Unix configuration files - comments begin with a <tt>#</tt> character and extend to the end of the line; blank lines are ignored.</p>
-		<p>Configuration commands consist of an initial keyword followed by a list of arguments, some of which may be optional, separated by whitespace. Commands may not be continued over multiple lines. Arguments may be host names, host addresses written in numeric, dotted-quad form, integers, floating point numbers (when specifying times in seconds) and text strings. Optional arguments are delimited by <tt>[ ]</tt> in the following descriptions, while alternatives are separated by <tt>|</tt>. The notation <tt>[ ... ]</tt> means an optional, indefinite repetition of the last item before the <tt>[ ... ]</tt>.</p>
-		<h4 id="opt">Configuration Options</h4>
-		<p><a href="confopt.html">Server Options</a><br>
-			<a href="authopt.html">Authentication Options</a><br>
-			<a href="monopt.html">Monitoring Options</a><br>
-			<a href="accopt.html">Access Control Options</a><br>
-			<a href="manyopt.html">Automatic NTP Configuration Options</a><br>
-			<a href="clockopt.html">Reference Clock Options</a><br>
-			<a href="miscopt.html">Miscellaneous Options</a></p>
+		<p>Ordinarily, <tt>ntpd</tt> reads the <tt>ntp.conf</tt> configuration file at startup in order to determine the synchronization sources and operating modes. It is also possible to specify a working, although limited, configuration entirely on the command line, obviating the need for a configuration file. This may be particularly useful when the local host is to be configured as a broadcast client, with servers determined by listening to broadcasts at run time.</p>
+		<p>Usually, the configuration file is installed as<tt>/etc/ntp.conf</tt>, but could be installed elsewhere (see the <tt>-c <i>conffile</i></tt> command line option). The file format is similar to other Unix configuration files - comments begin with a <tt>#</tt> character and extend to the end of the line; blank lines are ignored.</p>
+		<p>Configuration commands consist of an initial command keyword followed by a list of option keywords separated by whitespace. Commands may not be continued over multiple lines. Options may be host names, host addresses written in numeric, dotted-quad form, integers, floating point numbers (when specifying times in seconds) and text strings. Optional arguments are delimited by <tt>[ ]</tt> in the options pages, while alternatives are separated by <tt>|</tt>. The notation <tt>[ ... ]</tt> means an optional, indefinite repetition of the last item before the <tt>[ ... ]</tt>.</p>
 		<h4 id="files">Files</h4>
 		<table width="100%" border="1">
 			<tr>
@@ -143,11 +184,17 @@
 			</tr>
 			<tr>
 				<td width="30%">frequency file</td>
-				<td width="30%"><tt>/etc/ntp.drift</tt></td>
+				<td width="30%">none</td>
 				<td width="20%"><tt>-f</tt></td>
 				<td width="20%"><tt>driftfile</tt></td>
 			</tr>
 			<tr>
+				<td width="30%">leapseconds file</td>
+				<td width="30%">none</td>
+				<td width="20%"></td>
+				<td width="20%"><tt>leapfile</tt></td>
+			</tr>
+			<tr>
 				<td width="30%">process ID file</td>
 				<td width="30%">none</td>
 				<td width="20%"><tt>-p</tt></td>
@@ -178,6 +225,9 @@
 				<td width="20%"><tt>keysdir</tt></td>
 			</tr>
 		</table>
+		<h4 id="codes">Exit Codes</h4>
+		<p>A non-zero exit code indicates an error. Any error messages are logged to the system log by default.</p>
+		<p>The exit code is 0 only when <tt>ntpd</tt> is terminated by a signal, or when the <tt>-q</tt> option is used and <tt>ntpd</tt> successfully sets the system clock.</p>
 		<hr>
 		<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
 	</body>
diff --git a/html/ntpdate.html b/html/ntpdate.html
index 30d8cad..01d659f 100644
--- a/html/ntpdate.html
+++ b/html/ntpdate.html
@@ -18,9 +18,9 @@
 		<hr>
 		<p>Disclaimer: The functionality of this program is now available in the <tt>ntpd</tt> program. See the <tt>-q</tt> command line option in the <a href="ntpd.html"><tt>ntpd</tt> - Network Time Protocol (NTP) daemon</a> page. After a suitable period of mourning, the <tt>ntpdate</tt> program is to be retired from this distribution</p>
 		<h4>Synopsis</h4>
-		<tt>ntpdate [ -bBdoqsuv ] [ -a <i>key</i> ] [ -e <i>authdelay</i> ] [ -k <i>keyfile</i> ] [ -o <i>version</i> ] [ -p <i>samples</i> ] [ -t <i>timeout</i> ] <i>server</i> [ ... ]</tt>
+		<tt>ntpdate [ -46bBdqsuv ] [ -a <i>key</i> ] [ -e <i>authdelay</i> ] [ -k <i>keyfile</i> ] [ -o <i>version</i> ] [ -p <i>samples</i> ] [ -t <i>timeout</i> ] <i>server</i> [ ... ]</tt>
 		<h4>Description</h4>
-		<tt>ntpdate</tt> sets the local date and time by polling the Network Time Protocol (NTP) server(s) given as the <i>server</i> arguments to determine the correct time. It must be run as root on the local host. A number of samples are obtained from each of the servers specified and a subset of the NTP clock filter and selection algorithms are applied to select the best of these. Note that the accuracy and reliability of <tt>ntpdate</tt> depends on the number of servers, the number of polls each time it is run and the interval between runs.
+		<p><tt>ntpdate</tt> sets the local date and time by polling the Network Time Protocol (NTP) server(s) given as the <i>server</i> arguments to determine the correct time. It must be run as root on the local host. A number of samples are obtained from each of the servers specified and a subset of the NTP clock filter and selection algorithms are applied to select the best of these. Note that the accuracy and reliability of <tt>ntpdate</tt> depends on the number of servers, the number of polls each time it is run and the interval between runs.</p>
 		<p><tt>ntpdate</tt> can be run manually as necessary to set the host clock, or it can be run from the host startup script to set the clock at boot time. This is useful in some cases to set the clock initially before starting the NTP daemon <tt>ntpd</tt>. It is also possible to run <tt>ntpdate</tt> from a <tt>cron</tt> script. However, it is important to note that <tt>ntpdate</tt> with contrived <tt>cron</tt> scripts is no substitute for the NTP daemon, which uses sophisticated algorithms to maximize accuracy and reliability while minimizing resource use. Finally, since <tt>ntpdate</tt> does not discipline the host clock frequency as does <tt>ntpd</tt>, the accuracy using <tt>ntpdate</tt> is limited.</p>
 		<p>Time adjustments are made by <tt>ntpdate</tt> in one of two ways. If <tt>ntpdate</tt> determines the clock is in error more than 0.5 second it will simply step the time by calling the system <tt>settimeofday()</tt> routine. If the error is less than 0.5 seconds, it will slew the time by calling the system <tt>adjtime()</tt> routine. The latter technique is less disruptive and more accurate when the error is small, and works quite well when <tt>ntpdate</tt> is run by <tt>cron</tt> every hour or two.</p>
 		<p><tt>ntpdate</tt> will decline to set the date if an NTP server daemon (e.g., <tt>ntpd</tt>) is running on the same host. When running <tt>ntpdate</tt> on a regular basis from <tt>cron</tt> as an alternative to running a daemon, doing so once every hour or two will result in precise enough timekeeping to avoid stepping the clock.</p>
@@ -33,9 +33,9 @@
 			<dt><tt>-6</tt>
 			<dd>Force DNS resolution of following host names on the command line to the IPv6 namespace.
 			<dt><tt>-a <i>key</i></tt>
-			<dd>Enable the authentication function and specify the key identifier to be used for authentication as the argument <i>key</i><tt>ntpdate</tt>. The keys and key identifiers must match in both the client and server key files. The default is to disable the authentication function.
+			<dd>Enable the authentication function and specify the key identifier to be used for authentication as the argument <i>key</i>. The keys and key identifiers must match in both the client and server key files. The default is to disable the authentication function.
 			<dt><tt>-B</tt>
-			<dd>Force the time to always be slewed using the adjtime() system call, even if the measured offset is greater than +-128 ms. The default is to step the time using settimeofday() if the offset is greater than +-128 ms. Note that, if the offset is much greater than +-128 ms in this case, that it can take a long time (hours) to slew the clock to the correct value. During this time. the host should not be used to synchronize clients.
+			<dd>Force the time to always be slewed using the adjtime() system call, even if the measured offset is greater than +-500 ms. The default is to step the time using settimeofday() if the offset is greater than +-500 ms. Note that, if the offset is much greater than +-500 ms in this case, that it can take a long time (hours) to slew the clock to the correct value. During this time. the host should not be used to synchronize clients.
 			<dt><tt>-b</tt>
 			<dd>Force the time to be stepped using the settimeofday() system call, rather than slewed (default) using the adjtime() system call. This option should be used when called from a startup file at boot time.
 			<dt><tt>-d</tt>
@@ -45,7 +45,7 @@
 			<dt><tt>-k <i>keyfile</i></tt>
 			<dd>Specify the path for the authentication key file as the string <i>keyfile</i>. The default is <tt>/etc/ntp.keys</tt>. This file should be in the format described in <tt>ntpd</tt>.
 			<dt><tt>-o <i>version</i></tt>
-			<dd>Specify the NTP version for outgoing packets as the integer <i>version</i>, which can be 1 or 2. The default is 3. This allows <tt>ntpdate</tt> to be used with older NTP versions.
+			<dd>Specify the NTP version for outgoing packets as the integer <i>version</i>, which can be 1 or 2. The default is 4. This allows <tt>ntpdate</tt> to be used with older NTP versions.
 			<dt><tt>-p <i>samples</i></tt>
 			<dd>Specify the number of samples to be acquired from each server as the integer <i>samples</i>, with values from 1 to 8 inclusive. The default is 4.
 			<dt><i><tt>-q</tt></i>
@@ -55,7 +55,7 @@
 			<dt><tt>-t <i>timeout</i></tt>
 			<dd>Specify the maximum time waiting for a server response as the value <i>timeout</i>, in seconds and fraction. The value is is rounded to a multiple of 0.2 seconds. The default is 1 second, a value suitable for polling across a LAN.
 			<dt><tt>-u</tt>
-			<dd>Direct <tt>ntpdate</tt> to use an unprivileged port or outgoing packets. This is most useful when behind a firewall that blocks incoming traffic to privileged ports, and you want to synchronise with hosts beyond the firewall. Note that the <tt>-d</tt> option always uses unprivileged ports.
+			<dd>Direct <tt>ntpdate</tt> to use an unprivileged port for outgoing packets. This is most useful when behind a firewall that blocks incoming traffic to privileged ports, and you want to synchronize with hosts beyond the firewall. Note that the <tt>-d</tt> option always uses unprivileged ports.
 			<dt><tt>-<i>v</i></tt>
 			<dd>Be verbose. This option will cause <tt>ntpdate</tt>'s version identification string to be logged.
 		</dl>
diff --git a/html/ntpdc.html b/html/ntpdc.html
index 92fde1d..2908653 100644
--- a/html/ntpdc.html
+++ b/html/ntpdc.html
@@ -13,15 +13,15 @@
 		<h3><tt>ntpdc</tt> - special NTP query program</h3>
 		<img src="pic/alice31.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/~mills/pictures.html">from <i>Alice's Adventures in Wonderland</i>, Lewis Carroll</a>
 		<p>This program is a big puppy.</p>
-		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="99">04:11 AM</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="294">Monday, November 27, 2006</csobj></p>
+		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">01:11</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="308">Saturday, November 24, 2007</csobj></p>
 		<br clear="left">
 		<h4>More Help</h4>
-		<script type="text/javascript" language="javascript" src="scripts/links12.txt"></script>
+		<script type="text/javascript" language="javascript" src="scripts/manual.txt"></script>
 		<hr>
 		<h4>Synopsis</h4>
-		<tt>ntpdc [ -ilnps ] [ -c <i>command</i> ] [ <i>host</i> ] [ ... ]</tt>
+		<tt>ntpdc [ -46dilnps ] [ -c <i>command</i> ] [ <i>host</i> ] [ ... ]</tt>
 		<h4>Description</h4>
-		<tt>ntpdc</tt> is used to query the <tt>ntpd</tt> daemon about its current state and to request changes in that state. The program may be run either in interactive mode or controlled using command line arguments. Extensive state and statistics information is available through the <tt>ntpdc</tt> interface. In addition, nearly all the configuration options which can be specified at startup using ntpd's configuration file may also be specified at run time using <tt>ntpdc</tt>.
+		<p><tt>ntpdc</tt> is used to query the <tt>ntpd</tt> daemon about its current state and to request changes in that state. The program may be run either in interactive mode or controlled using command line arguments. Extensive state and statistics information is available through the <tt>ntpdc</tt> interface. In addition, nearly all the configuration options which can be specified at startup using ntpd's configuration file may also be specified at run time using <tt>ntpdc</tt>.</p>
 		<p>If one or more request options are included on the command line when <tt>ntpdc</tt> is executed, each of the requests will be sent to the NTP servers running on each of the hosts given as command line arguments, or on localhost by default. If no request options are given, <tt>ntpdc</tt> will attempt to read commands from the standard input and execute these on the NTP server running on the first host given on the command line, again defaulting to localhost when no other host is specified. <tt>ntpdc</tt> will prompt for commands if the standard input is a terminal device.</p>
 		<p><tt>ntpdc</tt> uses NTP mode 7 packets to communicate with the NTP server, and hence can be used to query any compatible server on the network which permits it. Note that since NTP is a UDP protocol this communication will be somewhat unreliable, especially over large distances in terms of network topology. <tt>ntpdc</tt> makes no attempt to retransmit requests, and will time requests out if the remote host is not heard from within a suitable timeout time.</p>
 		<p>The operation of <tt>ntpdc</tt> are specific to the particular implementation of the <tt>ntpd</tt> daemon and can be expected to work only with this and maybe some previous versions of the daemon. Requests from a remote <tt>ntpdc</tt> program which affect the state of the local server must be authenticated, which requires both the remote program and local server share a common key and key identifier.</p>
@@ -35,6 +35,8 @@
 			<dd>Force DNS resolution of following host names on the command line to the IPv6 namespace.
 			<dt><tt>-c <i>command</i></tt>
 			<dd>The following argument is interpreted as an interactive format command and is added to the list of commands to be executed on the specified host(s). Multiple -c options may be given.
+			<dt><tt>-d</tt>
+			<dd>Turn on debugging mode.
 			<dt><tt>-i</tt>
 			<dd>Force <tt>ntpdc</tt> to operate in interactive mode. Prompts will be written to the standard output and commands read from the standard input.
 			<dt><tt>-l</tt>
@@ -134,11 +136,11 @@
 		<dt><tt>addpeer <i>peer_address</i> [
 		<i>keyid</i> ] [ <i>version</i> ] [
 		<tt>minpoll# | prefer | iburst  | burst | minpoll
-		<i>N</i> | <tt>maxpoll</tt> <i>N</i> [...] ]</tt>
+		<i>N</i> | <tt>maxpoll</tt> <i>N</i> [...] </tt> ]</tt>
 		<dt><tt>addpeer <i>peer_address</i> [
 		<tt>prefer | iburst | burst | minpoll
 		<i>N</i> | <tt>maxpoll</tt> <i>N</i> | <tt>keyid</tt>
-			<i>N</i> | <tt>version</tt> <i>N</i> [...] ]</tt>
+			<i>N</i> | <tt>version</tt> <i>N</i> [...] </tt> ]</tt>
 			<dd>Add a configured peer association at the
 			given address and operating in symmetric
 			active mode. Note that an existing association
@@ -163,14 +165,15 @@
 			ntpd.  See the <a href="confopt.html">Server Options</a> page for further information.
 			Each flag (or its absence) replaces the
 			previous setting. The <tt>prefer</tt> keyword indicates a preferred peer (and thus will be used primarily for clock synchronisation if possible). The preferred peer also determines the validity of the PPS signal - if the preferred peer is suitable for synchronisation so is the PPS signal.
+			The <tt>dynamic</tt> keyword allows association configuration even when no suitable network interface is found at configuration time. The dynamic interface update mechanism may complete the configuration when new interfaces appear (e.g. WLAN/PPP interfaces) at a later time and thus render the association operable.
 			<dt><tt>addserver <i>peer_address</i> [
 		<i>keyid</i> ] [ <i>version</i> ] [
 		<tt>minpoll# | prefer | iburst  | burst | minpoll
-		<i>N</i> | <tt>maxpoll</tt> <i>N</i> [...] ]</tt>
+		<i>N</i> | <tt>maxpoll</tt> <i>N</i> [...] </tt> ]</tt>
 		<dt><tt>addserver <i>peer_address</i> [
 		<tt>prefer | iburst | burst | minpoll
 		<i>N</i> | <tt>maxpoll</tt> <i>N</i> | <tt>keyid</tt>
-			<i>N</i> | <tt>version</tt> <i>N</i> [...] ]</tt>
+			<i>N</i> | <tt>version</tt> <i>N</i> [...] </tt> ]</tt>
 			<dd>Identical to the addpeer command, except that the operating mode is client.
 			<dt><tt>broadcast <i>peer_address</i> [
 			<i>keyid</i> ] [ <i>version</i> ] [ <i>prefer</i> ]</tt>
@@ -199,9 +202,9 @@
 			<dd>Returns information concerning the authentication module, including known keys and counts of encryptions and decryptions which have been done.
 			<dt><tt>traps</tt>
 			<dd>Display the traps set in the server. See the source listing for further information.
-			<dt><tt>addtrap [ <i>address</i> [ <i>port</i> ] [ <i>interface</i> ]</tt>
+			<dt><tt>addtrap [ <i>address</i> ] [ <i>port</i> ] [ <i>interface</i> ]</tt>
 			<dd>Set a trap for asynchronous messages. See the source listing for further information.
-			<dt><tt>clrtrap [ <i>address</i> [ <i>port</i> ] [ <i>interface</i>]</tt>
+			<dt><tt>clrtrap [ <i>address</i> ] [ <i>port</i> ] [ <i>interface</i>]</tt>
 			<dd>Clear a trap for asynchronous messages. See the source listing for further information.
 			<dt><tt>reset</tt>
 			<dd>Clear the statistics counters in various modules of the server. See the source listing for further information.
diff --git a/html/ntpdsim.html b/html/ntpdsim.html
index 31eccf8..2fcfebf 100644
--- a/html/ntpdsim.html
+++ b/html/ntpdsim.html
@@ -11,12 +11,12 @@
 
 	<body>
 		<h3><tt>ntpdsim</tt> - Network Time Protocol (NTP) simulator</h3>
-		<img src="pic/alice47.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/%7emills/pictures.html">from <i>Alice's Adventures in Wonderland</i>, Lewis Carroll</a>
-		<p>The mushroom knows all the command line options.</p>
-		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">20:07</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="223">Friday, June 16, 2006</csobj></p>
+		<img src="pic/oz2.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/%7emills/pictures.html">from <i>The Wizard of Oz</i>, L. Frank Baum</a>
+		<p>All in a row.</p>
+		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">15:55</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="250">Sunday, March 02, 2008</csobj></p>
 		<br clear="left">
 		<h4>Related Links</h4>
-		<script type="text/javascript" language="javascript" src="scripts/links7.txt"></script>
+		<script type="text/javascript" language="javascript" src="scripts/manual.txt"></script>
 		<h4>Table of Contents</h4>
 		<ul>
 			<li class="inline"><a href="#synop">Synopsis</a><br>
diff --git a/html/ntpdsim_new.html b/html/ntpdsim_new.html
index 47c226a..726ec9b 100644
--- a/html/ntpdsim_new.html
+++ b/html/ntpdsim_new.html
@@ -5,18 +5,18 @@
 	<head>
 		<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
 		<meta name="generator" content="HTML Tidy, see www.w3.org">
-		<title>ntpdsim - Network Time Protocol (NTP) simulator</title>
+		<title>ntpdsim - Network Time Protocol (NTP) Simulator</title>
 		<link href="scripts/style.css" type="text/css" rel="stylesheet">
 	</head>
 
 	<body>
-		<h3><tt>ntpdsim</tt> - Network Time Protocol (NTP) simulator</h3>
-		<img src="pic/alice47.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/%7emills/pictures.html">from <i>Alice's Adventures in Wonderland</i>, Lewis Carroll</a>
-		<p>The mushroom knows all the command line options.</p>
-		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">21:32</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="223">Friday, June 16, 2006</csobj></p>
+		<h3><tt>ntpdsim</tt> - Network Time Protocol (NTP) Simulator</h3>
+		<img src="pic/oz2.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/%7emills/pictures.html">from <i>The Wizard of Oz</i>, L. Frank Baum</a>
+		<p>All in a row.</p>
+		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">15:56</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="250">Sunday, March 02, 2008</csobj></p>
 		<br clear="left">
 		<h4>Related Links</h4>
-		<script type="text/javascript" language="javascript" src="scripts/links7.txt"></script>
+		<script type="text/javascript" language="javascript" src="scripts/manual.txt"></script>
 		<h4>Table of Contents</h4>
 		<ul>
 			<li><a href="#description">Description</a><br>
@@ -25,7 +25,14 @@
 		</ul>
 		<h4 id="description">Description</h4>
 		<p>The ntpdsim program is used to simulate and study the behavior of an NTP daemon that derives its time from a number of different simulated time sources (servers). Each simulated server can be configured to have a different time offset, frequency offset, propagation delay, processing delay, network jitter and oscillator wander.</p>
-		<p>The ntpdsim program runs all the same selection, mitigation, and discipline algorithms as the actual ntpd daemon at the client. (It actually uses the same code). However, the input/output routines and servers are simulated. That is, instead of sending the client messages over the network to the actual servers, the client messages are intercepted by the ntpdsim program, which then generates the replies to those messages. The reply messages are carefully "inserted" into the input queue of the client at the right time according to the specified server properties (like propagation delay).</p>
+		<p>The ntpdsim program runs all the same selection, mitigation, and discipline
+			algorithms as the actual ntpd daemon at the client. (It actually
+			uses the same code). However, the input/output routines and servers are simulated.
+			That is, instead of sending the client messages over the network
+			to the actual servers, the client messages are intercepted by the ntpdsim
+			program, which then generates the replies to those messages. The reply messages
+			are carefully &quot;inserted&quot; into the input queue of the client at the right time
+			according to the specified server properties (like propagation delay).</p>
 		<p>Each simulated server runs according to a specified script that describes the server properties at a particular time. Each script consists of a series of consecutive acts. Each act runs for a particular duration and specifies the frequency offset, propagation delay, processing delay, network jitter and oscillator wander of the server for that duration. Once the duration of an act expires, the simulated server reconfigures itself according to the properties specified in the next act.</p>
 		<h4 id="configuration">Configuration</h4>
 		<p>The ntpdsim program is configured by providing a configuration file at startup. The crux of the simulator configuration is specified using a <tt>simulate</tt> command, the syntax of which is given below. Note that all time quantities are in seconds and all frequency quantities are in parts per million (PPM):</p>
diff --git a/html/ntpq.html b/html/ntpq.html
index 4c077e2..cf0ff06 100644
--- a/html/ntpq.html
+++ b/html/ntpq.html
@@ -7,256 +7,586 @@
 		<meta name="generator" content="HTML Tidy, see www.w3.org">
 		<title>ntpq - standard NTP query program</title>
 		<link href="scripts/style.css" type="text/css" rel="stylesheet">
-	</head>
+</head>
 
 	<body>
 		<h3><tt>ntpq</tt> - standard NTP query program</h3>
 		<img src="pic/bustardfly.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/~mills/pictures.html">from <i>Pogo</i>, Walt Kelly</a>
 		<p>A typical NTP monitoring packet</p>
-		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">18:45</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="246">Thursday, July 28, 2005</csobj></p>
-		<br clear="left">
+		<p>Last update:
+			<!-- #BeginDate format:En2m -->04-Nov-2009  0:12<!-- #EndDate -->
+		UTC</p>
+<br clear="left">
 		<h4>More Help</h4>
-		<script type="text/javascript" language="javascript" src="scripts/links12.txt"></script>
+		<script type="text/javascript" language="javascript" src="scripts/manual.txt"></script>
 		<hr>
 		<h4>Synopsis</h4>
-		<tt>ntpq [-inp] [-c <i>command</i>] [<i>host</i>] [...]</tt>
+		<tt>ntpq [-46dinp] [-c <i>command</i>] [<i>host</i>] [...]</tt>
 		<h4>Description</h4>
-		<p>The <tt>ntpq</tt> utility program is used to monitor NTP daemon <tt>ntpd</tt> operations and determine performance. It uses the standard NTP mode 6 control message formats defined in Appendix B of the NTPv3 specification RFC1305. The same formats are used in NTPv4, although some of the variables have changed and new ones added. The description on this page is for the NTPv4 variables.</p>
+		<p>The <tt>ntpq</tt> utility program is used to monitor NTP daemon <tt>ntpd</tt> operations
+			and determine performance. It uses the standard NTP mode 6 control
+			message formats defined in Appendix B of the NTPv3 specification
+			RFC1305. The same formats are used in NTPv4, although some of the
+			variable names have changed and new ones added. The description
+			on this page is for the NTPv4 variables.</p>
 		<p>The program can be run either in interactive mode or controlled using command line arguments. Requests to read and write arbitrary variables can be assembled, with raw and pretty-printed output options being available. The <tt>ntpq</tt> can also obtain and print a list of peers in a common format by sending multiple queries to the server.</p>
-		<p>If one or more request options is included on the command line when <tt>ntpq</tt> is executed, each of the requests will be sent to the NTP servers running on each of the hosts given as command line arguments, or on localhost by default. If no request options are given, <tt>ntpq</tt> will attempt to read commands from the standard input and execute these on the NTP server running on the first host given on the command line, again defaulting to localhost when no other host is specified. <tt>ntpq</tt>will prompt for commands if the standard input is a terminal device.</p>
+		<p>If one or more request options is included on the command line when <tt>ntpq</tt> is executed, each of the requests will be sent to the NTP servers running on each of the hosts given as command line arguments, or on localhost by default. If no request options are given, <tt>ntpq</tt> will attempt to read commands from the standard input and execute these on the NTP server running on the first host given on the command line, again defaulting to localhost when no other host is specified. <tt>ntpq</tt> will prompt for commands if the standard input is a terminal device.</p>
 		<p><tt>ntpq</tt> uses NTP mode 6 packets to communicate with the NTP server, and hence can be used to query any compatible server on the network which permits it. Note that since NTP is a UDP protocol this communication will be somewhat unreliable, especially over large distances in terms of network topology. <tt>ntpq</tt> makes one attempt to retransmit requests, and will time requests out if the remote host is not heard from within a suitable timeout time.</p>
 		<p>Note that in contexts where a host name is expected, a <tt>-4</tt> qualifier preceding the host name forces DNS resolution to the IPv4 namespace, while a <tt>-6</tt> qualifier forces DNS resolution to the IPv6 namespace.</p>
 		<p>For examples and usage, see the <a href="debug.html">NTP Debugging Techniques</a> page.</p>
 		<p>Command line options are described following. Specifying a command line option other than <tt>-i</tt> or <tt>-n</tt> will cause the specified query (queries) to be sent to the indicated host(s) immediately. Otherwise, <tt>ntpq</tt> will attempt to read interactive format commands from the standard input.</p>
 		<dl>
-			<dt><tt>-4</tt>
-			<dd>Force DNS resolution of following host names on the command line to the IPv4 namespace.
-			<dt><tt>-6</tt>
-			<dd>Force DNS resolution of following host names on the command line to the IPv6 namespace.
-			<dt><tt>-c</tt>
-			<dd>The following argument is interpreted as an interactive format command and is added to the list of commands to be executed on the specified host(s). Multiple <tt>-c</tt> options may be given.
-			<dt><tt>-d</tt>
-			<dd>Turn on debugging mode.
-			<dt><tt>-i</tt>
-			<dd>Force <tt>ntpq</tt> to operate in interactive mode. Prompts will be written to the standard output and commands read from the standard input.
-			<dt><tt>-n</tt>
-			<dd>Output all host addresses in dotted-quad numeric format rather than converting to the canonical host names.
-			<dt><tt>-p</tt>
-			<dd>Print a list of the peers known to the server as well as a summary of their state. This is equivalent to the <tt>peers</tt> interactive command.
+			<dt><tt>-4</tt></dt>
+			<dd>Force DNS resolution of following host names on the command line to the IPv4 namespace.</dd>
+			<dt><tt>-6</tt></dt>
+			<dd>Force DNS resolution of following host names on the command line to the IPv6 namespace.</dd>
+			<dt><tt>-c</tt></dt>
+			<dd>The following argument is interpreted as an interactive format command and is added to the list of commands to be executed on the specified host(s). Multiple <tt>-c</tt> options may be given.</dd>
+			<dt><tt>-d</tt></dt>
+			<dd>Turn on debugging mode.</dd>
+			<dt><tt>-i</tt></dt>
+			<dd>Force <tt>ntpq</tt> to operate in interactive mode. Prompts will be written to the standard output and commands read from the standard input.</dd>
+			<dt><tt>-n</tt></dt>
+			<dd>Output all host addresses in dotted-quad numeric format rather than converting to the canonical host names.</dd>
+			<dt><tt>-p</tt></dt>
+			<dd>Print a list of the peers known to the server as well as a summary of their state. This is equivalent to the <tt>peers</tt> interactive command.</dd>
 		</dl>
 		<h4>Internal Commands</h4>
-		<p>Interactive format commands consist of a keyword followed by zero to four arguments. Only enough characters of the full keyword to uniquely identify the command need be typed. The output of a command is normally sent to the standard output, but optionally the output of individual commands may be sent to a file by appending a <tt>&gt;</tt>, followed by a file name, to the command line. A number of interactive format commands are executed entirely within the <tt>ntpq</tt> program itself and do not result in NTP mode 6 requests being sent to a server. These are described following.</p>
+		<p>Interactive format commands consist of a keyword followed by zero to four arguments. Only enough characters of the full keyword to uniquely identify the command need be typed. The output of a command is normally sent to the standard output, but optionally the output of individual commands may be sent to a file by appending a <tt>&gt;</tt>, followed by a file name, to the command line. A number of interactive format commands are executed entirely within the <tt>ntpq</tt> program itself and do not result in NTP mode-6 requests being sent to a server. These are described following.</p>
 		<dl>
 			<dt><tt>? [<i>command_keyword</i>]</tt><br>
-				<tt>helpl [<i>command_keyword</i>]</tt>
-			<dd>A <tt>?</tt> by itself will print a list of all the command keywords known to this incarnation of <tt>ntpq</tt>. A <tt>?</tt> followed by a command keyword will print function and usage information about the command. This command is probably a better source of information about <tt>ntpq</tt> than this manual page.
-			<dt><tt>addvars <i>variable_name</i> [ = <i>value</i>] [...]</tt><br>
-				<tt>rmvars <i>variable_name</i> [...]</tt><br>
-				<tt>clearvars</tt>
-			<dd>The data carried by NTP mode 6 messages consists of a list of items of the form <tt><i>variable_name</i> = <i>value</i></tt>, where the <tt>= <i>value</i></tt> is ignored, and can be omitted, in requests to the server to read variables. <tt>ntpq</tt> maintains an internal list in which data to be included in control messages can be assembled, and sent using the <tt>readlist</tt> and <tt>writelist</tt> commands described below. The <tt>addvars</tt> command allows variables and their optional values to be added to the list. If more than one variable is to be added, the list should be comma-separated and not contain white space. The <tt>rmvars</tt> command can be used to remove individual variables from the list, while the <tt>clearlist</tt> command removes all variables from the list.
-			<dt><tt>cooked</tt>
-			<dd>Causes output from query commands to be &quot;cooked&quot;, so that variables which are recognized by <tt>ntpq</tt> will have their values reformatted for human consumption. Variables which <tt>ntpq</tt> thinks should have a decodable value but didn't are marked with a trailing <tt>?</tt>.
-			<dt><tt>debug more | less | off</tt>
-			<dd>Turns internal query program debugging on and off.
-			<dt><tt>delay <i>milliseconds</i></tt>
-			<dd>Specify a time interval to be added to timestamps included in requests which require authentication. This is used to enable (unreliable) server reconfiguration over long delay network paths or between machines whose clocks are unsynchronized. Actually the server does not now require timestamps in authenticated requests, so this command may be obsolete.
-			<dt><tt>host <i>hostname</i></tt>
-			<dd>Set the host to which future queries will be sent. Hostname may be either a host name or a numeric address.
-			<dt><tt>hostnames [yes | no]</tt>
-			<dd>If <tt>yes</tt> is specified, host names are printed in information displays. If <tt>no</tt> is specified, numeric addresses are printed instead. The default is <tt>yes</tt>, unless modified using the command line <tt>-n</tt> switch.
-			<dt><tt>keyid <i>keyid</i></tt>
-			<dd>This command specifies the key number to be used to authenticate configuration requests. This must correspond to a key number the server has been configured to use for this purpose.
-			<dt><tt>ntpversion 1 | 2 | 3 | 4</tt>
-			<dd>Sets the NTP version number which <tt>ntpq</tt> claims in packets. Defaults to 2, Note that mode 6 control messages (and modes, for that matter) didn't exist in NTP version 1.
-			<dt><tt>passwd</tt>
-			<dd>This command prompts for a password (which will not be echoed) which will be used to authenticate configuration requests. The password must correspond to the key configured for NTP server for this purpose.
-			<dt><tt>quit</tt>
-			<dd>Exit <tt>ntpq</tt>.
-			<dt><tt>raw</tt>
-			<dd>Causes all output from query commands is printed as received from the remote server. The only formating/interpretation done on the data is to transform nonascii data into a printable (but barely understandable) form.
-			<dt><tt>timeout <i>millseconds</i></tt>
-			<dd>Specify a timeout period for responses to server queries. The default is about 5000 milliseconds. Note that since <tt>ntpq</tt> retries each query once after a timeout, the total waiting time for a timeout will be twice the timeout value set.
+				<tt>help [<i>command_keyword</i>]</tt></dt>
+			<dd>A <tt>?</tt> by itself will print a list of all the command keywords known to  <tt>ntpq</tt>. A <tt>?</tt> followed by a command keyword will print function and usage information about the command.</dd>
+			<dt><tt>addvars <i>name</i> [ = <i>value</i>] [...]</tt><br>
+				<tt>rmvars <i>name</i> [...]</tt><br>
+				<tt>clearvars</tt></dt>
+			<dd>The arguments to this command consist of a list of items of the form <tt><i>name</i> = <i>value</i></tt>, where the <tt>= <i>value</i></tt> is ignored, and can be omitted in read requests. <tt>ntpq</tt> maintains an internal list in which data to be included in control messages can be assembled, and sent using the <tt>readlist</tt> and <tt>writelist</tt> commands described below. The <tt>addvars</tt> command allows variables and optional values to be added to the list. If more than one variable is to be added, the list should be comma-separated and not contain white space. The <tt>rmvars</tt> command can be used to remove individual variables from the list, while the <tt>clearlist</tt> command removes all variables from the list.</dd>
+			<dt><tt>cooked</tt></dt>
+			<dd>Display server messages in prettyprint format.</dd>
+			<dt><tt>debug more | less | off</tt></dt>
+			<dd>Turns internal query program debugging on and off.</dd>
+			<dt><tt>delay <i>milliseconds</i></tt></dt>
+			<dd>Specify a time interval to be added to timestamps included in requests which require authentication. This is used to enable (unreliable) server reconfiguration over long delay network paths or between machines whose clocks are unsynchronized. Actually the server does not now require timestamps in authenticated requests, so this command may be obsolete.</dd>
+			<dt><tt>host <i>name</i></tt></dt>
+			<dd>Set the host to which future queries will be sent. The name may be either a DNS name or a numeric address.</dd>
+			<dt><tt>hostnames [yes | no]</tt></dt>
+			<dd>If <tt>yes</tt> is specified, host names are printed in information displays. If <tt>no</tt> is specified, numeric addresses are printed instead. The default is <tt>yes</tt>, unless modified using the command line <tt>-n</tt> switch.</dd>
+			<dt><tt>keyid <i>keyid</i></tt></dt>
+			<dd>This command specifies the key number to be used to authenticate configuration requests. This must correspond to a key number the server has been configured to use for this purpose.</dd>
+			<dt><tt>ntpversion 1 | 2 | 3 | 4</tt></dt>
+			<dd>Sets the NTP version number which <tt>ntpq</tt> claims in packets. Defaults to 2, Note that mode-6 control messages (and modes, for that matter) didn't exist in NTP version 1.</dd>
+			<dt><tt>passwd</tt></dt>
+			<dd>This command prompts for a password to authenticate configuration requests. The password must correspond to the key configured for NTP server for this purpose.</dd>
+			<dt><tt>quit</tt></dt>
+			<dd>Exit <tt>ntpq</tt>.</dd>
+			<dt><tt>raw</tt></dt>
+			<dd>Display server messages as received and without reformatting.</dd>
+			<dt><tt>timeout <i>milliseconds</i></tt></dt>
+			<dd>Specify a timeout period for responses to server queries. The default is about 5000 milliseconds. Note that since <tt>ntpq</tt> retries each query once after a timeout, the total waiting time for a timeout will be twice the timeout value set.</dd>
 		</dl>
 		<h4>Control Message Commands</h4>
-		<p>Each association known to an NTP server has a 16 bit integer association identifier. NTP control messages which carry peer variables must identify the peer the values correspond to by including its association ID. An association ID of 0 is special, and indicates the variables are system variables, whose names are drawn from a separate name space.</p>
-		<p>Control message commands result in one or more NTP mode 6 messages being sent to the server, and cause the data returned to be printed in some format. Most commands currently implemented send a single message and expect a single response. The current exceptions are the peers command, which will send a preprogrammed series of messages to obtain the data it needs, and the mreadlist and mreadvar commands, which will iterate over a range of associations.</p>
+		<p>Association IDs are used to identify system, peer and clock variables. System variables are assigned an association ID of zero and system name space, while each association is assigned a nonzero association ID and peer namespace. Most control commands send a single mode-6 message to the server and expect a single response message. The exceptions are the <tt>peers</tt> command, which sends a series of messages, and the <tt>mreadlist</tt> and <tt>mreadvar</tt> commands, which iterate over a range of associations.</p>
 		<dl>
-			<dt><tt>associations</tt>
-			<dd>Obtains and prints a list of association identifiers and peer statuses for in-spec peers of the server being queried. The list is printed in columns. The first of these is an index numbering the associations from 1 for internal use, the second the actual association identifier returned by the server and the third the status word for the peer. This is followed by a number of columns containing data decoded from the status word. See the peers command for a decode of the <tt>condition</tt> field. Note that the data returned by the <tt>associations</tt> command is cached internally in <tt>ntpq</tt>. The index is then of use when dealing with stupid servers which use association identifiers which are hard for humans to type, in that for any subsequent commands which require an association identifier as an argument, the form &amp;index may be used as an alternative.
-			<dt><tt>clockvar [<i>assocID</i>] [<i>variable_name</i> [ = <i>value</i> [...]] [...]</tt>
-			<dt><tt>cv [<i>assocID</i>] [<i>variable_name</i> [ = <i>value</i> [...] ][...]</tt>
-			<dd>Requests that a list of the server's clock variables be sent. Servers which have a radio clock or other external synchronization will respond positively to this. If the association identifier is omitted or zero the request is for the variables of the <tt>system clock</tt> and will generally get a positive response from all servers with a clock. If the server treats clocks as pseudo-peers, and hence can possibly have more than one clock connected at once, referencing the appropriate peer association ID will show the variables of a particular clock. Omitting the variable list will cause the server to return a default variable display.
-			<dt><tt>lassociations</tt>
-			<dd>Obtains and prints a list of association identifiers and peer statuses for all associations for which the server is maintaining state. This command differs from the <tt>associations</tt> command only for servers which retain state for out-of-spec client associations (i.e., fuzzballs). Such associations are normally omitted from the display when the <tt>associations</tt> command is used, but are included in the output of <tt>lassociations</tt>.
-			<dt><tt>lpassociations</tt>
-			<dd>Print data for all associations, including out-of-spec client associations, from the internally cached list of associations. This command differs from <tt>passociations</tt> only when dealing with fuzzballs.
-			<dt><tt>lpeers</tt>
-			<dd>Like R peers, except a summary of all associations for which the server is maintaining state is printed. This can produce a much longer list of peers from fuzzball servers.
-			<dt><tt>mreadlist <i>assocID</i> <i>assocID</i></tt><br>
-				<tt>mrl <i>assocID</i> <i>assocID</i></tt>
-			<dd>Like the <tt>readlist</tt> command, except the query is done for each of a range of (nonzero) association IDs. This range is determined from the association list cached by the most recent <tt>associations</tt> command.
-			<dt><tt>mreadvar <i>assocID</i> <i>assocID</i> [ <i>variable_name</i> [ = <i>value</i>[ ... ]</tt><br>
-				<tt>mrv <i>assocID</i> <i>assocID</i> [ <i>variable_name</i> [ = <i>value</i>[ ... ]</tt>
-			<dd>Like the <tt>readvar</tt> command, except the query is done for each of a range of (nonzero) association IDs. This range is determined from the association list cached by the most recent <tt>associations</tt> command.
-			<dt><tt>opeers</tt>
-			<dd>An old form of the <tt>peers</tt> command with the reference ID replaced by the local interface address.
-			<dt><tt>passociations</tt>
-			<dd>Displays association data concerning in-spec peers from the internally cached list of associations. This command performs identically to the <tt>associations</tt> except that it displays the internally stored data rather than making a new query.
-			<dt><tt>peers</tt>
-			<dd>Obtains a current list peers of the server, along with a summary of each peer's state. Summary information includes the address of the remote peer, the reference ID (0.0.0.0 if this is unknown), the stratum of the remote peer, the type of the peer (local, unicast, multicast or broadcast), when the last packet was received, the polling interval, in seconds, the reachability register, in octal, and the current estimated delay, offset and dispersion of the peer, all in milliseconds. The character at the left margin of each line shows the synchronization status of the association and is a valuable diagnostic tool. The encoding and meaning of this character, called the tally code, is given later in this page.
-			<dt><tt>pstatus <i>assocID</i></tt>
-			<dd>Sends a read status request to the server for the given association. The names and values of the peer variables returned will be printed. Note that the status word from the header is displayed preceding the variables, both in hexadecimal and in pidgeon English.
-			<dt><tt>readlist [ <i>assocID</i> ]</tt><br>
-				<tt>rl [ <i>assocID</i> ]</tt>
-			<dd>Requests that the values of the variables in the internal variable list be returned by the server. If the association ID is omitted or is 0 the variables are assumed to be system variables. Otherwise they are treated as peer variables. If the internal variable list is empty a request is sent without data, which should induce the remote server to return a default display.
-			<dt><tt>readvar <i>assocID</i> <i>variable_name</i> [ = <i>value</i> ] [ ...]</tt><br>
-				<tt>rv <i>assocID</i> [ <i>variable_name</i> [ = <i>value</i> ] [...]</tt>
-			<dd>Requests that the values of the specified variables be returned by the server by sending a read variables request. If the association ID is omitted or is given as zero the variables are system variables, otherwise they are peer variables and the values returned will be those of the corresponding peer. Omitting the variable list will send a request with no data which should induce the server to return a default display. The encoding and meaning of the variables derived from NTPv3 is given in RFC-1305; the encoding and meaning of the additional NTPv4 variables are given later in this page.
-			<dt><tt>writevar <i>assocID</i> <i>variable_name</i> [ = <i>value</i> [ ...]</tt>
-			<dd>Like the readvar request, except the specified variables are written instead of read.
-			<dt><tt>writelist [ <i>assocID</i> ]</tt>
-			<dd>Like the readlist request, except the internal list variables are written instead of read.
-		</dl>
-		<h4>Tally Codes</h4>
-		<p>The character in the left margin in the <tt>peers</tt> billboard, called the tally code, shows the fate of each association in the clock selection process. Following is a list of these characters, the pigeon used in the <tt>rv</tt> command, and a short explanation of the condition revealed.</p>
-		<dl>
-			<dt><tt>space reject</tt>
-			<dd>The peer is discarded as unreachable, synchronized to this server (synch loop) or outrageous synchronization distance.
-			<dt><tt>x&nbsp;&nbsp;falsetick</tt>
-			<dd>The peer is discarded by the intersection algorithm as a falseticker.
-			<dt><tt>.&nbsp;&nbsp;excess</tt>
-			<dd>The peer is discarded as not among the first ten peers sorted by synchronization distance and so is probably a poor candidate for further consideration.
-			<dt><tt>-&nbsp;&nbsp;outlyer</tt>
-			<dd>The peer is discarded by the clustering algorithm as an outlyer.
-			<dt><tt>+&nbsp;&nbsp;candidat</tt>
-			<dd>The peer is a survivor and a candidate for the combining algorithm.
-			<dt><tt>#&nbsp;&nbsp;selected</tt>
-			<dd>The peer is a survivor, but not among the first six peers sorted by synchronization distance. If the association is ephemeral, it may be demobilized to conserve resources.
-			<dt><tt>*&nbsp;&nbsp;sys.peer</tt>
-			<dd>The peer has been declared the system peer and lends its variables to the system variables.
-			<dt><tt>o&nbsp;&nbsp;pps.peer</tt>
-			<dd>The peer has been declared the system peer and lends its variables to thesystem variables. However, the actual system synchronization is derived from a pulse-per-second (PPS) signal, either indirectly via the PPS reference clock driver or directly via kernel interface.
-		</dl>
-		<h4>System Variables</h4>
-		<p>The <tt>status, leap, stratum, precision, rootdelay, rootdispersion, refid, reftime, poll, offset, and frequency</tt> variables are described in RFC-1305 specification. Additional NTPv4 system variables include the following.</p>
-		<dl>
-			<dt><tt>version</tt>
-			<dd>Everything you might need to know about the software version and generation time.
-			<dt><tt>processor</tt>
-			<dd>The processor and kernel identification string.
-			<dt><tt>system</tt>
-			<dd>The operating system version and release identifier.
-			<dt><tt>state</tt>
-			<dd>The state of the clock discipline state machine. The values are described in the architecture briefing on the NTP Project page linked from www.ntp.org.
-			<dt><tt>peer</tt>
-			<dd>The internal integer used to identify the association currently designated the system peer.
-			<dt><tt>jitter</tt>
-			<dd>The estimated time error of the system clock measured as an exponential average of RMS time differences.
-			<dt><tt>stability</tt>
-			<dd>The estimated frequency stability of the system clock measured as an exponential average of RMS frequency differences.
-		</dl>
-		<p>When the NTPv4 daemon is compiled with the OpenSSL software library, additional system variables are displayed, including some or all of the following, depending on the particular dance:</p>
-		<dl>
-			<dt><tt>flags</tt>
-			<dd>The current flags word bits and message digest algorithm identifier (NID) in hex format. The high order 16 bits of the four-byte word contain the NID from the OpenSSL ligrary, while the low-order bits are interpreted as follows:
+			<dt id="as"><tt>associations</tt></dt>
+			<dd>Display a list of mobilized associations in the form</dd>
+			<dd><tt>ind assid status conf reach auth condition last_event cnt</tt></dd>
 			<dd>
-				<dl>
-					<dt><tt>0x01</tt>
-					<dd>autokey enabled
-					<dt><tt>0x02</tt>
-					<dd>NIST leapseconds file loaded
-					<dt><tt>0x10</tt>
-					<dd>PC identity scheme
-					<dt><tt>0x20</tt>
-					<dd>IFF identity scheme
-					<dt><tt>0x40</tt>
-					<dd>GQ identity scheme
-				</dl>
-			<dt><tt>hostname</tt>
-			<dd>The name of the host as returned by the Unix <tt>gethostname()</tt> library function.
-			<dt><tt>hostkey</tt>
-			<dd>The NTP filestamp of the host key file.
-			<dt><tt>cert</tt>
-			<dd>A list of certificates held by the host. Each entry includes the subject, issuer, flags and NTP filestamp in order. The bits are interpreted as follows:
+				<table width="100%" border="1" cellspacing="2" cellpadding="2">
+					<tr>
+						<td>Variable</td>
+						<td>Description</td>
+					</tr>
+					<tr>
+						<td><tt>ind</tt></td>
+						<td>index on this list</td>
+					</tr>
+					<tr>
+						<td><tt>assid</tt></td>
+						<td>association ID</td>
+					</tr>
+					<tr>
+						<td><tt>status</tt></td>
+						<td><a href="decode.html#peer">peer status word</a></td>
+					</tr>
+					<tr>
+						<td><tt>conf</tt></td>
+						<td><tt>yes</tt>: persistent, <tt>no</tt>: ephemeral</td>
+					</tr>
+					<tr>
+						<td><tt>reach</tt></td>
+						<td><tt>yes</tt>: reachable, <tt>no</tt>: unreachable</td>
+					</tr>
+					<tr>
+						<td><tt>auth</tt></td>
+						<td><tt>ok</tt>, <tt>yes</tt>, <tt>bad</tt> and <tt>none</tt></td>
+					</tr>
+					<tr>
+						<td><tt>condition</tt></td>
+						<td>selection status (see the <tt>select</tt> field of the <a href="decode.html#peer">peer status word</a>)</td>
+					</tr>
+					<tr>
+						<td><tt>last_event</tt></td>
+						<td>event report (see the <tt>event</tt> field of the <a href="decode.html#peer">peer status word</a>)</td>
+					</tr>
+					<tr>
+						<td><tt>cnt</tt></td>
+						<td>event count (see the <tt>count</tt> field of the <a href="decode.html#peer">peer status word</a>)</td>
+					</tr>
+				</table>
+			</dd>
+			<dt><tt>clockvar <i>assocID</i> [<i>name</i> [ = <i>value</i> [...]] [...]</tt><br>
+				<tt>cv <i>assocID</i> [<i>name</i> [ = <i>value</i> [...] ][...]</tt></dt>
+			<dd>Display a list of <a href="#clock">clock variables</a> for those assocations supporting a reference clock.</dd>
+			<dt><tt>:config [...]</tt></dt>
+			<dd>Send the remainder of the command line, including whitespace, to the server as a run-time configuration command in the same format as the configuration file. This command is experimental until further notice and clarification. Authentication is of course required.</dd>
+			<dt><tt>config-from-file <i>filename</i></tt></dt>
+			<dd>Send the each line of <i>filename</i> to the server as run-time configuration commands in the same format as the configuration file. This command is experimental until further notice and clarification. Authentication is of course required.</dd>
+			<dt><tt>keyid</tt></dt>
+			<dd>Specify the key ID to use for write requests.</dd>
+			<dt><tt>lassociations</tt></dt>
+			<dd>Perform the same function as the associations command, execept display mobilized and unmobilized associations.</dd>
+			<dt><tt>mreadvar <i>assocID</i> <i>assocID</i> [ <i>variable_name</i> [ = <i>value</i>[ ... ]</tt><br>
+				<tt>mrv <i>assocID</i> <i>assocID</i> [ <i>variable_name</i> [ = <i>value</i>[ ... ]</tt></dt>
+			<dd>Perform the same function as the <tt>readvar</tt> command, except for a range of association IDs. This range is determined from the association list cached by the most recent <tt>associations</tt> command.</dd>
+			<dt><tt>passociations</tt></dt>
+			<dd>Perform the same function as the <tt>associations command</tt>, except that it uses previously stored data rather than making a new query.</dd>
+			<dt><tt>passwd</tt></dt>
+			<dd>Specify the password to use for write requests.</dd>
+			<dt id="pe"><tt>peers</tt></dt>
+			<dd>Display a list of peers in the form</dd>
+			<dd><tt>[tally]remote refid st t when pool reach delay offset jitter</tt></dd>
 			<dd>
-				<dl>
-					<dt><tt>0x01</tt>
-					<dd>certificate has been signed by the server
-					<dt><tt>0x02</tt>
-					<dd>certificate is trusted
-					<dt><tt>0x04</tt>
-					<dd>certificate is private
-					<dt><tt>0x08</tt>
-					<dd>certificate contains errors and should not be trusted
-				</dl>
-			<dt><tt>leapseconds</tt>
-			<dd>The NTP filestamp of the NIST leapseconds file.
-			<dt><tt>refresh</tt>
-			<dd>The NTP timestamp when the host public cryptographic values were refreshed and signed.
-			<dt><tt>signature</tt>
-			<dd>The host digest/signature scheme name from the OpenSSL library.
-			<dt><tt>tai</tt>
-			<dd>The TAI-UTC offset in seconds obtained from the NIST leapseconds table.
-		</dl>
-		<h4>Peer Variables</h4>
-		<p>The <tt>status, srcadr, srcport, dstadr, dstport, leap, stratum, precision, rootdelay, rootdispersion, readh, hmode, pmode, hpoll, ppoll, offset, delay, dspersion, reftime</tt> variables are described in the RFC-1305 specification, as are the timestamps <tt>org, rec and xmt</tt>. Additional NTPv4 system variables include the following.</p>
-		<dl>
-			<dt><tt>flash</tt>
-			<dd>The flash code for the most recent packet received. The encoding and meaning of these codes is given later in this page.
-			<dt><tt>jitter</tt>
-			<dd>The estimated time error of the peer clock measured as an exponential average of RMS time differences.
-			<dt><tt>unreach</tt>
-			<dd>The value of the counter which records the number of poll intervals since the last valid packet was received.
-		</dl>
-		<p>When the NTPv4 daemon is compiled with the OpenSSL software library, additional peer variables are displayed, including the following:</p>
-		<dl>
-			<dt><tt>flags</tt>
-			<dd>The current flag bits. This word is the server host status word with additional bits used by the Autokey state machine. See the source code for the bit encoding.
-			<dt><tt>hostname</tt>
-			<dd>The server host name.
-			<dt><tt>initkey <i>key</i></tt>
-			<dd>The initial key used by the key list generator in the Autokey protocol.
-			<dt><tt>initsequence <i>index</i></tt>
-			<dd>The initial index used by the key list generator in the Autokey protocol.
-			<dt><tt>signature</tt>
-			<dd>The server message digest/signature scheme name from the OpenSSL software library.
-			<dt><tt>timestamp <i>time</i></tt>
-			<dd>The NTP timestamp when the last Autokey key list was generated and signed.
-		</dl>
-		<h4>Flash Codes</h4>
-		<p>The <tt>flash</tt> code is a valuable debugging aid displayed in the peer variables list. It shows the results of the original sanity checks defined in the NTP specification RFC-1305 and additional ones added in NTPv4. There are 12 tests designated <tt>TEST1</tt> through <tt>TEST12</tt>. The tests are performed in a certain order designed to gain maximum diagnostic information while protecting against accidental or malicious errors. The <tt>flash</tt> variable is initialized to zero as each packet is received. If after each set of tests one or more bits are set, the packet is discarded.</p>
-		<p>Tests <tt>TEST1</tt> through <tt>TEST3</tt> check the packet timestamps from which the offset and delay are calculated. If any bits are set, the packet is discarded; otherwise, the packet header variables are saved. <tt>TEST4</tt> and <tt>TEST5</tt> are associated with access control and cryptographic authentication. If any bits are set, the packet is discarded immediately with nothing changed.</p>
-		<p>Tests <tt>TEST6</tt> through <tt>TEST8</tt> check the health of the server. If any bits are set, the packet is discarded; otherwise, the offset and delay relative to the server are calculated and saved. <tt>TEST9</tt> checks the health of the association itself. If any bits are set, the packet is discarded; otherwise, the saved variables are passed to the clock filter and mitigation algorithms.</p>
-		<p>Tests <tt>TEST10</tt> through <tt>TEST12</tt> check the authentication state using Autokey public-key cryptography, as described in the <a href="authopt.html">Authentication Options</a> page. If any bits are set and the association has previously been marked reachable, the packet is discarded; otherwise, the originate and receive timestamps are saved, as required by the NTP protocol, and processing continues.</p>
-		<p>The <tt>flash</tt> bits for each test are defined as follows.</p>
+				<table width="100%" border="1" cellspacing="2" cellpadding="2">
+					<tr>
+						<td>Variable</td>
+						<td>Description</td>
+					</tr>
+					<tr>
+						<td><tt>[tally]</tt></td>
+						<td>single-character code indicating current value of the <tt>select</tt> field of the <a href="decode.html#peer">peer status word</a></td>
+					</tr>
+					<tr>
+						<td><tt>remote</tt></td>
+						<td>host name (or IP number) of peer</td>
+					</tr>
+					<tr>
+						<td><tt>refid</tt></td>
+						<td>association ID or <a href="decode.html#kiss">kiss code</a></td>
+					</tr>
+					<tr>
+						<td><tt>st</tt></td>
+						<td>stratum</td>
+					</tr>
+					<tr>
+						<td><tt>t</tt></td>
+						<td><tt>u</tt>: unicast, <tt>b</tt>: broadcast, <tt>l</tt>: local</td>
+					</tr>
+					<tr>
+						<td><tt>when</tt></td>
+						<td>sec/min/hr since last received packet</td>
+					</tr>
+					<tr>
+						<td><tt>poll</tt></td>
+						<td>poll interval (log<sub>2</sub> s)</td>
+					</tr>
+					<tr>
+						<td><tt>reach</tt></td>
+						<td>reach shift register (octal)</td>
+					</tr>
+					<tr>
+						<td><tt>delay</tt></td>
+						<td>roundtrip delay</td>
+					</tr>
+					<tr>
+						<td><tt>offset</tt></td>
+						<td>offset</td>
+					</tr>
+					<tr>
+						<td><tt>jitter</tt></td>
+						<td>jitter</td>
+					</tr>
+				</table>
+			</dd>
+			<dt id="rv"><tt>readvar <i>assocID</i> <i>name</i> [ = <i>value</i> ] [,...]</tt><br>
+				<tt>rv <i>assocID</i> [ <i>name</i> ] [,...]</tt></dt>
+			<dd>Display the specified variables. If <tt><i>assocID</i></tt> is zero, the
+				variables are from the <a href="#system">system variables</a> name space,
+				otherwise they are from the <a href="#peer">peer variables</a> name space.
+				The <tt><i>assocID</i></tt>	is required, as the same name can occur in both spaces. If no <tt><i>name</i></tt> is
+			included, all operative variables in the name space are displayed.
+			In this case only, if the <tt><i>assocID</i></tt> is omitted, it is assumed zero. Multiple
+			names are specified with comma separators and without whitespace.
+			Note that time values are represented in milliseconds and frequency
+			values in parts-per-million (PPM). Some NTP timestamps are represented
+			in the format YYYYMMDDTTTT, where YYYY is the year, MM the month
+			of year, DD the day of month and TTTT the time of day.</dd>
+			<dt id="saveconfig"><tt>saveconfig <i>filename</i></tt></dt>
+			<dd>Write the current configuration, including any runtime modifications given with <tt>:config</tt> or <tt>config-from-file</tt>, to the ntpd host's file <i>filename</i>.  This command will be rejected by the server unless <a href="miscopt.html#saveconfigdir">saveconfigdir</a> appears in the <tt>ntpd</tt> configuration file.  <i>filename</i> can use strftime() format specifiers to substitute the current date and time, for example, <tt>saveconfig ntp-%Y%m%d-%H%M%S.conf</tt>. The filename used is stored in system variable <tt>savedconfig</tt>. Authentication is required.</dd>
+			<dt><tt>writevar <i>assocID</i> <i>name</i> = <i>value</i> [,...]</tt></dt>
+			<dd>Write the specified variables. If the <tt><i>assocID</i></tt> is  zero, the variables
+			are from the <a href="#system">system variables</a> name space, otherwise they are from the <a href="#peer">peer variables</a> name	space. The <tt><i>assocID</i></tt> is required, as the same name can occur
+			in both spaces.</dd>
+	</dl>
+	<h4 id="status">Status Words and Kiss Codes</h4>
+		<p>The current state of the operating program is shown in a set of status words maintained by the system and each association separately. These words are displayed in the <tt>rv</tt> and <tt>as</tt> commands both in hexadecimal and decoded short tip strings. The codes, tips and short explanations are on the <a href="decode.html">Event Messages and Status Words</a> page. The page also includes a list of system and peer messages, the code for the latest of which is included in the status word.</p>
+		<p>Information resulting from protocol machine state transitions is displayed using an informal set of ASCII strings called <a href="decode.html#kiss">kiss codes</a>. The original purpose was for kiss-o'-death (KoD) packets sent by the server to advise the client of an unusual condition. They are now displayed, when appropriate, in the reference identifier field in various billboards.</p>
+		<h4 id="system">System Variables</h4>
+		<p>The following system variables appear in the <tt>rv</tt> billboard. Not all variables are displayed in some configurations.</p>
+		<table width="100%" border="1" cellspacing="2" cellpadding="2">
+			<tr>
+				<td>Variable</td>
+				<td>Description</td>
+			</tr>
+			<tr>
+				<td><tt>status</tt></td>
+				<td><a href="decode.html#sys">system status word</a></td>
+			</tr>
+			<tr>
+				<td><tt>version</tt></td>
+				<td>NTP software version and build time</td>
+			</tr>
+			<tr>
+				<td><tt>processor</tt></td>
+				<td>hardware platform and version</td>
+			</tr>
+			<tr>
+				<td><tt>system</tt></td>
+				<td>operating system and version</td>
+			</tr>
+			<tr>
+				<td><tt>leap</tt></td>
+				<td>leap warning indicator (0-3)</td>
+			</tr>
+			<tr>
+				<td><tt>stratum</tt></td>
+				<td>stratum (1-15)</td>
+			</tr>
+			<tr>
+				<td><tt>precision</tt></td>
+				<td>precision (log<sub>2</sub> s)</td>
+			</tr>
+			<tr>
+				<td><tt>rootdelay</tt></td>
+				<td>total roundtrip delay to the primary reference clock</td>
+			</tr>
+			<tr>
+				<td><tt>rootdisp</tt></td>
+				<td>total dispersion to the primary reference clock</td>
+			</tr>
+			<tr>
+				<td><tt>peer</tt></td>
+				<td>system peer association ID</td>
+			</tr>
+			<tr>
+				<td><tt>tc</tt></td>
+				<td>time constant and poll exponent (log<sub>2</sub> s) (3-17)</td>
+			</tr>
+			<tr>
+				<td><tt>mintc</tt></td>
+				<td>minimum time constant (log<sub>2</sub> s) (3-10)</td>
+			</tr>
+			<tr>
+				<td><tt>clock</tt></td>
+				<td>date and time of day</td>
+			</tr>
+			<tr>
+				<td><tt>refid</tt></td>
+				<td>reference ID or <a href="decode.html#kiss">kiss code</a></td>
+			</tr>
+			<tr>
+				<td><tt>reftime</tt></td>
+				<td>reference time</td>
+			</tr>
+			<tr>
+				<td><tt>offset</tt></td>
+				<td>combined time offset</td>
+			</tr>
+			<tr>
+				<td><tt>sys_jitter</tt></td>
+				<td>combined system jitter</td>
+			</tr>
+			<tr>
+				<td><tt>frequency</tt></td>
+				<td>clock frequency offset (PPM)</td>
+			</tr>
+			<tr>
+				<td><tt>clk_wander</tt></td>
+				<td>clock frequency wander (PPM)</td>
+			</tr>
+			<tr>
+				<td><tt>clk_jitter</tt></td>
+				<td>clock jitter</td>
+			</tr>
+			<tr>
+				<td><tt>tai</tt></td>
+				<td>TAI-UTC offset (s)</td>
+			</tr>
+			<tr>
+				<td><tt>leapsec</tt></td>
+				<td>NTP seconds when the next leap second is/was inserted</td>
+			</tr>
+			<tr>
+				<td><tt>expire</tt></td>
+				<td>NTP seconds when the NIST leapseconds file expires</td>
+			</tr>
+		</table>
 		<dl>
-			<dt><tt>0x001 TEST1</tt>
-			<dd>Duplicate packet. The packet is at best a casual retransmission and at worst a malicious replay.
-			<dt><tt>0x002 TEST2</tt>
-			<dd>Bogus packet. The packet is not a reply to a message previously sent. This can happen when the NTP daemon is restarted and before somebody else notices.
-			<dt><tt>0x004 TEST3</tt>
-			<dd>Unsynchronized. One or more timestamp fields are invalid. This normally happens when the first packet from a peer is received.
-			<dt><tt>0x008 TEST4</tt>
-			<dd>Access is denied. See the <a href="accopt.html">Access Control Options</a> page.
-			<dt><tt>0x010 TEST5</tt>
-			<dd>Cryptographic authentication fails. See the <a href="authopt.html">Authentication Options</a> page.
-			<dt><tt>0x020TEST6</tt>
-			<dd>The server is unsynchronized. Wind up its clock first.
-			<dt><tt>0x040 TEST7</tt>
-			<dd>The server stratum is at the maximum than 15. It is probably unsynchronized and its clock needs to be wound up.
-			<dt><tt>0x080 TEST8</tt>
-			<dd>Either the root delay or dispersion is greater than one second, which is highly unlikely unless the peer is unsynchronized to Mars.
-			<dt><tt>0x100 TEST9</tt>
-			<dd>Either the peer delay or dispersion is greater than one second, which is higly unlikely unless the peer is on Mars.
-			<dt><tt>0x200 TEST10</tt>
-			<dd>The autokey protocol has detected an authentication failure. See the <a href="authopt.html">Authentication Options</a> page.
-			<dt><tt>0x400 TEST11</tt>
-			<dd>The autokey protocol has not verified the server or peer is proventic and has valid public key credentials. See the <a href="authopt.html">Authentication Options</a> page.
-			<dt><tt>0x800 TEST12</tt>
-			<dd>A protocol or configuration error has occurred in the public key algorithms or a possible intrusion event has been detected. See the <a href="authopt.html">Authentication Options</a> page.
+			<dt>The jitter and wander statistics are exponentially-weighted RMS averages.
+				The system jitter is defined in the NTPv4 specification; the
+			clock jitter statistic is computed by the clock discipline module.</dt>
+			<dt>When the NTPv4 daemon is compiled with the OpenSSL software library, additional
+				system variables are displayed, including some or all of the following, depending
+				on the particular Autokey dance:</dt>
 		</dl>
-		<h4>Bugs</h4>
-		<p>The peers command is non-atomic and may occasionally result in spurious error messages about invalid associations occurring and terminating the command. The timeout time is a fixed constant, which means you wait a long time for timeouts since it assumes sort of a worst case. The program should improve the timeout estimate as it sends queries to a particular host, but doesn't.</p>
+		<table width="100%" border="1" cellspacing="2" cellpadding="2">
+			<tr>
+				<td>Variable</td>
+				<td>Description</td>
+			</tr>
+			<tr>
+				<td><tt>host</tt></td>
+				<td>Autokey host name</td>
+			</tr>
+			<tr>
+				<td><tt>group</tt></td>
+				<td>Autokey group name</td>
+			</tr>
+			<tr>
+				<td><tt>flags</tt></td>
+				<td>host flags  (see Autokey specification)</td>
+			</tr>
+			<tr>
+				<td><tt>digest</tt></td>
+				<td>OpenSSL message digest algorithm</td>
+			</tr>
+			<tr>
+				<td><tt>signature</tt></td>
+				<td>OpenSSL digest/signature scheme</td>
+			</tr>
+			<tr>
+				<td><tt>update</tt></td>
+				<td>NTP seconds at last signature update</td>
+			</tr>
+			<tr>
+				<td><tt>cert</tt></td>
+				<td>certificate subject, issuer and certificate flags</td>
+			</tr>
+			<tr>
+				<td><tt>until</tt></td>
+				<td>NTP seconds when the certificate expires</td>
+			</tr>
+		</table>
+	<h4 id="peer">Peer Variables</h4>
+		<p>The following system variables apear in the <tt>rv</tt> billboard for each association. Not all variables are displayed in some configurations.</p>
+		<table width="100%" border="1" cellspacing="2" cellpadding="2">
+			<tr>
+				<td>Variable</td>
+				<td>Description</td>
+			</tr>
+			<tr>
+				<td><tt>associd</tt></td>
+				<td>association ID</td>
+			</tr>
+			<tr>
+				<td><tt>status</tt></td>
+				<td><a href="decode.html#peer">peer status word</a></td>
+			</tr>
+			<tr>
+				<td><tt>srcadr<br>
+							srcport</tt></td>
+				<td>source (remote) IP address and port</td>
+			</tr>
+			<tr>
+				<td><tt>dstadr<br>
+							dstport</tt></td>
+				<td>destination (local) IP address and port</td>
+			</tr>
+			<tr>
+				<td><tt>leap</tt></td>
+				<td>leap indicator (0-3)</td>
+			</tr>
+			<tr>
+				<td><tt>stratum</tt></td>
+				<td>stratum (0-15)</td>
+			</tr>
+			<tr>
+				<td><tt>precision</tt></td>
+				<td>precision (log<sub>2</sub> s)</td>
+			</tr>
+			<tr>
+				<td><tt>rootdelay</tt></td>
+				<td>total roundtrip delay to the primary reference clock</td>
+			</tr>
+			<tr>
+				<td><tt>rootdisp</tt></td>
+				<td>total root dispersion to the primary reference clock</td>
+			</tr>
+			<tr>
+				<td><tt>refid</tt></td>
+				<td>reference ID or <a href="decode.html#kiss">kiss code</a></td>
+			</tr>
+			<tr>
+				<td><tt>reftime</tt></td>
+				<td>reference time</td>
+			</tr>
+			<tr>
+				<td><tt>reach</tt></td>
+				<td>reach register (octal)</td>
+			</tr>
+			<tr>
+				<td><tt>unreach</tt></td>
+				<td>unreach counter</td>
+			</tr>
+			<tr>
+				<td><tt>hmode</tt></td>
+				<td>host mode (1-6)</td>
+			</tr>
+			<tr>
+				<td><tt>pmode</tt></td>
+				<td>peer mode (1-5)</td>
+			</tr>
+			<tr>
+				<td><tt>hpoll</tt></td>
+				<td>host poll exponent (log<sub>2</sub> s) (3-17)</td>
+			</tr>
+			<tr>
+				<td><tt>ppoll</tt></td>
+				<td>peer poll exponent (log<sub>2</sub> s) (3-17)</td>
+			</tr>
+			<tr>
+				<td><tt>headway</tt></td>
+				<td>headway (see <a href="rate.html">Rate Management and the Kiss-o'-Death Packet)</a></td>
+			</tr>
+			<tr>
+				<td><tt>flash</tt></td>
+				<td><a href="decode.html#flash">flash status word</a></td>
+			</tr>
+			<tr>
+				<td><tt>offset</tt></td>
+				<td>filter offset</td>
+			</tr>
+			<tr>
+				<td><tt>delay</tt></td>
+				<td>filter delay</td>
+			</tr>
+			<tr>
+				<td><tt>dispersion</tt></td>
+				<td>filter dispersion</td>
+			</tr>
+			<tr>
+				<td><tt>jitter</tt></td>
+				<td>filter jitter</td>
+			</tr>
+			<tr>
+				<td><tt>bias</tt></td>
+				<td>unicast/broadcast bias</td>
+			</tr>
+			<tr>
+				<td><tt>xleave</tt></td>
+				<td>interleave delay (see <a href="xleave.html">NTP Interleaved Modes</a>)</td>
+		  </tr>
+		</table>
+	<p>The bias vaqriable is calculated when the first broadcast packet is received
+		after the calibration volley. It represents the offset of the broadcast
+		subgraph relative to the unicast subgraph. The xleave variable appears
+		only the interleaved symmetric and ingterleaved modes. It represents
+		the internal queueing, buffering and transmission delays for the preceeding
+	packet.</p>
+	<p>When the NTPv4 daemon is compiled with the OpenSSL software library, additional peer variables are displayed, including the following:</p>
+<table width="100%" border="1" cellspacing="2" cellpadding="2">
+			<tr>
+				<td>Variable</td>
+				<td>Description</td>
+			</tr>
+			<tr>
+				<td><tt>flags</tt></td>
+				<td>peer flags (see Autokey specification)</td>
+			</tr>
+			<tr>
+				<td><tt>host</tt></td>
+				<td>Autokey server name</td>
+			</tr>
+			<tr>
+				<td><tt>flags</tt></td>
+				<td>peer flags (see Autokey specification)</td>
+			</tr>
+			<tr>
+				<td><tt>signature</tt></td>
+				<td>OpenSSL digest/signature shceme</td>
+			</tr>
+			<tr>
+				<td><tt>initsequence</tt></td>
+				<td>initial key ID</td>
+			</tr>
+			<tr>
+				<td><tt>initkey</tt></td>
+				<td>initial key index</td>
+			</tr>
+			<tr>
+				<td><tt>timestamp</tt></td>
+				<td>Autokey signature timestamp</td>
+			</tr>
+		</table>
+	<h4 id="clock">Clock Variables</h4>
+		<p>The following clock variables apear in the <tt>cv</tt> billboard for each association with a reference clock. Not all variables are displayed in some configurations.</p>
+		<table width="100%" border="1" cellspacing="2" cellpadding="2">
+			<tr>
+				<td>Variable</td>
+				<td>Description</td>
+			</tr>
+			<tr>
+				<td><tt>associd</tt></td>
+				<td>association ID</td>
+			</tr>
+			<tr>
+				<td><tt>status</tt></td>
+				<td><a href="decode.html#clock">clock status word</a></td>
+			</tr>
+			<tr>
+				<td><tt>device</tt></td>
+				<td>device description</td>
+			</tr>
+			<tr>
+				<td><tt>timecode</tt></td>
+				<td>ASCII timecode string (specific to device)</td>
+			</tr>
+			<tr>
+				<td><tt>poll</tt></td>
+				<td>poll messages sent</td>
+			</tr>
+			<tr>
+				<td><tt>noreply</tt></td>
+				<td>no reply</td>
+			</tr>
+			<tr>
+				<td><tt>badformat</tt></td>
+				<td>bad format</td>
+			</tr>
+			<tr>
+				<td><tt>baddata</tt></td>
+				<td>bad date or time</td>
+			</tr>
+			<tr>
+				<td><tt>fudgetime1</tt></td>
+				<td>fudge time 1</td>
+			</tr>
+			<tr>
+				<td><tt>fudgetime2</tt></td>
+				<td>fudge time 2</td>
+			</tr>
+			<tr>
+				<td><tt>stratum</tt></td>
+				<td>driver stratum</td>
+			</tr>
+			<tr>
+				<td><tt>refid</tt></td>
+				<td>driver reference ID</td>
+			</tr>
+			<tr>
+				<td><tt>flags</tt></td>
+				<td>driver flags</td>
+			</tr>
+		</table>
 		<hr>
 		<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
 	</body>
diff --git a/html/ntptime.html b/html/ntptime.html
index a9ea33b..11da1fb 100644
--- a/html/ntptime.html
+++ b/html/ntptime.html
@@ -5,15 +5,15 @@
 	<head>
 		<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
 		<meta name="generator" content="HTML Tidy, see www.w3.org">
-		<title>ntptime - read kernel time variables</title>
+		<title>ntptime - read and set kernel time variables</title>
 		<link href="scripts/style.css" type="text/css" rel="stylesheet">
 	</head>
 
 	<body>
-		<h3><tt>ntptime</tt> - read kernel time variables</h3>
+		<h3><tt>ntptime</tt> - read and set kernel time variables</h3>
 		<img src="pic/pogo5.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/~mills/pictures.html">from <i>Pogo</i>, Walt Kelly</a>
 		<p>The turtle has been swimming in the kernel.</p>
-		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">18:46</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="246">Thursday, July 28, 2005</csobj></p>
+		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">16:40</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="289">Wednesday, March 12, 2008</csobj></p>
 		<br clear="left">
 		<hr>
 		<h4>Synopsis</h4>
diff --git a/html/ntptrace.html b/html/ntptrace.html
index 3b533f9..b119664 100644
--- a/html/ntptrace.html
+++ b/html/ntptrace.html
@@ -13,13 +13,14 @@
 		<h3><tt>ntptrace</tt> - trace a chain of NTP servers back to the primary source</h3>
 		<img src="pic/alice13.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/~mills/pictures.html">from <i>Alice's Adventures in Wonderland</i>, Lewis Carroll</a>
 		<p>The rabbit knows the way back.</p>
-		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">18:47</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="246">Thursday, July 28, 2005</csobj></p>
+		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">19:06</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="308">Wednesday, January 16, 2008</csobj></p>
 		<br clear="left">
 		<hr>
 		<h4>Synopsis</h4>
-		<tt>ntptrace [ -vdn ] [ -r <i>retries</i> ] [ -t <i>timeout</i> ] [ <i>server</i> ]</tt>
+		<tt>ntptrace [ -n ] [ -m <i>maxhosts</i> ] [ <i>server</i> ]</tt>
 		<h4>Description</h4>
-		<p><tt>ntptrace</tt> determines where a given Network Time Protocol (NTP) server gets its time from, and follows the chain of NTP servers back to their master time source. If given no arguments, it starts with <tt>localhost</tt>. Here is an example of the output from <tt>ntptrace</tt>:</p>
+		<p><tt>ntptrace</tt> is a <tt>perl</tt> script that uses the <tt>ntpq</tt> utility program to follow the chain of NTP&nbsp;servers from a given host back to the primary time source. For <tt>ntptrace</tt> to work properly, each of these servers must implement the NTP&nbsp;Control and Monitoring Protocol specified in RFC 1305 and enable NTP&nbsp;Mode 6 packets.</p>
+		<p>If given no arguments, <tt>ntptrace</tt> starts with <tt>localhost</tt>. Here is an example of the output from <tt>ntptrace</tt>:</p>
 		<pre>
 % ntptrace
 localhost: stratum 4, offset 0.0019529, synch distance 0.144135
@@ -29,16 +30,8 @@ usndh.edu: stratum 1, offset 0.0019298, synch distance 0.011993, refid 'WWVB'
 		<p>On each line, the fields are (left to right): the host name, the host stratum, the time offset between that host and the local host (as measured by <tt>ntptrace</tt>; this is why it is not always zero for &quot;<tt>localhost</tt>&quot;), the host synchronization distance, and (only for stratum-1 servers) the reference clock ID. All times are given in seconds. Note that the stratum is the server hop count to the primary source, while the synchronization distance is the estimated error relative to the primary source. These terms are precisely defined in RFC-1305.</p>
 		<h4>Options</h4>
 		<dl>
-			<dt><tt>-d</tt>
-			<dd>Turns on some debugging output.
 			<dt><tt>-n</tt>
 			<dd>Turns off the printing of host names; instead, host IP addresses are given. This may be useful if a nameserver is down.
-			<dt><tt>-r <i>retries</i></tt>
-			<dd>Sets the number of retransmission attempts for each host (default = 5).
-			<dt><tt>-t <i>timeout</i></tt>
-			<dd>Sets the retransmission timeout (in seconds) (default = 2).
-			<dt><tt>-v</tt>
-			<dd>Prints verbose information about the NTP servers.
 		</dl>
 		<h4>Bugs</h4>
 		<p>This program makes no attempt to improve accuracy by doing multiple samples.</p>
@@ -46,4 +39,4 @@ usndh.edu: stratum 1, offset 0.0019298, synch distance 0.011993, refid 'WWVB'
 		<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
 	</body>
 
-</html>
\ No newline at end of file
+</html>
diff --git a/html/parsenew.html b/html/parsenew.html
index 4f11a46..7e0ba5c 100644
--- a/html/parsenew.html
+++ b/html/parsenew.html
@@ -185,9 +185,7 @@ struct clockformat
 		</ol>
 		<p>Well, this is very sketchy, i know. But I hope it helps a little bit. The best way is to look which clock comes closest to your and tweak that code.</p>
 		<p>Two sorts of clocks are used with parse. Clocks that automatically send their time code (once a second) do not need entries in the poll routines because they send the data all the time. The second sort are the clocks that need a command sent to them in order to reply with a time code (like the Trimble clock).</p>
-		<p>For questions: <a href="mailto:%20kardel <AT> acm.org">kardel 
-				<AT>
-				acm.org</a>.</p>
+		<p>For questions: <a href="mailto:%20kardel <AT> acm.org">kardel@acm.org</a>.</p>
 		<p>Please include an exact description on how your clock works. (initialisation, TTY modes, strings to be sent to it, responses received from the clock).</p>
 		<hr>
 		<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
diff --git a/html/pps.html b/html/pps.html
index b9fcd7f..b41ac77 100644
--- a/html/pps.html
+++ b/html/pps.html
@@ -13,29 +13,37 @@
 		<h3>Pulse-per-second (PPS) Signal Interfacing</h3>
 		<img src="pic/alice32.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/%7emills/pictures.html">from <i>Alice's Adventures in Wonderland</i>, Lewis Carroll</a>
 		<p>Alice is trying to find the PPS signal connector.</p>
-		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">18:48</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="246">Thursday, July 28, 2005</csobj></p>
+		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">22:01</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="308">Wednesday, January 02, 2008</csobj></p>
 		<br clear="left">
 		<h4>Related Links</h4>
-		<script type="text/javascript" language="javascript" src="scripts/links11.txt"></script>
+		<script type="text/javascript" language="javascript" src="scripts/misc.txt"></script>
+		<h4>Table of Contents</h4>
+		<ul>
+			<li class="inline"><a href="#intro">Introduction</a></li>
+			<li class="inline"><a href="#gadget">Gadget Box</a></li>
+			<li class="inline"><a href="#opsys">Operating System Support</a></li>
+			<li class="inline"><a href="#use">Using the Pulse-per-Second (PPS) Signal</a></li>
+			</ul>
 		<hr>
-		<p>Some radio clocks and related timekeeping gear have a pulse-per-second (PPS) signal that can be used to discipline the system clock to a high degree of precision, typically to the order less than 10 <font face="Symbol">m</font>s in time and 0.01 parts-per-million (PPM) in frequency. This page describes the hardware and software necessar for NTP to use this signal.</p>
-		<img src="pic/gadget.jpg" alt="gif" align="left">A Gadget Box built by Chuck Hanavin<br clear="left">
-		<h4>Gadget Box</h4>
-		<p>The PPS signal can be connected in either of two ways: via the data carrier detector (DCD) pin of a serial port or via the acknowledge (ACK) pin of a parallel port, depending on the hardware and operating system. Note that NTP no longer supports connection via the data leads of a serial port. However, the PPS signal levels are usually incompatible with serial port levels. The gadget box consists of a handful of electronic components assembled in a small aluminum box. It includes level converters and a optional modem designed to decode the radio timecode signals transmitted by Canadian time and frequency station CHU. This can be used with the <a href="drivers/driver7.html">Radio CHU Audio Demodulator/Decoder</a>. A complete set of schematics, PCB artwork and drill templates can be obrtained via the web at <a href="ftp://ftp.udel.edu/pub/ntp/hardware/gadget.tar.Z">gadget.tar.Z</a>.</p>
-		<h4>Operating System Support&nbsp;</h4>
-		<p>Both the serial and parallel port connection require operating system support, which is available in only a few operating systems, including FreeBSD, Linux (with PPSkit patch) and Solaris. Support on an experimental basis is available for several other systems, including SunOS and HP/Compaq/Digital Tru64. The PPSAPI application program interface defined in [1] is the only interface currently supported. Older PPS interfaces based on the <tt>ppsclock</tt> and <tt>tty_clk</tt> streams modules are no longer supported. As the PPSAPI is expected to become an IETF cross-platform standard, it should be used by new applications.</p>
-		<p>The entire PPS interface functionality is currently provided by inline code in the <tt>timepps.h</tt> header file. While not all implementations support the full PPSAPI specification, they do support all the functions required for the PPS driver described next. The FreeBSD, Linux and Solaris implementations can be used with the stock kernels provided with those systems; however, the Tru64 and SunOS kernels require additional functions not provided in the stock kernels. Solaris users are cautioned that these functions operate improperly in Solaris versions prior to 2.8 with patch Generic_108528-02. Header files for other systems can be found via the web at <a href="ftp://ftp.udel.edu/pub/ntp/software/nanokernel.tar.gz">nanokernel.tar.gz</a>.</p>
-		<h4>PPS Driver</h4>
-		<p>In the preferred mode of operation, PPS signals are processed by the <a href="drivers/driver22.html">PPS Clock Discipline</a> driver and other clock drivers which might be involved need not know or care about them. In some cases where there is no other driver, time might be obtained from remote NTP servers via the network and local PPS signals, for instance from a calibrated cesium oscillator, used to stabilize the frequency and remove network jitter. Note that the <tt>pps</tt> configuration command has been obsoleted by this driver.</p>
-		<p>The PPS driver operates in conjunction with a preferred peer, as described in the <a href="prefer.html">Mitigation Rules and the <tt>prefer</tt> Keyword</a> page. One of the drivers described in the <a href="refclock.html">Reference Clock Drivers</a> page or another NTP server furnishes the coarse timing and disambiguates the seconds numbering of the PPS signal itself. The NTP daemon mitigates between the clock driver or NTP server and the PPS driver as described in that page in order to provide the most accurate time, while respecting the various types of equipment failures that could happen.</p>
-		<p>Some Unix system kernels support a PPS signal directly, as described in the <a href="kern.html">A Kernel Model for Precision Timekeeping</a> page. Specifically, the PPS driver can be used to direct the PPS signal to the kernel for use as a discipline source for both time and frequency. The presence of the kernel support is automatically detected during the NTP build process and supporting code automatically compiled. Note that the PPS driver does not normally enable the PPS kernel code, since performance is generally better without it. However, this code can be enabled by a driver fudge flag if necessary.</p>
-		<p>Some configurations may include multiple radio clocks with individual PPS outputs. In some PPSAPI designs multiple PPS signals can be connected to multiple instances of the PPS driver. In such cases the NTP mitigation and grooming algorithms operate with all the radio timecodes and PPS signals to develop the highest degree of redundancy and survivability.</p>
-		<h4>Reference</h4>
-		<ol>
-			<li>Mogul, J., D. Mills, J. Brittenson, J. Stone and U. Windl. Pulse-per-second API for Unix-like operating systems, version 1. Request for Comments RFC-2783, Internet Engineering Task Force, March 2000, 31 pp. <a href="http://www.eecis.udel.edu/mills/database/rfc/rfc2783.txt">ASCII</a>
-		</ol>
-		<hr>
-		<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
+		<h4 id="intro">Introduction</h4>
+			<p>Most radio clocks are connected using a serial port operating at speeds of 9600 bps. The accuracy using typical timecode formats, where the on-time epoch is indicated by a designated ASCII character like carriage-return <tt>&lt;cr&gt;</tt>, is normally limited to a hundred microseconds. Using carefuly crafted averaging techniques, the NTP&nbsp;algorithms can whittle this down to a few tens of microseconds. However, some radios produce a PPS signal which can be used to improve the accuracy to few microseconds. This page describes the hardware and software necessar for NTP to use the PPS signal.</p>
+			<div align="center">
+		<img src="pic/gadget.jpg" alt="gif"><br>
+		A Gadget Box built by Chuck Hanavin
+		</div>
+			<h4 id="gadget">Gadget Box</h4>
+			<p>The PPS signal can be connected in either of two ways: via the DCD data carrier detect pin of a serial port or via the ACK&nbsp;acknowledge pin of a parallel port, depending on the hardware and operating system. Note that NTP no longer supports connection via the RD&nbsp;data pin of a serial port.</p>
+			<p>However, the PPS signal levels are usually incompatible with serial port levels. The gadget box consists of a handful of electronic components assembled in a small aluminum box. It includes level converters and a optional modem designed to decode the radio timecode signals transmitted by Canadian time and frequency station CHU. This can be used with the <a href="drivers/driver7.html">Radio CHU Audio Demodulator/Decoder</a>. A complete set of schematics, PCB artwork and drill templates can be obrtained via the web at <a href="ftp://ftp.udel.edu/pub/ntp/hardware/gadget.tar.Z">gadget.tar.Z</a>.</p>
+			<h4 id="opsys">Operating System Support</h4>
+			<p>Both the serial and parallel port connection require operating system support, which is available in only a few operating systems, including FreeBSD, Linux (with PPSkit patch) and Solaris. Support on an experimental basis is available for several other systems, including SunOS and HP/Compaq/Digital Tru64. The kernel interface described on the <a href="kernpps.html">PPSAPI Interface for Precision Time Signals</a> page is the only interface currently supported. Older PPS interfaces based on the <tt>ppsclock</tt> and <tt>tty_clk</tt> streams modules are no longer supported.</p>
+			<h4>PPS Driver</h4>
+			<p>PPS support requires the PPS driver (described on the <a href="drivers/driver22.html">Type 22 PPS Clock Discipline</a> page. The driver operates in conjunction with a prefer peer, as described in the <a href="prefer.html">Mitigation Rules and the <tt>prefer</tt> Keyword</a> page. The prefer peer is ordinarily the radio clock that provides the PPS signal, but in principle another radio clock or remote Internet server could be designated prerred. A source is desgnated prefer using the <tt>prefer</tt> keyword, as described on the <a href="prefer.html">Mitigation Rules and the <tt>prefer</tt> keyword</a> page. Only one source can be designated preferred. PPS signals are processed by the PPS&nbsp;driver and other clock drivers which might be involved need not know or care about PPS&nbsp;capability. Note that the <tt>pps</tt> configuration command has been obsoleted by this driver.</p>
+			<h4 id="pps">Using the Pulse-per-Second (PPS) Signal</h4>
+			<p>The PPS signal  can be used in two ways, one using the NTP grooming and mitigations algorithms and the other using PPS signal support in the kernel, as described in the <a href="kern.html">Kernel Model for Precision Timekeeping</a> page. In either case, the PPS&nbsp;signal must be present and within nominal jitter and wander tolerances. In addition, the PPS&nbsp;driver and prefer peer must survive the sanity checks and intersection algorithms. Finally, the offset of the system clock relative to the prefer peer must be less than 128 ms, or well within the 0.5-s unambiguous range. The PPS peer remains active as long as these conditions are met.</p>
+			<p>The presence of PPS&nbsp;kernel support is automatically detected during the NTP configuration process and supporting code automatically compiled. When kernel PPS&nbsp;support is enabled, the PPS driver can direct the signal directly to the kernel. Note that the PPS driver does not normally enable the PPS kernel, since performance is generally better with older systems. However, the kernel can be enabled by a driver fudge flag if necessary. This is advised for newer machines in the Pentium class.</p>
+			<p>The kernel maintains a watchdog timer for the PPS signal; if the signal has not been heard or is out of tolerance for more than some interval, currently two minutes, the kernel discipline is disabled and operation continues as if it were not present.  </p>
+			<hr>
+			<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
 	</body>
 
 </html>
\ No newline at end of file
diff --git a/html/prefer.html b/html/prefer.html
index 00225d1..67a6816 100644
--- a/html/prefer.html
+++ b/html/prefer.html
@@ -1,72 +1,161 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-
 <html>
+<head>
+<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
+<title>Mitigation Rules and the prefer Keyword</title>
+<link href="scripts/style.css" type="text/css" rel="stylesheet">
+</head>
+<body>
+
+<h3>Mitigation Rules and the <tt>prefer</tt> Keyword</h3>
+
+<img src="pic/alice11.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/%7emills/pictures.html"> from <i>Alice's Adventures in Wonderland</i>, Lewis Carroll</a>
+<p>Listen carefully to what I say; it is very complicated.</p>
+<p>Last update: 
+	<!-- #BeginDate format:En2m -->22-Apr-2009  14:04<!-- #EndDate -->
+UTC</p>
+<br clear="left">
+
+<h4>Related Links</h4>
+
+<script type="text/javascript" language="javascript" src="scripts/misc.txt"></script>
+
+<h4>Table of Contents</h4>
+
+<ul>
+
+<li class="inline"><a href="#intro">Introduction</a></li>
+<li class="inline"><a href="#peer">Peer Classification</a></li>
+<li class="inline"><a href="#prefer">The <tt>prefer</tt> Peer</a></li>
+<li class="inline"><a href="#miti">Mitigation Rules</a></li>
+<li class="inline"><a href="#mins">The <tt>minsane</tt> Option</a></li>
+
+</ul>
+
+<hr>
+
+<h4 id="intro">Introduction</h4>
+
+<p>This page summarizes the criteria for choosing from among a number of potential sources suitable contributors to the clock discipline algorithm. The criteria are very meticulous, since they have to handle many different scenarios that may be optimized for peculiar circumstances, including some scenarios designed to support planetary and deep space missions.</p>
+
+<p>Recall the suite of NTP data acquisition and grooming algorithms as these algorithms proceed in five phases. Phase one discovers the available sources and mobilizes an association for each candidate found. These candidates can result from explicit configuration, broadcast discovery or the pool and manycast autonomous configuration schemes. Phase two grooms the selectable candidates excluding those sources showing one or more of the following errors</p>
+
+<ol>
+
+<li>A stratum error occurs if (1) the source had never been synchronized or (2) the stratum of the source is below the <tt>floor</tt> option or not below the <tt>ceiling</tt> option specified by the <tt>tos</tt> command. The default value for these options are 0 and 16, respectively.</li>
+
+<li>A distance error occurs for a remote source if the root distance is not below the distance threshold <tt>maxdist</tt> option of the <tt>tos</tt> command. The default value for this option is 1.5 s for networks including only the Earth, but this should be increased to 2.5 s for networks including the Moon.</li>
+
+<li>A loop error occurs if the source is synchronized to the client of if the source is synchronized to the same source as the client.</li>
+
+<li>An unreachable error occurs if the source is unreachable or if the <tt>server</tt> or <tt>peer</tt> command for the source includes the <tt>noselect</tt> option.</li>
+
+</ol>
+
+<p>Phase three uses an intersection algorithm to select the truechimers from
+	among the candidates, leaving behind the falsetickers. A server or peer configured
+	with the <tt>true</tt> option is ipso facto a truechimer independent of this
+	algorithm. Phase four uses a clustering algorithm to cast off statistical outliers
+	from the truechimers until a set of survivors not less than the number specified
+	as the <tt>minclock</tt> option of the <tt>tos</tt> command, with default 3.
+	Phase five uses a set of mitigation rules to select from among the survivors
+	a system peer from which a set of system statistics can be inherited and passed
+	along to a dependent client population. The clock offset developed from these
+	algorithms can discipline the system clock either using the <tt>ntpd</tt> clock
+	discipline algorithm or enable the kernel to discipline the system clock directly,
+	as described on the <a href="kern.html">A Kernel Model for Precision Timekeeping</a> page.
+	Phase five is the topic of this page.</p>
+
+<h4 id="peer">Peer Classification</h4>
+
+<p>The behavior of the various algorithms and mitigation rules involved depends on how the various synchronization sources are classified. This depends on whether the source is local or remote and if local the type of source. The following classes are defined:</p>
+
+<ol>
+
+<li>An association configured for a remote server or peer is classified simply as a <i>server</i>. All other associations are classified as a <i>device driver</i> of one kind or another. In general, one or more sources of either or both types will be configured in each installation.</li>
+
+<li>If all sources have been lost and the orphan stratum has been specified by the <tt>orphan</tt> option of the <tt>tos</tt> command, a pseudo-source called the <i>orphan parent</i> is created with offset and jitter both zero. Dependent orphan children will see the orphan parent as if synchronized to a  server at the orphan stratum.If the only survivor is the orphan parent, it becomes the system peer and its clock offset and jitter are inherited by the corresponding system variables. Note that by design all the orphan children having the same set of orphan parents will select the same parent.</li>
+
+<li>When a device driver has been configured for pulse-per-second (PPS) signals and PPS signals are being received, it is designated the <i>PPS driver.</i> Note that the Pulse-per-Second driver (type 22) is often used as a PPS driver, but any driver can be operated as a PPS driver as well. The PPS driver provides precision clock discipline only within +-0.5 s, so is always associated with another source or sources that provide the seconds numbering function.</li>
+
+<li>When the Undisciplined Local Clock driver (type 1) is configured, it is designated the <i>local driver</i>. This driver is used either as a backup source (stratum greater than zero) should all sources fail, or as the primary source (stratum zero) in cases where the kernel time is disciplined by some other means of synchronization, such as the NIST <tt>lockclock</tt> scheme, or another synchronization protocol such as the Digital Time Synchronization Service (DTSS).</li>
+
+<li>When the Automated Computer Time Service driver (type 18) is configured, it is designated the <i>modem driver</i>. This is used either as a backup source, should all other sources fail, or as the (only) primary source.</li>
+
+</ol>
+
+<h4 id="prefer">The <tt>prefer</tt> Peer</h4>
+
+<p>The mitigation rules are designed to provide an intelligent selection of the system peer from among the survivors of different types. When used with the <tt>server</tt> or <tt>peer</tt>  commands, the <tt>prefer</tt> option designates one or more survivors as preferred over all others. While the rules do not forbid it, it is usually not useful to designate more than one source as preferred; however, if more than one source is so designated, they are used in the order specified in the configuration file; that is, if the first one becomes unselectable, the second one is considered and so forth. This order of priority is also applicable to multiple PPS drivers, multiple modem drivers and even multiple local drivers, although that would not normally be useful.</p>
+
+<p>The clustering algorithm works on the set of truechimers produced by the intersection algorithms. Ordinarily, any one of them can in principle provide correct time; however, due to various latency variations, not all can provide the most accurate and stable time. The clustering algorithm, processes the truechimers in one or more rounds to cast off a statistical outlier until no more than the <tt>minclock</tt> option of the <tt>tos</tt> command are left. The default for this option is 3.</p>
+
+<p>In the prefer scheme the clustering algorithm is modified so that the prefer peer is never discarded; on the contrary, its potential removal becomes a rounds-termination condition. However, the prefer peer can still be discarded by the intersection algorithm as a falseticker. To avoid this, it is usually wise to increase the <tt>mindist</tt> option of the <tt>tos</tt> command from the default .005 s to something like .05 s.</p>
+
+<p>Ordinarily, the combining algorithm computes a weighted average of the survivor
+	offsets to produce the final synchronization source. However, if a prefer
+	peer is among the survivors, the combining algorithm is not used. Instead,
+	the offset of the prefer peer is used exclusively as the final synchronization
+	source. In the common case involving a radio clock and a flock of remote backup
+	servers, and with the radio clock designated a prefer peer, the result is that
+	the radio clock normally disciplines the system clock as long as the radio itself
+	remains operational. However, if the radio fails or becomes a falseticker,
+	the averaged backup sources continue to discipline the system clock.</p>
+
+<h4 id="miti">Mitigation Rules</h4>
+
+<p>As the selection algorithm scans the associations for selectable candidates, the modem driver and local driver are segregated for later, but only if not designated a prefer peer. If so designated, a driver is included among the candidate population. In addition, if orphan parents are found the parent with the lowest  metric is segregated for later; the others are discarded. For this purpose the metric is defined as the four-octet IPv4 address or the first four octets of the hashed IPv6 address. The resulting candidates, including any prefer peers found, are processed by the intersection to produce a possibly empty set of truechimers. The clustering algorithm ranks the truechimers first by stratum then by synchronization distance and designates the survivor with the lowest distance as the potential system peer.</p>
+
+<p>If one or more truechimers support a pulse-per-second (PPS) signal and the
+	PPS signal is operating correctly, it is designated a PPS driver. If more than
+	one PPS diver are found, only the first one is used. The PPS driver is not included
+	in the combining algorithm and is mitigated separately.</p>
+
+<p>At this point we have the following contributors to the system clock discipline:</p>
+
+<ul>
+
+<li>(potential) system peer, if there are survivors;</li>
+<li>orphan parent, if present;</li>
+<li>local driver and zero offset, if present;</li>
+<li>modem driver and modem offset, if present;</li>
+<li>prefer peer and offset, if present;</li>
+<li>PPS driver and offset, if present.</li>
+</ul>
+
+<p>The mitigation algorithm proceeds in three steps in turn.</p>
+
+<ol>
+
+<li>If there are no survivors, the modem driver becomes the only survivor if there is one. If not, the local driver becomes the only survivor if there is one. If not, the orphan parent becomes the only survivor if there is one. If the number of survivors at this point is less than the <tt>minsane</tt> option of the <tt>tos</tt> command, the algorithm is terminated and the system variables remain unchanged. Note that <tt>minsane</tt> is by default 1, but can be set at any value including 0.</li>
+
+<li>If the prefer peer is among the survivors, it becomes the system peer and its clock offset and jitter are inherited by the corresponding system variables. Otherwise, the combining algorithm computes these variables from the survivor population.</li>
+
+<li>If there is a PPS driver and the system clock offset at this point is less than 0.4 s, and if there is a prefer peer among the survivors or if the PPS peer is designated as a prefer peer, the PPS driver becomes the system peer and its offset and jitter are inherited by the system variables, thus overriding any variables already computed. Note that a PPS driver is present only if PPS signals are actually being received and enabled by the associated driver.</li>
+
+</ol>
+
+<p>If none of the above is the case, the data are disregarded and the system variables remain as they are.</p>
+
+<h4 id="mins">The <tt>minsane</tt> Option</H4>
+
+<p> The <tt>minsane</tt> option of the <tt>tos</tt> command, the <tt>prefer</tt> option of the <tt>server</tt> and <tt>peer</tt> commands and the <tt>flag</tt> options of the <tt>fudge</tt> command for the PPS driver can be used with the mitigation rules to provide many useful configurations. The <tt>minsane</tt> option specifies the minimum number of survivors required to synchronized the system clock. The <tt>prefer</tt> option designates the prefer peer. The driver-dependent <tt>flag</tt> options enable the PPS driver for various conditions.</p>
+
+<p>A common scenario is a GPS driver with a serial timecode and PPS signal. The
+	PPS signal is disabled until the system clock has been set by some means, not
+	necessarily the GPS driver. If the serial timecode is within 0.4 s of the PPS
+	signal, the GPS driver is designated the PPS driver and the PPS signal disciplines
+	the system clock. If no GPS satellites are in view, or if the PPS signal is
+	disconnected, the GPS driver stops updating the system clock and so eventually
+	becomes unreachable and replaced by other sources..</p>
+
+<p>Whether or not the GPS driver disables the PPS signal when unreachable is
+at the discretion of the driver. Ordinarily, the PPS signal would be disabled in this case; however, When the GPS receiver has a precision holdover oscillator, the driver may elect to continue PPS operation. In this case the PPS signal continues to discipline the system clock.</p>
+
+<p>&nbsp;</p>
 
-	<head>
-		<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
-		<title>Mitigation Rules and the prefer Keyword</title>
-		<link href="scripts/style.css" type="text/css" rel="stylesheet">
-	</head>
-
-	<body>
-		<h3>Mitigation Rules and the <tt>prefer</tt> Keyword</h3>
-		<img src="pic/alice11.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/%7emills/pictures.html"> from <i>Alice's Adventures in Wonderland</i>, Lewis Carroll</a>
-		<p>Listen carefully to what I say; it is very complicated.</p>
-		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">18:49</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="246">Thursday, July 28, 2005</csobj></p>
-		<br clear="left">
-		<h4>Related Links</h4>
-		<script type="text/javascript" language="javascript" src="scripts/links10.txt"></script>
-		<h4>Table of Contents</h4>
-		<ul>
-			<li class="inline"><a href="#intro">Introduction</a>
-			<li class="inline"><a href="#prefer">The <tt>prefer</tt> Peer</a>
-			<li class="inline"><a href="#peer">Peer Classification</a>
-			<li class="inline"><a href="#miti">Mitigation Rules</a>
-			<li class="inline"><a href="#pps">Using the Pulse-per-Second (PPS) Signal</a>
-		</ul>
-		<hr>
-		<h4 id="intro">Introduction</h4>
-		<p>The mechanics of the NTP algorithms which select the best data sample from each available server and the best subset of the server population have been finely crafted to resist network jitter, faults in the network or server operations, and to deliver the best possible accuracy. Most of the time these algorithms do a good job without requiring explicit manual tailoring of the configuration file. However, there are times when the accuracy can be improved by some careful tailoring. The following sections explain how to do this using explicit configuration items and special signals, when available, that are generated by some radio clocks and laboratory instruments.</p>
-		<p>In order to provide robust backup sources, primary (stratum-1) servers are usually operated in a diversity configuration, in which the server operates with a number of remote servers in addition to one or more radio or modem clocks. In these configurations the suite of algorithms used in NTP to refine the data from each peer separately and to select and combine the data from a number of servers and clocks. As the result of these algorithms, a set of <i>survivors</i> are identified which can presumably provide the most reliable and accurate time. Ordinarily, the individual clock offsets of the survivors are combined on a weighted average basis to produce an offset used to control the system clock.</p>
-		<p>However, because of small but significant systematic time offsets between the survivors, it is in general not possible to achieve the lowest jitter and highest stability in these configurations. This happens because the selection algorithm tends to <i>clockhop</i> between survivors of substantially the same quality, but showing small systematic offsets between them. In addition, there are a number of configurations involving pulse-per-second (PPS) signals, modem backup services and other special cases, so that a set of mitigation rules becomes necessary to select a single peer from among the survivors. These rules are based on a set of special characteristics of the various remote servers and reference clock drivers specified in the configuration file.</p>
-		<h4 id="prefer">The <tt>prefer</tt> Peer</h4>
-		<p>The mitigation rules are designed to provide an intelligent selection between various sources of substantially the same statistical quality without compromising the normal operation of the NTP algorithms. While they have been implemented in NTP Version 4 and will be incorporated in the NTP Version 4 specification when published, they are not in the NTP Version 3 specification RFC-1305. The rules are based on the concept of <i>prefer peer</i>, which is specified by including the <tt>prefer</tt> keyword with the associated <tt>server</tt> or <tt>peer</tt> command in the configuration file. This keyword can be used with any server or peer, but is most commonly used with a radio clock. While the rules do not forbid it, it does not seem useful to designate more than one peer as preferred, since the additional complexities to mitigate among them do not seem justified from on-air experience.</p>
-		<p>The prefer scheme works on the set of peers that have survived the sanity checks and intersection algorithms of the clock selection procedures. Ordinarily, the members of this set can be considered <i>truechimers</i> and any one of them could in principle provide correct time; however, due to various error contributions, not all can provide the most accurate and stable time. The job of the clustering algorithm, which is invoked at this point, is to select the best subset of the survivors providing the least variance in the combined ensemble average, compared to the variance in each member of the subset separately. The detailed operation of the clustering algorithm, which is given in RFC-1305, is beyond the scope of discussion here. It operates in rounds, where a survivor, presumably the worst of the lot, is discarded in each round until one of several termination conditions is met. An example terminating condition is when the number of survivors is about to be reduced below three.</p>
-		<p>In the prefer scheme the clustering algorithm is modified so that the prefer peer is never discarded; on the contrary, its potential removal becomes a termination condition. If the original algorithm were about to toss out the prefer peer, the algorithm terminates immediately. The prefer peer can still be discarded by the sanity checks and intersection algorithm, of course, but it will always survive the clustering algorithm. If it does not survive or for some reason it fails to provide updates, it will eventually become unreachable and the clock selection will remitigate to select the next best source.</p>
-		<p>Along with this behavior, the clock selection procedures are modified so that the combining algorithm is not used when a prefer peer is present. Instead, the offset of the prefer peer is used exclusively as the synchronization source. In the usual case involving a radio clock and a flock of remote stratum-1 peers, and with the radio clock designated a prefer peer, the result is that the high quality radio time disciplines the server clock as long as the radio itself remains operational and with valid time, as determined from the remote peers, sanity checks and intersection algorithm.</p>
-		<h4 id="peer">Peer Classification</h4>
-		<p>In order to understand the effects of the various intricate schemes involved, it is necessary to understand some arcane details on how the algorithms decide on a synchronization source when more than one source is available. This is done on the basis of a set of explicit mitigation rules, which define special classes of remote serves and local radio clocks as a function of configuration declarations and clock driver type:</p>
-		<ol>
-			<li>The prefer peer is designated using the <tt>prefer</tt> keyword with the <tt>server</tt> or <tt>peer</tt> commands. All other things being equal, this peer will be selected for synchronization over all other survivors of the clock selection procedures.
-			<li>When a PPS signal is connected via the PPS Clock Discipline driver (type 22), this is called the <i>PPS peer</i>. This driver provides precision clock corrections only within one second, so is always operated in conjunction with another server or radio clock driver, which provides the seconds numbering. The PPS peer is active only under conditions explained below.
-			<li>When the Undisciplined Local Clock driver (type 1) is configured, this is called the <i>local clock peer</i>. This is used either as a backup reference source (stratum greater than zero), should all other synchronization sources fail, or as the primary reference source (stratum zero) in cases where the kernel time is disciplined by some other means of synchronization, such as the NIST <tt>lockclock</tt> scheme, or another synchronization protocol, such as the Digital Time Synchronization Service (DTSS).
-			<li>When a modem driver such as the Automated Computer Time Service driver (type 18) is configured, this is called the <i>modem peer</i>. This is used either as a backup reference source, should all other primary sources fail, or as the (only) primary reference source.
-			<li>Where support is available, the PPS signal may be processed directly by the kernel, as described in the <a href="kern.html">A Kernel Model for Precision Timekeeping</a> page. This is called the <i>kernel discipline</i>. The PPS signal can discipline the kernel in both frequency and time. The frequency discipline is active as long as the PPS interface device and signal itself is operating correctly, as determined by the kernel algorithms. The time discipline is active only under conditions explained below.
-		</ol>
-		<p>Reference clock drivers operate in the manner described in the <a href="refclock.html">Reference Clock Drivers</a> page and its dependencies. The drivers are ordinarily operated at stratum zero, so that as the result of ordinary NTP operations, the server itself operates at stratum one, as required by the NTP specification. In some cases described below, the driver is intentionally operated at an elevated stratum, so that it will be selected only if no other survivor is present with a lower stratum. In the case of the PPS peer or kernel time discipline, these sources appear active only if the prefer peer has survived the intersection and clustering algorithms, as described below, and its clock offset relative to the current local clock is less than a specified value, currently 128 ms.</p>
-		<p>The modem clock drivers are a special case. Ordinarily, the update interval between modem calls to synchronize the system clock is many times longer than the interval between polls of either a remote server or local radio clock. In order to provide the best stability, the operation of the clock discipline algorithm changes gradually from a phase-lock mode at the shorter update intervals to a frequency-lock mode at the longer update intervals. If remote servers or local radio clocks together with a modem peer operate in the same client, the following things can happen.</p>
-		<p>First the clock selection algorithm can select one or more remote servers or local radio clocks and the clock discipline algorithm will optimize for the shorter update intervals. Then, the selection algorithm can select the modem peer, which requires a much different optimization. The intent in the design is to allow the modem peer to control the system clock either when no other source is available or, if the modem peer happens to be marked as prefer, then it always controls the clock, as long as it passes the sanity checks and intersection algorithm. There still is room for suboptimal operation in this scheme, since a noise spike can still cause a clockhop either way. Nevertheless, the optimization function is slow to adapt, so that a clockhop or two does not cause much harm.</p>
-		<p>The local clock driver is another special case. Normally, this driver is eligible for selection only if no other source is available. When selected, vernier adjustments introduced via the configuration file or remotely using the <tt><a href="ntpdc.html">ntpdc</a> </tt>program can be used to trim the local clock frequency and time. However, if the local clock driver is designated the prefer peer, this driver is always selected and all other sources are ignored. This behavior is intended for use when the kernel time is controlled by some means external to NTP, such as the NIST <tt>lockclock</tt> algorithm or another time synchronization protocol such as DTSS. In this case the only way to disable the local clock driver is to mark it unsynchronized using the leap indicator bits. In the case of modified kernels with the <tt>ntp_adjtime()</tt> system call, this can be done automatically if the external synchronization protocol uses it to discipline the kernel time.</p>
-		<h4 id="miti">Mitigation Rules</h4>
-		<p>The mitigation rules apply in the intersection and clustering algorithms described in the NTP specification. The intersection algorithm first scans all peers with a persistent association and includes only those that satisfy specified sanity checks. In addition to the checks required by the specification, the mitigation rules require either the local-clock peer or modem peer to be included only if marked as the prefer peer. The intersection algorithm operates on the included population to select only those peers believed to represent the correct time. If one or more peers survive the algorithm, processing continues in the clustering algorithm. Otherwise, if there is a modem peer, it is declared the only survivor; otherwise, if there is a local-clock peer, it is declared the only survivor. Processing then continues in the clustering algorithm.</p>
-		<p>The clustering algorithm repeatedly discards outlyers in order to reduce the residual jitter in the survivor population. As required by the NTP specification, these operations continue until either a specified minimum number of survivors remain or the minimum select dispersion of the population is greater than the maximum peer dispersion of any member. The mitigation rules require an additional terminating condition which stops these operations at the point where the prefer peer is about to be discarded.</p>
-		<p>The mitigation rules establish the choice of <i>system peer</i>, which determines the stratum, reference identifier and several other system variables which are visible to clients of the server. In addition, they establish which source or combination of sources control the local clock.</p>
-		<ol>
-			<li>If there is a prefer peer and it is the local-clock peer or the modem peer; or, if there is a prefer peer and the kernel time discipline is active, choose the prefer peer as the system peer and its offset as the system clock offset. If the prefer peer is the local-clock peer, an offset can be calculated by the driver to produce a frequency offset in order to correct for systematic frequency errors. In case a source other than NTP is controlling the system clock, corrections determined by NTP can be ignored by using the <tt>disable pll</tt> in the configuration file. If the prefer peer is the modem peer, it must be the primary source for the reasons noted above. If the kernel time discipline is active, the system clock offset is ignored and the corrections handled directly by the kernel.
-			<li>If the above is not the case and there is a PPS peer, then choose it as the system peer and its offset as the system clock offset.
-			<li>If the above is not the case and there is a prefer peer (not the local-clock or modem peer in this case), then choose it as the system peer and its offset as the system clock offset.
-			<li>If the above is not the case and the peer previously chosen as the system peer is in the surviving population, then choose it as the system peer and average its offset along with the other survivors to determine the system clock offset. This behavior is designed to avoid excess jitter due to clockhopping, when switching the system peer would not materially improve the time accuracy.
-			<li>If the above is not the case, then choose the first candidate in the list of survivors ranked in order of synchronization distance and average its offset along with the other survivors to determine the system clock offset. This is the default case and the only case considered in the current NTP specification.
-		</ol>
-		<h4 id="pps">Using the Pulse-per-Second (PPS) Signal</h4>
-		<p>Most radio clocks are connected using a serial port operating at speeds of 9600 bps or higher. The accuracy using typical timecode formats, where the on-time epoch is indicated by a designated ASCII character, like carriage-return <tt>&lt;cr&gt;</tt>, is limited to a millisecond or two. However, some radios produce a PPS signal which can be used to improve the accuracy with typical workstation servers to the order of microseconds. The details of how this can be accomplished are discussed in the <a href="pps.html">Pulse-per-second (PPS) Signal Interfacing</a> page. The following paragraphs discuss how the PPS signal is affected by the mitigation rules.</p>
-		<p>First, it should be pointed out that the PPS signal is inherently ambiguous, in that it provides a precise seconds epoch, but does not provide a way to number the seconds. In principle and most commonly, another source of synchronization, either the timecode from an associated radio clock, or even one or more remote NTP servers, is available to perform that function. In all cases, a specific, configured peer or server must be designated as associated with the PPS signal. This is done using the <tt>prefer</tt> keyword as described previously. The PPS signal can be associated in this way with any peer, but is most commonly used with the radio clock generating the PPS signal.</p>
-		<p>The PPS signal can be used in two ways to discipline the local clock, one using a special PPS driver described in the <a href="drivers/driver22.html">PPS Clock Discipline</a> page, the other using PPS signal support in the kernel, as described in the <a href="kern.html">A Kernel Model for Precision Timekeeping</a> page. In either case, the signal must be present and within nominal jitter and wander error tolerances. In addition, the associated prefer peer must have survived the sanity checks and intersection algorithms and the dispersion settled below 1 s. This insures that the radio clock hardware is operating correctly and that, presumably, the PPS signal is operating correctly as well. Second, the absolute offset of the local clock from that peer must be less than 128 ms, or well within the 0.5-s unambiguous range of the PPS signal itself. In the case of the PPS driver, the time offsets generated from the PPS signal are propagated via the clock filter to the clock selection procedures just like any other peer. Should these pass the sanity checks and intersection algorithms, they will show up along with the offsets of the prefer peer itself. Note that, unlike the prefer peer, the PPS peer samples are not protected from discard by the clustering algorithm. These complicated procedures insure that the PPS offsets developed in this way are the most accurate, reliable available for synchronization.</p>
-		<p>The PPS peer remains active as long as it survives the intersection algorithm and the prefer peer is reachable; however, like any other clock driver, it runs a reachability algorithm on the PPS signal itself. If for some reason the signal fails or displays gross errors, the PPS peer will either become unreachable or stray out of the survivor population. In this case the clock selection remitigates as described above.</p>
-		<p>When kernel support for the PPS signal is available, the PPS signal is interfaced to the kernel serial driver code via a modem control lead. As the PPS signal is derived from external equipment, cables, etc., which sometimes fail, a good deal of error checking is done in the kernel to detect signal failure and excessive noise. The way in which the mitigation rules affect the kernel discipline is as follows.</p>
-		<p>PPS support requires the PPS driver (type 22) and PPSAPI interface described in the <a href="pps.html">Pulse-per-second (PPS) Signal Interfacing</a> page. In order to operate, the prefer peer must be designated and the kernel support enabled by the <tt>enable pps</tt> command in the configuration file and the signal must be present and within nominal jitter and wander error tolerances. In the NTP daemon, the PPS discipline is active only when the prefer peer is among the survivors of the clustering algorithm, and its absolute offset is within 128 ms, as determined by the PPS driver. Under these conditions the kernel disregards updates produced by the NTP daemon and uses its internal PPS source instead. The kernel maintains a watchdog timer for the PPS signal; if the signal has not been heard or is out of tolerance for more than some interval, currently two minutes, the kernel discipline is declared inoperable and operation continues as if it were not present.</p>
-		<hr>
-		<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
+<hr>
+<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
 	</body>
 
 </html>
\ No newline at end of file
diff --git a/html/quick.html b/html/quick.html
new file mode 100644
index 0000000..8ed31fa
--- /dev/null
+++ b/html/quick.html
@@ -0,0 +1,46 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+
+<html>
+
+	<head>
+		<meta http-equiv="content-type" content="text/html;charset=windows-1252">
+		<meta name="generator" content="HTML Tidy, see www.w3.org">
+		<title>Quick Start</title>
+		<link href="scripts/style.css" type="text/css" rel="stylesheet">
+	</head>
+
+	<body>
+		<h3>Quick Start</h3>
+		<img src="pic/panda.gif" alt="gif" align="left">FAX test image for SATNET (1979).
+		<p>The baby panda was scanned at University College London and used as a FAX test image for a demonstration of the DARPA Atlantic SATNET Program and the first transatlantic Internet connection in 1978. The computing system used for that demonstration was called the <a href="http://www.eecis.udel.edu/%7emills/database/papers/fuzz.ps">Fuzzball</a>. As it happened, this was also the first Internet multimedia presentation and the first to use NTP in regular operation. The image was widely copied and used for testing purpose throughout much of the 1980s.</p>
+		<p>Last update: 
+			<!-- #BeginDate format:En1m -->25-nov-09  22:13<!-- #EndDate -->
+		UTC</p>
+	<h4>Related Links</h4>
+		<script type="text/javascript" language="javascript" src="scripts/install.txt"></script>
+		<hr>
+		<p>For the rank amateur the sheer volume of the documentation collection must be intimidating. However, it doesn't take much to fly the <tt>ntpd</tt> daemon with a simple configuration where a workstation needs to synchronize to some server elsewhere in the Internet. The first thing is to build the distribution for the particular workstation and install in the usual place. The <a href="build.html">Building and Installing the Distribution</a> page describes how to do this.</p>
+		<p>While it is possible that certain configurations do not need a configuration file, most do. The file, called by default <tt>/etc/ntp.conf</tt>, need only contain one command specifying a remote server, for instance</p>
+		<p><tt>server foo.bar.com</tt></p>
+		<p>Choosing an appropriate remote server is somewhat of a black art, but a
+			suboptimal choice is seldom a problem. The simplest is to use the
+			Server Pool Scheme on the <a href="manyopt.html">Automatic Server Discovery</a> page. There
+			are about two dozen public time servers operated by the <a href="http://tf.nist.gov/tf-cgi/servers.cgi">National
+			Institutes of Science and Technology (NIST)</a>, <a href="http://tycho.usno.navy.mil/ntp.html">US
+			Naval Observatory (USNO)</a>, <a href="http://inms-ienm.nrc-cnrc.gc.ca/time_services/network_time_protocol_e.html"> Canadian
+			Metrology Centre (CMC)</a> and many others available on the Internet. Lists
+			of public primary and secondary NTP servers maintained on the <a href="http://support.ntp.org/bin/view/Servers/WebHome">Public
+			NTP Time Servers</a> page, which is updated frequently.The lists are sorted
+			by country and, in the case of the US, by state. Usually, the best
+			choice is the nearest in geographical terms, but the terms of engagement
+			specified in each list entry should be carefully respected.</p>
+	<p>During operation <tt>ntpd</tt> measures and corrects for incidental clock frequency error and occasionally writes the current value to a file specified by the</p>
+		<p><tt>driftfile /etc/ntp.drift</tt></p>
+		<p>configuration command. If <tt>ntpd</tt> is stopped and restarted, it initializes the frequency from this file and avoids the potentially lengthy interval to relearn the correction.</p>
+		<p>That's all there is to it, unless some problem in network connectivity or local operating system configuration occurs. The most common problem is some firewall between the workstation and server. System administrators should understand NTP uses UDP port 123 as both the source and destination port and that NTP does not involve any operating system interaction other than to set the system clock. While almost all modern Unix systems have included NTP and UDP port 123 defined in the services file, this should be checked if <tt>ntpd</tt> fails to come up at all.</p>
+		<p>The best way to confirm NTP is working is using the <a href="ntpq.html"><tt>ntpq</tt></a> utility, although the <a href="ntpdc.html"><tt>ntpdc</tt></a> utility may be useful in extreme cases. See the documentation pages for further information. Don't forget to check for <a href="msyslog.html"> system log messages</a>. In the most extreme cases the <tt>-d</tt> option on the <tt>ntpd</tt> command line results in a blow-by-blow trace of the daemon operations. While the trace output can be cryptic, to say the least, it gives a general idea of what the program is doing and, in particular, details the arriving and departing packets and any errors found.</p>
+		<hr>
+		<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
+	</body>
+
+</html>
\ No newline at end of file
diff --git a/html/rate.html b/html/rate.html
new file mode 100644
index 0000000..be40661
--- /dev/null
+++ b/html/rate.html
@@ -0,0 +1,72 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+
+<html>
+
+	<head>
+		<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
+		<meta name="generator" content="HTML Tidy, see www.w3.org">
+		<title>Rate Management and the Kiss-o'-Death</title>
+		<link href="scripts/style.css" type="text/css" rel="stylesheet">
+	</head>
+
+	<body>
+		<h3>Rate Management and the Kiss-o'-Death Packet</h3>
+		<img src="pic/boom4.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/%7emills/pictures.html">from <i>Pogo</i>, Walt Kelly</a>
+		<p>Our junior managers and the administrators.</p>
+		<p>Last update: 
+			<!-- #BeginDate format:En2m -->03-May-2009  3:34<!-- #EndDate -->
+		UTC</p>
+<br clear="left">
+		<h4>Related Links</h4>
+		<script type="text/javascript" language="javascript" src="scripts/config.txt"></script>
+		<h4>Table of Contents</h4>
+		<ul>
+			<li class="inline"><a href="#intro">Introduction</a></li>
+			<li class="inline"><a href="#poll">Poll Rate Control</a></li>
+			<li class="inline"><a href="#burst">Burst Control</a></li>
+			<li class="inline"><a href="#mah">Average Headway Time</a></li>
+			<li class="inline"><a href="#mgt">Guard Time</a></li>
+			<li class="inline"><a href="#kiss">The Kiss-o'-Death Packet</a></li>
+		</ul>
+		<hr>
+		<h4 id="intro">Introduction</h4>
+		<p>This page describes the various rate management provisions in NTPv4. Details about the configuration commands and options are given on the <a href="confopt.html">Configuration Options</a> page. Details about the cryptographic authentication schemes are given on the <a href="authopt.html">Authentication Options</a> page. Details about the automatic server discovery schemes are described on the <a href="manyopt.html">Automatic Server Discovery Schemes</a> page. Additional information is available in the papers, reports, memoranda and briefings on the <a href="http://www.eecis.udel.edu/~mills/ntp.html"> NTP Project</a> page.</p>
+		<p>Some national time metrology laboratories, including NIST and USNO, use the <tt>ntpd</tt> reference implementation in their very busy public time servers. They operate multiple servers behind load-balancing devices to support aggregate rates up to several thousand packets per second. The servers need to defend themselves against all manner of broken implementations that can clog the server and and network infrastructure. On the other hand, friendly <tt>ntpd</tt> clients need to avoid configurations that can result in unfriendly rates.</p>
+		<p>There are several features in <tt>ntpd</tt> designed to defend the servers, clients and network against accidental or intentional flood attack. On the other hand these features are also used to insure <tt>ntpd</tt> is a good citizen, even if configured in unfriendly ways. The ground rules are:</p>
+		<ul>
+			<li>Send at the lowest rate consistent with the expected accuracy expectations.</li>
+			<li>Maintain strict minimum average headway and guard times, even if multiple burst options and/or the Autokey protocol are operating.</li>
+			<li>When the first packet of a burst is sent to a server, do not send further packets until the first packet has been received from the server.</li>
+			<li>Upon receiving a Kiss-o'-Death packet (see below), immediately reduce the sending rate.</li>
+		</ul>
+		<p>Rate management involves four algorithms to manage resources: (1) poll rate control, (2) burst control, (3) average headway time and (4) guard time. These are described in following sections.</p>
+		<h4 id="poll">Poll Rate Control</h4>
+		<p>Control of the poll interval is an intricate balance between expected acuracy and network load. The poll interval is constrained by the lower limit <tt>minpoll</tt> and upper limit <tt>maxpoll</tt> options of the <tt>server</tt> command and represented by the poll exponent in log<sub>2</sub> s units. The limits default to 6 (64 s) and 10 (1024 s), respectively, which are appropriate for the vast majority of cases. The default limits can be changed with these options to a minimum set by the <tt>average</tt> option of the <tt>discard</tt> command (see below) to a maximum of 17 (36 h). Unless the best possible accuracy is required, the well mannered NTP client automatically increases the poll interval to the maximum when possible, whether or not the server is reachable. The current poll interval for each association is displayed by the <tt>ntpq</tt> program <a href="ntpq.html#pe"><tt>pe</tt></a> command. The global poll interval/time constant is displayed as the poll system variable by the rv command. The minimum global poll interval/time constant is displayed as the minpoll system variable by the <a href="ntpq.html#pe"><tt>rv</tt></a> command.</p>
+		<p>As a rule of thumb, the expected errors increase by a factor of two as the poll interval increases by a factor of four. The <tt>ntpd</tt> poll interval algorithm slowly increases the poll interval when jitter dominates the error budget, but quickly reduces the interval when wander dominates it. The algorithm uses a jiggle counter which operates over the range from <font face="symbol">-</font>30 to +30 and is initialized at 0. If the measured offset is less than four times the measured average jitter, the counter is increased by the pollcurrent  exponent; if not, it is decreased by twice the poll exponent. If the counter reaches +30, the poll exponent is incremented by 1; if the counter reaches <font face="symbol">-</font>30, the exponent is decremented by 1. In either case the counter is set to 0.</p>
+		<p>The poll interval is proportional to the time constant of the feedback loop which disciplines the system clock. The optimum time constant depends on the network time jitter and the clock oscillator frequency wander. Errors due to jitter decrease as the time constant increases, while errors due to wander decrease as the time constant decreases. The two error characteristics intersect at a point called the Allan intercept, which represents the ideal time constant. With a compromise Allan intercept of 2000 s, the optimim poll interval is about 64 s, which corresponds to a poll exponent of 6.</p>
+		<p>There is normally no need to change the poll limits, as the poll interval is managed automatically as a function of prevailing jitter and wander. The most common exceptions are the following.</p>
+		<ul>
+			<li>With fast, lightly loaded LANs and modern processors, the nominal Allan intercept is about 500 s. In these cases the expected errors can be further reduced using a poll exponent of 4 (16 s). In the case of the pulse-per-second (PPS) driver, this is the recommended value.</li>
+			<li>With symmetric modes the most stable behavior results when both peers are configured in symmetric active mode with matching poll intervals of 6 (64 s).</li>
+			<li>The poll interval should not be modified for reference clocks, with the single exception the ACTS telephone modem driver. In this case the recommended minimum and maximum intervals are 12 (1.1 h) and 17 (36 h), respectively.</li>
+			</ul>
+		<h4 id="burst">Burst Control</h4>
+		<p>Occasionally it is necessary to send packets at intervals less than the poll interval. For instance, with the <tt>burst</tt> and <tt>iburst</tt> options of the <tt>server</tt> command, the poll algorithm sends a burst of several packets at 2-s intervals. The <tt>ntpd</tt> poll algorithm avoids sending needless packets if the server is not responding. The client begins a burst with a single packet. When the first packet is received from the server, the client continues with the remaining packets in the burst. If the first packet is not received within 64 s, it will be sent again for two additional retries before beginning backoff. The result is to minimize network load if the server is not responding.</p>
+		<p>For the <tt>iburst</tt> option the number of packets in the burst is six, which is the number normally needed to synchronize the clock; for the <tt>burst</tt> option, the number of packets in the burst is determined by the difference between the poll interval and the minimum poll interval set by the <tt>minpoll</tt> option of the <a href="confopt.html#server"><tt>server</tt></a> command. For instance, with a poll exponent of 6 (64 s), only a single packet is sent for every poll, while the full number of eight packets is sent at poll intervals of 9 (512 s) or more.</p>
+		<h4 id="mah">Average Headway Time</h4>
+		<p>There are two features in <tt>ntpd</tt> to manage the interval between one packet and the next. These features make use of a set of counters: a client output counter for each association and a server input counter for each distinct client address. Each counter increments by a value called the headway when a packet is processed and decrements by one each second. The default minimum average headway in <tt>ntpd</tt> is 8 s, but this can be changed using the <tt>average</tt> option of the <a href="miscopt.html#discard"><tt>discard</tt></a> command, but not less than 3 (8 s).</p>
+		<p>If the <tt>iburst</tt> or <tt>burst</tt> options are present, the poll algorithm sends a burst of packets instead of a single packet at each poll opportunity. The NTPv4 specification requires that bursts contain no more than eight packets; so, starting from an output counter value of zero, the maximum counter value or ouput ceiling can be no more than eight times the minimum poll interval set by the <tt>minpoll</tt> option of the <a href="confopt.html#server"><tt>server</tt></a> command. However, if the burst starts with a counter value other than zero, there is a potential to exceed the ceiling. The poll algorithm avoids this by computing an additional headway time so that the next packet sent will not exceed the ceiling. Additional headway time can result from Autokey protocol operations. Designs such as this are often called leaky buckets. The current headway is displayed as the headway peer variable by the <tt>ntpq</tt> <a href="ntpq.html#pe"><tt>rv</tt></a> command.</p>
+		<p>The <tt>ntpd</tt> input packet routine uses a special list of entries, one for each distinct client address found. Each entry includes an IP address, input counter and interval since the last packet arrival. The entries are ordered by interval from the smallest to the largest. As each packet arrives, the IP source address is compared to the IP address in each entry in turn. If a match is found the entry is removed and inserted first on the list. If the IP source address does not match any entry, a new entry is created and inserted first, possibly discarding the last entry on the list if it is full. Observers will note this is the same algorithm used for page replacement in virtual memory systems.</p>
+		<p>In the virtual memory algorithm the entry of interest is the last, whereas here the entry of interest is the first. The input counter is decreased by the interval since it was last referenced, but not below zero. If the value of the counter plus the headway is greater than the input ceiling set by the <tt>average</tt> option, the packet is discarded. Otherwise, the counter is increased by the headway and the packet is processed. The result is, if the client maintains a maximum average headway not less than the input ceiling and transmits no more than eight packets in a burst, the input counter will not exceed the ceiling.</p>
+		<h4 id="mgt">Guard Time</h4>
+		<p>A review of past client abuse incidence shows the most frequent scenario is a broken client that attempts to send a number of packets at rates of one per second or more. On one occasion due to a defective client design, over 750,000 clients fell into this mode. There have been occasions where this abuse has persisted for days at a time. These scenarios are the most damaging, as they can threaten not only the victim server but the network infrastructure as well.</p>
+		<p>In the <tt>ntpd</tt> design the minimum headway between the last packet received and the current packet is called the guard time. If the headway is less than the guard time, the packet is discarded. The guard time defaults to 2 s, but this can be changed using the <tt>minimum</tt> option of the <a href="miscopt.html#discard"><tt>discard</tt></a> ommand.</p>
+		<h4 id="kiss">The Kiss-of-Death Packet</h4>
+		<p>Ordinarily, packets denied service are simply dropped with no further action except incrementing statistics counters. Sometimes a more proactive response is needed to cause the client to slow down. A special packet format has been created for this purpose called the kiss-o'-death (KoD) packet. KoD packets have leap indicator 3, stratum 0 and the reference identifier set to a four-byte ASCII code. At present, only one code <tt>RATE</tt> is sent by the server if the <tt>limited</tt> and <tt>kod</tt> flags are set in the <a href="accopt.html#restrict"><tt>restrict</tt></a> command and the rate limit is exceeded.</p>
+		<p>A client receiving a KoD packet is expected to slow down; however, no explicit mechanism is specified in the protocol to do this. In the current reference implementation, the server sets the packet poll to the greater of (a) minimum average headway and (b) client packet poll. The client sets the peer poll field to the maximum of (a) minimum average headway and (b) server packet poll. For KoD packets (only), the minimum peer poll is clamped not less than the peer poll and the headway temporarily increased.  </p>
+		<p>At present there is only one KoD packet with code <tt>RATE.</tt> In order to make sure the client notices the KoD, the receive and transmit timestamps are set to the transmit timestamp of the client packet and all other fields left as in the client packet. Thus, even if the client ignores the KoD, it cannot do any useful time computations. KoDs themselves are rate limited in the same way as arriving packets in order to deflect a flood attack.</p>
+		<hr>
+		<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
+	</body>
+
+</html>
\ No newline at end of file
diff --git a/html/rdebug.html b/html/rdebug.html
index d49514d..5398338 100644
--- a/html/rdebug.html
+++ b/html/rdebug.html
@@ -12,12 +12,11 @@
 		<h3>Debugging Reference Clock Drivers</h3>
 		<img src="pic/oz2.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/~mills/pictures.html">from <i>The Wizard of Oz</i>, L. Frank Baum</a>
 		<p>Call the girls and the'll sweep your bugs.</p>
-		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">18:49</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="246">Thursday, July 28, 2005</csobj></p>
+		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">01:24</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="308">Saturday, November 24, 2007</csobj></p>
 		<br clear="left">
 		<h4>Related Links</h4>
-		<script type="text/javascript" language="javascript" src="scripts/links10.txt"></script>
-		<h4>More Help</h4>
-		<script type="text/javascript" language="javascript" src="scripts/links12.txt"></script>
+		<script type="text/javascript" language="javascript" src="scripts/refclock.txt"></script>
+		<script type="text/javascript" language="javascript" src="scripts/install.txt"></script>
 		<hr>
 		<p>The <a href="ntpq.html"><tt>ntpq</tt></a> and <a href="ntpdc.html"><tt>ntpdc</tt></a> utility programs can be used to debug reference clocks, either on the server itself or from another machine elsewhere in the network. The server is compiled, installed and started using the configuration file described in the <a href="ntpd.html"><tt>ntpd</tt></a> page and its dependencies. If the clock appears in the <tt>ntpq</tt> utility and <tt>pe</tt> command, no errors have occurred and the daemon has started, opened the devices specified and waiting for peers and radios to come up. If not, the first thing to look for are error messages on the system log. These are usually due to improper configuration, missing links or multiple instances of the daemon.</p>
 		<p>It normally takes a minute or so for evidence to appear that the clock is running and the driver is operating correctly. The first indication is a nonzero value in the <tt>reach</tt> column in the <tt>pe</tt> billboard. If nothing appears after a few minutes, the next step is to be sure the RS232 messages, if used, are getting to and from the clock. The most reliable way to do this is with an RS232 tester and to look for data flashes as the driver polls the clock and/or as data arrive from the clock. Our experience is that the overwhelming fraction of problems occurring during installation are due to problems such as miswired connectors or improperly configured device links at this stage.</p>
diff --git a/html/refclock.html b/html/refclock.html
index 733b7bf..951012d 100644
--- a/html/refclock.html
+++ b/html/refclock.html
@@ -12,89 +12,76 @@
 	<body>
 		<h3>Reference Clock Drivers</h3>
 		<img src="pic/stack1a.jpg" alt="gif" align="left">Master Time Facility at the <a href="http://www.eecis.udel.edu/%7emills/lab.html">UDel Internet Research Laboratory</a>
-		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">13:06</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="298">Wednesday, August 10, 2005</csobj></p>
+		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">20:45</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="286">Thursday, January 03, 2008</csobj></p>
 		<br clear="left">
 		<h4>Related Links</h4>
-		<script type="text/javascript" language="javascript" src="scripts/links10.txt"></script>
-		<h4>Pulse-Per-Second Interfacing Links</h4>
-		<p>
-			<script type="text/javascript" language="javascript" src="scripts/links11.txt"></script>
-		</p>
-		<h4>Audio Driver Links</h4>
-		<p>
-			<script type="text/javascript" language="javascript" src="scripts/links8.txt"></script>
-		</p>
+		<script type="text/javascript" language="javascript" src="scripts/refclock.txt"></script>
+		<script type="text/javascript" language="javascript" src="scripts/audio.txt"></script>
 		<h4>Table of Contents</h4>
 		<ul>
-			<li class="inline"><a href="#clock">Reference Clock Drivers</a>
-			<li class="inline"><a href="#cal">Driver Calibration</a>
-			<li class="inline"><a href="#perf">Performance Enhancements</a>
-			<li class="inline"><a href="#list">Comprehensive List of Clock Drivers</a>
+			<li class="inline"><a href="#clock">Introduction</a></li>
+			<li class="inline"><a href="#cal">Driver Calibration</a></li>
+			<li class="inline"><a href="#list">Comprehensive List of Clock Drivers</a></li>
 		</ul>
 		<hr>
-		<h4 id="clock">Reference Clock Drivers</h4>
-		<p>Support for most of the commonly available radio and modem reference clocks is included in the default configuration of the NTP daemon for Unix <tt>ntpd</tt>. Individual clocks can be activated by configuration file commands, specifically the <tt>server</tt> and <tt>fudge</tt> commands described in the <a href="ntpd.html"><tt>ntpd</tt> program manual page</a>. The following discussion presents Information on how to select and configure the device drivers in a running Unix system.</p>
-		<p>Many radio reference clocks can be set to display local time as adjusted for timezone and daylight saving mode. For use with NTP the clock must be set for Coordinated Universal Time (UTC) only. Ordinarily, these adjustments are performed by the kernel, so the fact that the clock runs on UTC will be transparent to the user.</p>
-		<p>Radio and modem clocks by convention have addresses in the form 127.127.<i>t.u</i>, where <i>t</i> is the clock type and <i>u</i> is a unit number in the range 0-3 used to distinguish multiple instances of clocks of the same type. Most of these clocks require support in the form of a serial port or special bus peripheral, but some can work directly from the audio codec found in some workstations. The particular device is normally specified by adding a soft link <tt>/dev/device<i>u</i></tt> to the particular hardware device involved, where <i><tt>u</tt></i> correspond to the unit number above.</p>
-		<p>Most clock drivers communicate with the reference clock using a serial port, usually at 9600 bps. There are several application program interfaces (API) used in the various Unix and NT systems, most of which can be detected at configuration time. Thus, it is important that the NTP daemon and utilities be compiled on the target system or clone. In some cases special features are available, such as timestamping in the kernel or pulse-per-second (PPS) interface. In most cases these features can be detected at configuration time as well; however, the kernel may have to be recompiled in order for them to work.</p>
-		<p>The audio drivers are a special case. These include support for the NIST time/frequency stations WWV and WWVH, the Canadian time/frequency station CHU and generic IRIG signals. Currently, support for the Solaris and SunOS audio API is included in the distribution. It is left to the volunteer corps to extend this support to other systems. Further information on hookup, debugging and monitoring is given in the <a href="audio.html">Audio Drivers</a> page.</p>
-		<p>The local clock driver is also a special case. A server configured with this driver can operate as a primary server to synchronize other clients when no other external synchronization sources are available. If the server is connected directly or indirectly to the public Internet, there is some danger that it can adversely affect the operation of unrelated clients. Carefully read the <a href="drivers/driver1.html">Undisciplined Local Clock</a> page and respect the stratum limit.</p>
-		<p>The local clock driver also supports an external synchronization source such as a high resolution counter disciplined by a GPS receiver, for example. Further information is on the <a href="extern.html">External Clock Discipline and the Local Clock Driver</a> page.</p>
+		<h4 id="clock">Introduction</h4>
+		<p>Drivers for most radio and modem reference clocks is included by default in the NTP distribution. Individual drivers can be activated using <tt>server</tt> commands as described in the <a href="ntpd.html"><tt>ntpd</tt> program manual page</a>. Drivers have addresses in the form 127.127.<i>t.u</i>, where <i>t</i> is the driver type and <i>u</i> is a unit number in the range 0-3 to distinguish multiple instances of the same driver. Most drivers require a serial or parallel port or special bus peripheral, but some can work directly from an audio codec or sound card when availble. The particular device is specified by adding a soft link from the name used by the driver to the device name.</p>
+		<p>All radio clock drivers require that the radio be set for Coordinated Universal Time (UTC) only. Timezone and standard/daylight adjustments are performed by the kernel. There are difference in the various Unix and Windows port interfaces detected at configuration time, so it is important that the NTP daemon and utilities be compiled on the target system or clone.</p>
+		<p>When a pulse-per-second (PPS)&nbsp;signal is available, the <a href="drivers/driver22.html"> PPS Clock Discipline</a> driver is can be used. It normally works in conjunction with the reference clock that produces the signal, but can work with another driver or remote server. When PPS kernel features are present, the driver can redirect the PPS signal to the kernel.</p>
+		<p>In general, performance can be improved, especially when more than one driver is supported, to use the prefer peer function described in the <a href="prefer.html">Mitigation Rules and the <tt>prefer</tt> Keyword</a> page. The prefer peer is ordinarily designated the remote peer or local clock driver which provides the best quality time. All other things equal, only the prefer peer is used to discipline the system clock and jitter-producing &quot;clockhopping&quot; between sources is avoided. This is especially valuable when the PPS clock discipline driver is available.</p>
+		<p>There are audio drivers for each of the NIST time stations WWV and WWVH, Canadian time station CHU and generic IRIG signals. Currently, support for FreeBSD, Solaris and SunOS is in the distribution. It is left to the volunteer corps to confirm this works in other systems. Further information on hookup, debugging and monitoring is given in the <a href="audio.html">Audio Drivers</a> page.</p>
+		<p>The <a href="drivers/driver1.html"> Undisciplined Local Clock</a> driver can simulate a reference clock when no external synchronization sources are available. If a server with this driver is connected directly or indirectly to the public Internet, there is some danger that it can destabilize other clients. It is not recommended that the loccal clock driver be used in this way, as the orphan mode descibed on the <a href="assoc.html">Association Management</a> page provides a generic backup capability.</p>
+		<p>The local clock driver can also be used when  an external synchronization source such as the IEEE 1588 Precision Time Protocol or NIST&nbsp;Lockclock directly synchronizes the computer time. Further information is on the <a href="extern.html">External Clock Discipline and the Local Clock Driver</a> page.</p>
 		<h4 id="cal">Driver Calibration</h4>
-		<p>Some drivers depending on longwave and shortwave radio services need to know the radio propagation time from the transmitter to the receiver, which can amount to some tens of milliseconds. This must be calculated for each specific receiver location and requires the geographic coordinates of both the transmitter and receiver. The transmitter coordinates for various radio services are given in the <a href="http://www.eecis.udel.edu/%7emills/ntp/qth.html">Time and Frequency Standard Station Information</a> page. Receiver coordinates can be obtained or estimated from various sources. The actual calculations are beyond the scope of this document.</p>
-		<p>When more than one clock driver is supported, it is often the case that each shows small systematic offset differences relative to the rest. To reduce the effects of jitter when switching from one driver to the another, it is useful to calibrate the drivers to a common ensemble offset. The <tt>enable calibrate</tt> configuration command in the <a href="miscopt.html">Miscellaneous Options</a> page is useful for this purpose. The calibration function can also be enabled and disabled using the <tt>ntpdc</tt> program utility.</p>
-		<p>Most clock drivers use the <tt>time1</tt> value specified in the <tt>fudge</tt> configuration command to provide the calibration correction when this cannot be provided by the clock or interface. When the calibration function is enabled, the <tt>time1</tt> value is automatically adjusted to match the offset of the remote server or local clock driver selected for synchronization. Ordinarily, the NTP selection algorithm chooses the best from among all sources, usually the best radio clock determined on the basis of stratum, synchronization distance and jitter. The calibration function adjusts the <tt>time1</tt> values for all clock drivers except this source so that their indicated offsets tend to zero. If the selected source is the kernel PPS discipline, the <tt>fudge time1</tt> values for all clock drivers are adjusted.</p>
-		<p>The adjustment function is an exponential average designed to improve accuracy, so the function takes some time to converge. The recommended procedure is to enable the function, let it run for an hour or so, then edit the configuration file using the <tt>time1</tt> values displayed by the <tt>ntpq</tt> utility and <tt>clockvar</tt> command. Finally, disable the calibration function to avoid possible future disruptions due to misbehaving clocks or drivers.</p>
-		<h4 id="perf">Performance Enhancements</h4>
-		<p>In general, performance can be improved, especially when more than one clock driver is supported, to use the prefer peer function described in the <a href="prefer.html">Mitigation Rules and the <tt>prefer</tt> Keyword</a> page. The prefer peer is ordinarily designated the remote peer or local clock driver which provides the best quality time. All other things equal, only the prefer peer source is used to discipline the system clock and jitter-producing &quot;clockhopping&quot; between sources is avoided. This is valuable when more than one clock driver is present and especially valuable when the PPS clock driver (type 22) is used. Support for PPS signals is summarized in the <a href="pps.html">Pulse-per-second (PPS) Signal Interfacing</a> page.</p>
-		<p>Where the highest performance is required, generally better than one millisecond, additional hardware and/or software functions may be required. Kernel modifications for precision time are described in the <a href="kern.html">A Kernel Model for Precision Timekeeping</a> page. Special line discipline and streams modules for use in capturing precision timestamps are described in the <a href="ldisc.html">Line Disciplines and Streams Drivers</a> page.</p>
+		<p>Some drivers depending on longwave or shortwave radio services need to know the radio propagation time from the transmitter to the receiver. This must be calculated for each specific receiver location and requires the geographic coordinates of both the transmitter and receiver. The transmitter coordinates for various radio services are given in the <a href="http://www.eecis.udel.edu/%7emills/ntp/qth.html">Time and Frequency Standard Station Information</a> page. Receiver coordinates can be obtained locally or from Google Earth. The actual calculations are beyond the scope of this document.</p>
+		<p>Depending on interface type, port speed, etc., a reference clock can have a small residual offset relative to another. To reduce the effects of jitter when switching from one driver to the another, it is useful to calibrate the drivers to a common ensemble offset. The <tt>enable calibrate</tt> configuration command described on the <a href="miscopt.html">Miscellaneous Options</a> page activates a special feature which automatically calculates a correction factor for each driver relative to an association designated the prefer peer.</p>
 		<h4 id="list">Comprehensive List of Clock Drivers</h4>
-		<p>Following is a list showing the type and title of each driver currently implemented. The compile-time identifier for each is shown in parentheses. Click on a selected type for specific description and configuration documentation, including the clock address, reference ID, driver ID, device name and serial line speed, and features (line disciplines, etc.). For those drivers without specific documentation, please contact the author listed in the <a href="copyright.html">Copyright Notice</a> page.</p>
+		<p>Following is a list showing the type and title of each driver currently implemented. The compile-time identifier for each is shown in parentheses. Click on a selected type for specific description and configuration documentation, including the clock address, reference ID, driver ID, device name and serial line speed. For those drivers without specific documentation, please contact the author listed in the <a href="copyright.html">Copyright Notice</a> page.</p>
 		<ul>
-			<li class="inline"><a href="drivers/driver1.html">Type 1</a> Undisciplined Local Clock (<tt>LOCAL</tt>)
-			<li class="inline"><a href="drivers/driver2.html">Type 2</a> Trak 8820 GPS Receiver (<tt>GPS_TRAK</tt>)
-			<li class="inline"><a href="drivers/driver3.html">Type 3</a> PSTI/Traconex 1020 WWV/WWVH Receiver (<tt>WWV_PST</tt>)
-			<li class="inline"><a href="drivers/driver4.html">Type 4</a> Spectracom WWVB and GPS Receivers (<tt>WWVB_SPEC</tt>)
-			<li class="inline"><a href="drivers/driver5.html">Type 5</a> TrueTime GPS/GOES/OMEGA Receivers (<tt>TRUETIME</tt>)
-			<li class="inline"><a href="drivers/driver6.html">Type 6</a> IRIG Audio Decoder (<tt>IRIG_AUDIO</tt>)
-			<li class="inline"><a href="drivers/driver7.html">Type 7</a> Radio CHU Audio Demodulator/Decoder (<tt>CHU</tt>)
-			<li class="inline"><a href="drivers/driver8.html">Type 8</a> Generic Reference Driver (<tt>PARSE</tt>)
-			<li class="inline"><a href="drivers/driver9.html">Type 9</a> Magnavox MX4200 GPS Receiver (<tt>GPS_MX4200</tt>)
-			<li class="inline"><a href="drivers/driver10.html">Type 10</a> Austron 2200A/2201A GPS Receivers (<tt>GPS_AS2201</tt>)
-			<li class="inline"><a href="drivers/driver11.html">Type 11</a> Arbiter 1088A/B GPS Receiver (<tt>GPS_ARBITER</tt>)
-			<li class="inline"><a href="drivers/driver12.html">Type 12</a> KSI/Odetics TPRO/S IRIG Interface (<tt>IRIG_TPRO</tt>)
-			<li class="inline">Type 13 Leitch CSD 5300 Master Clock Controller (<tt>ATOM_LEITCH</tt>)
-			<li class="inline">Type 14 EES M201 MSF Receiver (<tt>MSF_EES</tt>)
-			<li class="inline">Type 15 reserved
-			<li class="inline"><a href="drivers/driver16.html">Type 16</a> Bancomm GPS/IRIG Receiver (<tt>GPS_BANCOMM</tt>)
-			<li class="inline">Type 17 Datum Precision Time System (<tt>GPS_DATUM</tt>)
-			<li class="inline"><a href="drivers/driver18.html">Type 18</a> Automated Computer Time Service (<tt>ACTS_MODEM</tt>)
-			<li class="inline"><a href="drivers/driver19.html">Type 19</a> Heath WWV/WWVH Receiver (<tt>WWV_HEATH</tt>)
-			<li class="inline"><a href="drivers/driver20.html">Type 20</a> Generic NMEA GPS Receiver (<tt>NMEA</tt>)
-			<li class="inline">Type 21 TrueTime GPS-VME Interface (<tt>GPS_VME</tt>)
-			<li class="inline"><a href="drivers/driver22.html">Type 22</a> PPS Clock Discipline (<tt>PPS</tt>)
-			<li class="inline">Type 23 reserved
-			<li class="inline">Type 24 reserved
-			<li class="inline">Type 25 reserved
-			<li class="inline"><a href="drivers/driver26.html">Type 26</a> Hewlett Packard 58503A GPS Receiver (<tt>GPS_HP</tt>)
-			<li class="inline"><a href="drivers/driver27.html">Type 27</a> Arcron MSF Receiver (<tt>MSF_ARCRON</tt>)
-			<li class="inline"><a href="drivers/driver28.html">Type 28</a> Shared Memory Driver (<tt>SHM</tt>)
-			<li class="inline"><a href="drivers/driver29.html">Type 29</a> Trimble Navigation Palisade GPS (<tt>GPS_PALISADE</tt>)
-			<li class="inline"><a href="drivers/driver30.html">Type 30</a> Motorola UT Oncore GPS <tt>GPS_ONCORE</tt>)
-			<li class="inline"><a href="drivers/driver31.html">Type 31</a> Rockwell Jupiter GPS (<tt>GPS_JUPITER</tt>)
-			<li class="inline"><a href="drivers/driver32.html">Type 32</a> Chrono-log K-series WWVB receiver (<tt>CHRONOLOG</tt>)
-			<li class="inline"><a href="drivers/driver33.html">Type 33</a> Dumb Clock (<tt>DUMBCLOCK</tt>)
-			<li class="inline"><a href="drivers/driver34.html">Type 34</a> Ultralink WWVB Receivers (<tt>ULINK</tt>)
-			<li class="inline"><a href="drivers/driver35.html">Type 35</a> Conrad Parallel Port Radio Clock (<tt>PCF</tt>)
-			<li class="inline"><a href="drivers/driver36.html">Type 36</a> Radio WWV/H Audio Demodulator/Decoder (<tt>WWV</tt>)
-			<li class="inline"><a href="drivers/driver37.html">Type 37</a> Forum Graphic GPS Dating station (<tt>FG</tt>)
-			<li class="inline"><a href="drivers/driver38.html">Type 38</a> hopf GPS/DCF77 6021/komp for Serial Line (<tt>HOPF_S</tt>)
-			<li class="inline"><a href="drivers/driver39.html">Type 39</a> hopf GPS/DCF77 6039 for PCI-Bus (<tt>HOPF_P</tt>)
-			<li class="inline"><a href="drivers/driver40.html">Type 40</a> JJY Receivers (<tt>JJY</tt>)
-			<li class="inline">Type 41 TrueTime 560 IRIG-B Decoder
-			<li class="inline"><a href="drivers/driver42.html">Type 42</a> Zyfer GPStarplus Receiver
-			<li class="inline"><a href="drivers/driver43.html">Type 43</a> RIPE NCC interface for Trimble Palisade
-			<li class="inline"><a href="drivers/driver44.html">Type 44</a> NeoClock4X - DCF77 / TDF serial line
+			<li class="inline"><a href="drivers/driver1.html">Type 1</a> Undisciplined Local Clock (<tt>LOCAL</tt>)</li>
+			<li class="inline"><a href="drivers/driver2.html">Type 2</a> Trak 8820 GPS Receiver (<tt>GPS_TRAK</tt>)</li>
+			<li class="inline"><a href="drivers/driver3.html">Type 3</a> PSTI/Traconex 1020 WWV/WWVH Receiver (<tt>WWV_PST</tt>)</li>
+			<li class="inline"><a href="drivers/driver4.html">Type 4</a> Spectracom WWVB/GPS Receivers (<tt>WWVB_SPEC</tt>)</li>
+			<li class="inline"><a href="drivers/driver5.html">Type 5</a> TrueTime GPS/GOES/OMEGA Receivers (<tt>TRUETIME</tt>)</li>
+			<li class="inline"><a href="drivers/driver6.html">Type 6</a> IRIG Audio Decoder (<tt>IRIG_AUDIO</tt>)</li>
+			<li class="inline"><a href="drivers/driver7.html">Type 7</a> Radio CHU Audio Demodulator/Decoder (<tt>CHU</tt>)</li>
+			<li class="inline"><a href="drivers/driver8.html">Type 8</a> Generic Reference Driver (<tt>PARSE</tt>)</li>
+			<li class="inline"><a href="drivers/driver9.html">Type 9</a> Magnavox MX4200 GPS Receiver (<tt>GPS_MX4200</tt>)</li>
+			<li class="inline"><a href="drivers/driver10.html">Type 10</a> Austron 2200A/2201A GPS Receivers (<tt>GPS_AS2201</tt>)</li>
+			<li class="inline"><a href="drivers/driver11.html">Type 11</a> Arbiter 1088A/B GPS Receiver (<tt>GPS_ARBITER</tt>)</li>
+			<li class="inline"><a href="drivers/driver12.html">Type 12</a> KSI/Odetics TPRO/S IRIG Interface (<tt>IRIG_TPRO</tt>)</li>
+			<li class="inline">Type 13 Leitch CSD 5300 Master Clock Controller (<tt>ATOM_LEITCH</tt>)</li>
+			<li class="inline">Type 14 EES M201 MSF Receiver (<tt>MSF_EES</tt>)</li>
+			<li class="inline">Type 15 reserved</li>
+			<li class="inline"><a href="drivers/driver16.html">Type 16</a> Bancomm GPS/IRIG Receiver (<tt>GPS_BANCOMM</tt>)</li>
+			<li class="inline">Type 17 Datum Precision Time System (<tt>GPS_DATUM</tt>)</li>
+			<li class="inline"><a href="drivers/driver18.html">Type 18</a> NIST/USNO/PTB Modem Time Services (<tt>ACTS_MODEM</tt>)</li>
+			<li class="inline"><a href="drivers/driver19.html">Type 19</a> Heath WWV/WWVH Receiver (<tt>WWV_HEATH</tt>)</li>
+			<li class="inline"><a href="drivers/driver20.html">Type 20</a> Generic NMEA GPS Receiver (<tt>NMEA</tt>)</li>
+			<li class="inline">Type 21 TrueTime GPS-VME Interface (<tt>GPS_VME</tt>)</li>
+			<li class="inline"><a href="drivers/driver22.html">Type 22</a> PPS Clock Discipline (<tt>PPS</tt>)</li>
+			<li class="inline">Type 23 reserved</li>
+			<li class="inline">Type 24 reserved</li>
+			<li class="inline">Type 25 reserved</li>
+			<li class="inline"><a href="drivers/driver26.html">Type 26</a> Hewlett Packard 58503A GPS Receiver (<tt>GPS_HP</tt>)</li>
+			<li class="inline"><a href="drivers/driver27.html">Type 27</a> Arcron MSF Receiver (<tt>MSF_ARCRON</tt>)</li>
+			<li class="inline"><a href="drivers/driver28.html">Type 28</a> Shared Memory Driver (<tt>SHM</tt>)</li>
+			<li class="inline"><a href="drivers/driver29.html">Type 29</a> Trimble Navigation Palisade GPS (<tt>GPS_PALISADE</tt>)</li>
+			<li class="inline"><a href="drivers/driver30.html">Type 30</a> Motorola UT Oncore GPS <tt>GPS_ONCORE</tt>)</li>
+			<li class="inline"><a href="drivers/driver31.html">Type 31</a> Rockwell Jupiter GPS (<tt>GPS_JUPITER</tt>)</li>
+			<li class="inline"><a href="drivers/driver32.html">Type 32</a> Chrono-log K-series WWVB receiver (<tt>CHRONOLOG</tt>)</li>
+			<li class="inline"><a href="drivers/driver33.html">Type 33</a> Dumb Clock (<tt>DUMBCLOCK</tt>)</li>
+			<li class="inline"><a href="drivers/driver34.html">Type 34</a> Ultralink WWVB Receivers (<tt>ULINK</tt>)</li>
+			<li class="inline"><a href="drivers/driver35.html">Type 35</a> Conrad Parallel Port Radio Clock (<tt>PCF</tt>)</li>
+			<li class="inline"><a href="drivers/driver36.html">Type 36</a> Radio WWV/H Audio Demodulator/Decoder (<tt>WWV</tt>)</li>
+			<li class="inline"><a href="drivers/driver37.html">Type 37</a> Forum Graphic GPS Dating station (<tt>FG</tt>)</li>
+			<li class="inline"><a href="drivers/driver38.html">Type 38</a> hopf GPS/DCF77 6021/komp for Serial Line (<tt>HOPF_S</tt>)</li>
+			<li class="inline"><a href="drivers/driver39.html">Type 39</a> hopf GPS/DCF77 6039 for PCI-Bus (<tt>HOPF_P</tt>)</li>
+			<li class="inline"><a href="drivers/driver40.html">Type 40</a> JJY Receivers (<tt>JJY</tt>)</li>
+			<li class="inline">Type 41 TrueTime 560 IRIG-B Decoder</li>
+			<li class="inline"><a href="drivers/driver42.html">Type 42</a> Zyfer GPStarplus Receiver</li>
+			<li class="inline"><a href="drivers/driver43.html">Type 43</a> RIPE NCC interface for Trimble Palisade</li>
+			<li class="inline"><a href="drivers/driver44.html">Type 44</a> NeoClock4X - DCF77 / TDF serial line</li>
 		</ul>
 		<hr>
 		<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
diff --git a/html/release.html b/html/release.html
index b2f4d05..2307f7b 100644
--- a/html/release.html
+++ b/html/release.html
@@ -12,57 +12,48 @@
 	<body>
 		<h3>NTP Version 4 Release Notes</h3>
 		<img src="pic/hornraba.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/%7emills/pictures.html">from <i>Alice's Adventures in Wonderland</i>, Lewis Carroll</a>
-		<p>The rabbit toots to make sure you read this</p>
-		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">19:17</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="270">Monday, October 10, 2005</csobj></p>
+		<p>The rabbit toots to make sure you read this.</p>
+		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">16:10</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="250">Sunday, March 02, 2008</csobj></p>
 		.<br clear="left">
 		<hr>
 		<h4>NTP Version 4 Release Notes</h4>
-		<p>This release of the NTP Version 4 (NTPv4) daemon for Unix, VMS and Windows incorporates new features and refinements to the NTP Version 3 (NTPv3) algorithms. However, it continues the tradition of retaining backwards compatibility with older versions, including NTPv3 and NTPv2, but not NTPv1. Support for NTPv1 has been discontinued because of certain security vulnerabilities. The NTPv4 version has been under development for quite a while and isn't finished yet. In fact, quite a number of NTPv4 features have already been retrofitted in the older NTPv3, although this version is not actively maintained by the NTPv4 developer corps.</p>
-		<p>The code compiles and runs properly in all test host configurations available to the developer corps, including Sun Microsystems, Digital/Compaq, Hewlett Packard, FreeBSD and Linux. Other volunteers have verified it works in IRIX and Windows NT and XP. We invite comments and corrections about the various architectures, operating systems and hardware complement that can't be verified by the developer corps. Of particular interest are other Windows versions, VMS and various reference clock drivers. As always, corrections and bugfixes are warmly received, especially in the form of context diffs sent to <a href="mailto:bugs@ntp.org">bugs@ntp.org</a>.</p>
-		<p>This release has been compiled and tested on many systems, including SunOS 4.1.3, Solaris 2.5.1-2.10, Alpha Tru64 4.0-5.1, Ultrix 4.4, Linux 2.4.2, FreeBSD 4.5-5.3 and HP-UX 10.02. It has been compiled and tested by others on Windows NT4, 2000 and XP, but not yet on other Windows versions or for VMS. There are several new features apparently incompatible with Linux systems, including some modes used with the Autokey protocol. The developer corps looks for help elsewhere to resolve these differences.</p>
-		<p>This note summarizes the differences between this software release of NTPv4, called ntp-4.x.x, and the previous NTPv3 version, called xntp3-5.x.x. Additional information on protocol compatibility details is on the <a href="http://www.eecis.udel.edu/%7emills/biblio.html">Protocol Conformance Statement</a> page.</p>
+		<p>This release of the NTP Version 4 (NTPv4) daemon for Unix, VMS and Windows incorporates new features and refinements to the NTP Version 3 (NTPv3) algorithms. However, it continues the tradition of retaining backwards compatibility with older versions, including NTPv3 and NTPv2, but not NTPv1. Support for NTPv1 has been discontinued because of certain security vulnerabilities. The NTPv4 version has been under development for 25 years and the paint still isn't dry.</p>
+		<p>The code compiles and runs properly in all test host configurations available to the developer corps, including Sun Microsystems, Digital/Compaq/Hewlett Packard, FreeBSD and Linux. Other volunteers have verified it works in IRIX and Windows NT and XP. We invite comments and corrections about the various architectures, operating systems and hardware complement that can't be verified by the developer corps. Of particular interest are other Windows versions, VMS and various reference clock drivers.</p>
+		<p>This release has been compiled and tested on many systems, including SunOS 4.1.3, Solaris 2.5.1-2.10, Alpha Tru64 4.0-5.1, Ultrix 4.4, Linux 2.4.2, FreeBSD 4.5-6.2 and HP-UX 10.02. It has been compiled and tested by others on Windows NT4, 2000 and XP, but not yet on other Windows versions or for VMS. There are several new features apparently incompatible with Linux systems, including some modes used with the Autokey protocol. The developer corps looks for help elsewhere to resolve these differences.</p>
+		<p>This note summarizes the differences between this software release of NTPv4, called ntp-4.x.x, and the previous NTPv3 version, called xntp3-5.x.x.</p>
 		<h4>New Features</h4>
 		<ol>
-			<li>Support for the IPv6 addressing family is included in this distribution. If the Basic Socket Interface Extensions for IPv6 (RFC-2553) is detected, support for the IPv6 address family is generated in addition to the default support for the IPv4 address family. Combination IPv6 and IPv4 configurations have been successfully tested in all protocol modes supported by NTP and using both symmetric and public key (Autokey) cryptography. However, users should note that IPv6 support is new and we have not had a lot of experience with it in various operational scenarios and local infrastructure environments. As always, feedback is welcome.
-			<li>Most calculations are now done using 64-bit floating double format, rather than 64-bit fixed point format. The motivation for this is to reduce size, improve speed and avoid messy bounds checking. Workstations of today are much faster than when the original NTP version was designed in the early 1980s, and it is rare to find a processor architecture that does not support floating double. The fixed point format is still used with raw timestamps, in order to retain the full precision of about 212 picoseconds. However, the algorithms which process raw timestamps all produce fixed point differences before converting to floating double. The differences are ordinarily quite small so can be expressed without loss of accuracy in this format.
-			
-			<li>The clock discipline algorithm has been redesigned to improve accuracy, reduce the impact of network jitter and allow increased in poll intervals to well over one day with only moderate sacrifice in accuracy.
-		</ol>
-		<ul>
-			<ul>
-				<li>A new feature called <i>huffpuff</i> maximizes accuracy in cases of highly asymmetric network delays typical of ISDN and modem access circuits.
-				<li>The NTPv4 design allows clients to increase the poll intervals even when synchronized directly to the server. In NTPv3 the poll interval in such cases was clamped to the minimum, usually 64 s. For those servers with hundreds of clients, the new design can dramatically reduce the network load, especially when large numbers of potential clients, as in national laboratory services.
-				<li>A scheme designed to reduce &quot;clockhopping&quot; when the choice of servers changes frequently as the result of comparatively insignificant quality changes.
-			</ul>
-		</ul>
-		<ol>
-			<li>This release includes support for the <a href="ftp://ftp.udel.edu/usa/ftp/pub/ntp/software/"><i>nanokernel</i></a> precision time kernel support, which is now in stock FreeBSD and optional Linux kernels. If a precision time source such as a GPS timing receiver or cesium clock is available, kernel timekeeping can be improved to the order of one microsecond. The older <i>microtime</i> kernel for Digital/Compaq/HP Tru64, Digital Ultrix, as well as Sun Microsystems SunOS and Solaris, continues to be supported.
-			<li>This release includes support for Autokey public-key cryptography, which is the preferred scheme for authenticating servers to clients. Autokey Version 2 uses NTP header extension fields and protocols as described on the NTP project page linked from www.ntp.org. This release includes support for additional message digest and digital signature schemes supported by the OpenSSL software library, as well as new identity schemes based on cryptographic challenge/responce algorithms. The new design greatly simplifies key generation and distribution and provides orderly key refreshment. Security procedures and media formats are consistent with industry standard X.509 Version 3 certificates and authority procedures. Specific improvements to the protocol include a reduction in the number of messages required and a method to protect the cookie used in client/server mode against disclosure. Additional information about Autokey cryptography is contained in the <a href="authopt.html">Authentication Options</a> page and links from there. See also the new <tt>cryptostats</tt> monitoring statistics file in the <a href="monopt.html">Monitoring Options</a> page.
-			<li>This release includes support for a discrete event simulator (DES), which allows the NTP&nbsp;algorithms to be tested in an embedded environment with systematic and pseudorandom network delay and oscillator wander distributions. This has been used to verify correct operation under conditions of extreme error and misconfiguration. See the <a href="ntpdsim.html"><tt>ntpdsim</tt> - Network Time Protocol (NTP) simulator</a> page.
-			<li>NTPv4 includes two new association modes which in most applications can avoid per-host configuration altogether. Both of these are based on IP multicast technology and Autokey cryptography. They provide automatic discovery, configuration and authentication of servers and clients without identifying servers or clients in advance. In multicast mode a server sends a message at fixed intervals using specified multicast group addresses, while clients listen on these addresses.
-				<p>Upon receiving the the first message, a client exchanges several messages with the server in order to calibrate the multicast propagation delay between the client and server and run the authentication protocol. In manycast mode a client sends a message to a specified multicast group address and expects one or more servers to reply. Using engineered algorithms, the client selects an appropriate subset of servers from the messages received and continues an ordinary client/server campaign. The manycast scheme can provide somewhat better accuracy than the multicast scheme at the price of additional network overhead. See the <a href="manyopt.html">Automatic NTP Configuration Options</a> page for further information.</p>
-			<li>This release includes support for the orphan mode, which replaces the local clock driver for most configurations. The local clock driver provides a synchronization source for networks not connected to the public Internet or reference clock driver. However, it does not opperate with multiple sources nor multiple failures. The orphan mode provides an automatic, subnet-wide synchronization feature with multiple sources. It can be used in isolated networks or in Internet subnets where the servers or Internet connection have failed. See the <a href="manyopt.html">Automatic NTP Configuration Options</a> page for further information.<li>This release includes support for preemptable servers, which are provisionally mobilized in manycast mode or by participants in the pool scheme. Manycast mode is described in these notes. In the pool scheme multiple client associations are mobilized for a designated DNS&nbsp;name such as pool.ntp.org. The DNS resolver randomizes replies over a set of volunteer service providers. The NTP&nbsp;mitigation algorithms select the best three from among the set and demobilizes the excess. See the <a href="manyopt.html">Automatic NTP Configuration Options</a> page for further information.<li>There are two burst mode features available where special conditions apply. One of these is enabled by the <tt>iburst</tt> keyword in the <tt>server</tt> configuration command. It is intended for cases where it is important to set the clock quickly when an association is first mobilized. The other is enabled by the <tt>burst</tt> keyword in the <tt>server</tt> configuration command. It is intended for cases where the network attachment requires an initial calling or training procedure. See the <a href="assoc.html">Association Management</a> page for further information.
-			<li>The reference clock driver interface is smaller, more rational and more accurate. Support for pulse-per-second (PPS) signals has been extended to all drivers as an intrinsic function. Most of the drivers in NTPv3 have been converted to the NTPv4 interface and continue to operate as before. New drivers have been added for several GPS receivers now on the market for a total of 44 drivers. Audio drivers for the Canadian standard time and frequency station CHU, the US standard time and frequency stations WWV/H and for IRIG signals have been updated and capabilities added to allow direct connection of these signals to a Sun or FreeBSD audio port. See the <a href="audio.html">Reference Clock Audio Drivers</a> page for further information.
-			<li>In all except a very few cases, all timing intervals are randomized, so that the tendency for NTPv3 to self-synchronize and bunch messages, especially with a large number of configured associations, is minimized.
-			<li>In NTPv3 a large number of weeds and useless code had grown over the years since the original NTPv1 code was implemented almost twenty years ago. Using a powerful weedwacker, much of the shrubbery has been removed, with effect a substantial reduction in size of almost 40 percent.
-			<li>The entire distribution has been converted to gnu <tt>automake</tt>, which should greatly ease the task of porting to new and different programming environments, as well as reduce the incidence of bugs due to improper handling of idiosyncratic kernel functions. Version control is provided by <tt>Bitkeeper</tt> using an online repository at www.ntp.org.
-			<li>Several new options have been added for the <tt>ntpd</tt> command line. For the inveterate knob twiddlers several of the more important performance variables can be changed to fit actual or perceived special conditions. In particular, the tos command can be used to limit the accepted stratum range, specify minimum dispersion increment and maximum selection theshold, and activate orphan mode.
-			<li>The <tt>ntpd</tt> daemon can be operated in a one-time mode similar to <tt>ntpdate</tt>, which program is headed for retirement. See the <a href="ntpd.html"><tt>ntpd</tt> - Network Time Protocol (NTP) daemon</a> page for the new features.
+			<li>Support for the IPv6 addressing family is included in this distribution. If the Basic Socket Interface Extensions for IPv6 (RFC-2553) is detected, support for the IPv6 address family is generated in addition to the default support for the IPv4 address family.</li>
+			<li>Most calculations are now done using 64-bit floating double format, rather than 64-bit fixed point format. The motivation for this is to reduce size, improve speed and avoid messy bounds checking.</li>
+			<li>The clock discipline algorithm has been redesigned to improve accuracy, reduce the impact of network jitter and allow increased in poll intervals to 36 hours with only moderate sacrifice in accuracy.</li>
+			<li>A new feature called &quot;huffpuff&quot; maximizes accuracy in cases of highly asymmetric network delays typical of ISDN and telephone modems.</li>
+			<li>The clock selection algorithm has been redesigned to reduce &quot;clockhopping&quot; when the choice of servers changes frequently as the result of comparatively insignificant quality changes.</li>
+			<li>This release includes support for the <a href="ftp://ftp.udel.edu/usa/ftp/pub/ntp/software/">nanokernel</a> precision time kernel modifications, which are now in stock FreeBSD and optional in Linux kernels. With this support the system clock can be disciplined to the order of one nanosecon. The older microtime kernel modifications in Digital/Compaq/HP Tru64, Digital Ultrix and Sun Microsystems SunOS and Solaris, continue to be supported. In either case the support eliminates sawtooth error, which can be in the hundreds of microseconds.</li>
+			<li>This release includes support for Autokey public-key cryptography, which is the preferred scheme for authenticating servers to clients. Additional information about Autokey cryptography is on the <a href="authopt.html">Authentication Options</a> page and links from there. See also the new <tt>cryptostats</tt> monitoring statistics file in the <a href="monopt.html">Monitoring Options</a> page.</li>
+			<li>The OpenSSL cryptographic library has replaced the library formerly available from RSA Laboratories. All cryptographic routines except a version of the MD5 message digest routine have been removed from the base distribution.</li>
+			<li>As the result of the above, the <tt>authstuff</tt> directory, intended as a development and testing aid for porting cryptographic routines to exotic architectures, has been removed. Testing and conformance validation tools are in the OpenSSL software distrbution.</li>
+			<li>This release includes support for a discrete event simulator (DES), which allows the NTP&nbsp;algorithms to be tested in an embedded environment with systematic and pseudorandom network delay and oscillator wander distributions. This has been used to verify correct operation under conditions of extreme error and misconfiguration. See the <a href="ntpdsim.html"><tt>ntpdsim</tt> - Network Time Protocol (NTP) simulator</a> page.</li>
+			<li>NTPv4 includes three new server discovery schemes, which in most applications can avoid per-host configuration altogether. Two of these are based on IP multicast technology, while the remaining one is based on crafted DNS lookups. See the <a href="manyopt.html">Automatic NTP Configuration Schemes</a> page for further information.</li>
+			<li>This release includes comprehensive packet rate management tools to help reduce the level of spurious network traffic and protect the busiest servers from overload. See the <a href="rate.html">Rate Management and the Kiss-o'-Death Packet</a> page for further information.</li>
+			<li>This release includes support for the orphan mode, which replaces the local clock driver for most configurations. Orphan mode provides an automatic, subnet-wide synchronization feature with multiple sources. It can be used in isolated networks or in Internet subnets where the servers or Internet connection have failed. See the <a href="manyopt.html">Automatic NTP Configuration Options</a> page for further information.</li>
+			<li>There are two new burst mode features available where special conditions apply. One of these is enabled by the <tt>iburst</tt> keyword in the <tt>server</tt> configuration command. It is intended for cases where it is important to set the clock quickly when an association is first mobilized. The other is enabled by the <tt>burst</tt> keyword in the <tt>server</tt> configuration command. It is intended for cases where the network attachment requires an initial calling or training procedure. See the <a href="assoc.html">Association Management</a> page for further information.</li>
+			<li>The reference clock driver interface is smaller, more rational and more accurate.</li>
+			<li>Support for pulse-per-second (PPS) signals has been extended to all drivers as an intrinsic function. Most of the drivers in NTPv3 have been converted to the NTPv4 interface and continue to operate as before. New drivers have been added for several GPS receivers now on the market for a total of 44 drivers. Audio drivers for the Canadian standard time and frequency station CHU, the US standard time and frequency stations WWV/H and for IRIG signals have been updated and capabilities added to allow direct connection of these signals to an audio port. See the <a href="audio.html">Reference Clock Audio Drivers</a> page for further information.</li>
+			<li>In all except a very few cases, all timing intervals are randomized, so that the tendency for NTPv3 to self-synchronize and bunch messages, especially with a large number of configured associations, is minimized.</li>
+			<li>In NTPv3 a large number of weeds and useless code had grown over the years since the original NTP code was implemented 25 years ago. Using a powerful weedwacker, much of the shrubbery has been removed, with effect a substantial reduction in size of almost 40 percent.</li>
+			<li>The entire distribution has been converted to gnu <tt>automake</tt>, which should greatly ease the task of porting to new and different programming environments, as well as reduce the incidence of bugs due to improper handling of idiosyncratic kernel functions. Version control is provided by Bitkeeper using an online repository at www.ntp.org. Trouble ticket reporting is provided using Bugzilla.</li>
+			<li>Several new options have been added for the <tt>ntpd</tt> command line. For the inveterate knob twiddlers several of the more important performance variables can be changed to fit actual or perceived special conditions. In particular, the <tt>tos</tt> and <tt>tos</tt> commands can be used to adjust thresholds, throw switches and change limits.</li>
+			<li>The <tt>ntpd</tt> daemon can be operated in a one-time mode similar to <tt>ntpdate</tt>, which program is headed for retirement. See the <a href="ntpd.html"><tt>ntpd</tt> - Network Time Protocol (NTP) daemon</a> page for the new features.</li>
 		</ol>
 		<h4>Nasty Surprises</h4>
 		<p>There are a few things different about this release that have changed since the latest NTP Version 3 release. Following are a few things to worry about:</p>
 		<ol>
-			<li>When both IPv4 and IPv6 address families are in use, the host's resolver library may not choose the intended address family if a server has an IPv4 and IPv6 address associated with the same DNS name. The solution is to use the IPv4 or IPv6 address directly in such cases or use another DNS name that resolves to the intended address family. Older versions of <tt>ntpdc</tt> will only show the IPv4 associations with the <tt>peers</tt> and other simular commands. Older versions of <tt>ntpq</tt> will show 0.0.0.0 for IPv6 associations with the <tt>peers</tt> and other simular commands.
-			<li>There is a minor change to the reference ID field of the NTP packet header when operating with IPv6 associations. In IPv4 associations this field contains the 32-bit IPv4 address of the server, in order to detect and avoid loops. In IPv6 associations this field contains the first 32-bits of a MD5 hash formed from the address (IPv4 or IPv6) each of the configured associations. Normally, this detail would not be of concern; however, the <tt>ntptrace</tt> program originally depended on that field in order to display a server traceback to the primary reference source. This program has now been replaced by a script that does the same function, but does not depend on the reference ID field. The <tt>ntpdc</tt> utility now uses a special version number to communicate with the <tt>ntpd</tt> server. The server uses this version number to select which address family to used in reply packets. The <tt>ntpdc</tt> program falls back to the older version behavior when communicating with older NTP versions.
-			<li>As required by Defense Trade Regulations (DTR), the cryptographic routines supporting the Data Encryption Standard (DES) have been removed from the base distribution of NTPv3. For NTPv4 a new interface has been implemented for the OpenSSL cryptographic library, which is widely available on the web at www.openssl.org. This library replaces the library formerly available from RSA Laboratories. Besides being somewhat faster and more widely available, the OpenSSL library supports many additional cryptographic algorithms, which are now selectable at run time. Directions for using OpenSSL are in the <a href="build/build.html">Building and Installing the Distribution</a> page.
-			<li>As the result of the above, the <tt>./authstuff</tt> directory, intended as a development and testing aid for porting cryptographic routines to exotic architectures, has been removed. Testing and conformance validation tools are in the OpenSSL software distrbution.
-			<li>The NTPv4 enable and disable commands have a few changes in the arguments. See the <tt>ntpd</tt> <a href="miscopt.html">Miscellaneous Options</a> page for details. Note that the <tt>authenticate</tt> command has been removed.
-			<li>To help reduce the level of spurious network traffic due to obsolete configuration files, a special control message called the <i>kiss-o'-death</i> packet has been implemented. If enabled and a packet is denied service or exceeds the client limits, a compliant server will send this message to the client. A compliant client will cease further transmission and send a message to the system log. See the <a href="accopt.html">Authentication Options</a> page for further information.
-			<li>The <tt>tty_clk</tt> and <tt>ppsclock</tt> pulse-per-second (PPS) line discipline/streams modules are no longer supported. The PPS function is now handled by the <a href="drivers/driver22.html">PPS Clock Discipline</a> driver, which uses the new PPSAPI application program interface adopted by the IETF. Note that the <tt>pps</tt> configuration file command has been obsoleted by the driver. See the <a href="pps.html">Pulse-per-second (PPS) Signal Interfacing</a> page for further information.
-			<li>Support for the NTPv1 symmetric mode has been discontinued, since it hasn't worked for years. Support continues for the NTPv1 client mode, which is used in some SNTP clients.
-			<li>The precision time support in stock Solaris 2.6 has bugs that were fixed in 2.7. A patch is available that fixes the 2.6 bugs. The 2.6 PPS kernel discipline has been disabled by default. For testing, the kernel can be enabled using the <tt>enable kernel</tt> command either in the configuration file or via <tt>ntpdc</tt>.
-			<li>The HTML documentation has been partially updated. However, most of the NTPv3 documentation continues to apply to NTPv4. Until a comprehensive update happens, what you see is what you get. We are always happy to accept comments, corrections and bug reports. However, we are most thrilled upon receipt of patches to fix the dang bugs. <b>Please send bug reports to <a href="mailto:bugs@ntp.org">bugs@ntp.org</a>, not the individual members on the team</b>.
-		</ol>
+			<li>Some configuration commands have been removed, others added and some changed in minor ways. See the Commands and Options collection on the <a href="sitemap.html">Site Map</a> page.</li>
+			<li>When both IPv4 and IPv6 address families are in use, the host's resolver library may not choose the intended address family if a server has an IPv4 and IPv6 address associated with the same DNS name. The solution is to use the IPv4 or IPv6 address directly in such cases or use another DNS name that resolves to the intended address family. Older versions of <tt>ntpdc</tt> will show only the IPv4 associations with the <tt>peers</tt> and some other commands. Older versions of <tt>ntpq</tt> will show 0.0.0.0 for IPv6 associations with the <tt>peers</tt> and some other commands.</li>
+			<li>There is a minor change to the reference ID field of the NTP packet header when operating with IPv6 associations. In IPv4 associations this field contains the 32-bit IPv4 address of the server, in order to detect and avoid loops. In IPv6 associations this field contains the first 32-bits of a MD5 hash formed from the IPv6 address. All programs in the distribution have been modified to work with both address families.</li>
+			<li>The <tt>tty_clk</tt> and <tt>ppsclock</tt> pulse-per-second (PPS) line discipline/streams modules are no longer supported. The PPS function is now handled by the <a href="drivers/driver22.html">PPS Clock Discipline</a> driver, which uses the new PPSAPI application program interface adopted by the IETF. Note that the <tt>pps</tt> configuration file command has been obsoleted by the driver. See the <a href="pps.html">Pulse-per-second (PPS) Signal Interfacing</a> page for further information.</li>
+			<li>Support for the NTPv1 symmetric mode has been discontinued, since it hasn't worked for years. Support continues for the NTPv1 client mode, which is used by some SNTP clients.</li>
+			</ol>
 		<hr>
 		<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
 	</body>
diff --git a/html/scripts/accopt.txt b/html/scripts/accopt.txt
new file mode 100644
index 0000000..36d7333
--- /dev/null
+++ b/html/scripts/accopt.txt
@@ -0,0 +1,5 @@
+document.write("<h4>Access Control Commands</h4><p><ul>\
+<li class='inline'><a href='accopt.html#discard'>discard - specify headway parameters</a><br>\
+<li class='inline'><a href='accopt.html#restrict'>restrict - specify access restrictions</a><br>\
+<li class='inline'><a href='comdex.html'>Command Index</a></p>\
+</ul>")
\ No newline at end of file
diff --git a/html/build/scripts/links8.txt b/html/scripts/audio.txt
index af33dca..b5aca70 100644
--- a/html/build/scripts/links8.txt
+++ b/html/scripts/audio.txt
@@ -1,6 +1,7 @@
-document.write("<ul>\
-<li class='inline'><a href='refclock.html'>Reference Clock Drivers</a><br>\
+document.write("<ul><p>Reference Clock Audio Drivers<br><ul>\
+<li class='inline'><a href='audio.html'>Reference Clock Audio Drivers</a><br>\
 <li class='inline'><a href='drivers/driver7.html'>Radio CHU Audio Demodulator/Decoder</a><br>\
 <li class='inline'><a href='drivers/driver36.html'>Radio WWV/H Audio Demodulator/Decoder</a><br>\
 <li class='inline'><a href='drivers/driver6.html'>IRIG Audio Decoder</a>\
-</ul>")
\ No newline at end of file
+<li class='inline'><a href='sitemap.html'>Site Map</a></p>\
+</ul></ul>")
\ No newline at end of file
diff --git a/html/scripts/authopt.txt b/html/scripts/authopt.txt
new file mode 100644
index 0000000..be9a074
--- /dev/null
+++ b/html/scripts/authopt.txt
@@ -0,0 +1,10 @@
+document.write("<h4>Authentication Commands</h4><p><ul>\
+<li class='inline'><a href='authopt.html#automax'>automax - specify Autokey regeneration interval</a><br>\
+<li class='inline'><a href='authopt.html#controlkey'>controlkey - specify control key ID</a><br>\
+<li class='inline'><a href='authopt.html#crypto'>crypto - configure Autokey parameters</a><br>\
+<li class='inline'><a href='authopt.html#keysdir'>keysdir - specify Autokey key directory</a><br>\
+<li class='inline'><a href='authopt.html#requestkey'>requestkey - specify request key ID</a><br>\
+<li class='inline'><a href='authopt.html#revoke'>revoke - specify Autokey randomization interval</a><br>\
+<li class='inline'><a href='authopt.html#trustedkey'>trustedkey - specify trusted key IDs</a><br>\
+<li class='inline'><a href='comdex.html'>Command Index</a></p>\
+</ul>")
\ No newline at end of file
diff --git a/html/scripts/clockopt.txt b/html/scripts/clockopt.txt
new file mode 100644
index 0000000..290ad4e
--- /dev/null
+++ b/html/scripts/clockopt.txt
@@ -0,0 +1,5 @@
+document.write("<h4>Reference Clock Commands</h4><p><ul>\
+<li class='inline'><a href='clockopt.html#server'>server - specify reference clock server</a><br>\
+<li class='inline'><a href='clockopt.html#fudge'>fudge - specify fudge parameters</a><br>\
+<li class='inline'><a href='comdex.html'>Command Index</a></p>\
+</ul>")
\ No newline at end of file
diff --git a/html/scripts/command.txt b/html/scripts/command.txt
new file mode 100644
index 0000000..9d5f64b
--- /dev/null
+++ b/html/scripts/command.txt
@@ -0,0 +1,11 @@
+document.write("<ul><p>Configuration Commands and Options<br><ul>\
+<li class='inline'><a href='comdex.html'>Command Index</a><br>\
+<li class='inline'><a href='confopt.html'>Server Options</a><br>\
+<li class='inline'><a href='accopt.html'>Access Control Options</a><br>\
+<li class='inline'><a href='authopt.html'>Authentication Options</a><br>\
+<li class='inline'><a href='monopt.html'>Monitoring Options</a><br>\
+<li class='inline'><a href='clockopt.html'>Reference Clock Options</a><br>\
+<li class='inline'><a href='miscopt.html'>Miscellaneous Options</a><br>\
+<li class='inline'><a href='ntp_conf.html'>Configuration File Definition (Advanced)</a><br>\
+<li class='inline'><a href='sitemap.html'>Site Map</a></p>\
+</ul></ul>")
\ No newline at end of file
diff --git a/html/scripts/config.txt b/html/scripts/config.txt
new file mode 100644
index 0000000..0c96ceb
--- /dev/null
+++ b/html/scripts/config.txt
@@ -0,0 +1,7 @@
+document.write("<ul><p>Client and Server Configuration<br>\
+<ul>\
+<li class='inline'><a href='assoc.html'>Association Management</a><br>\
+<li class='inline'><a href='rate.html'>Rate Management and the Kiss-o'-Death Packet</a><br>\
+<li class='inline'><a href='manyopt.html'>Automatic Server Discovery</a><br>\
+<li class='inline'><a href='sitemap.html'>Site Map</a></p>\
+</ul></ul>")
\ No newline at end of file
diff --git a/html/scripts/confopt.txt b/html/scripts/confopt.txt
new file mode 100644
index 0000000..9fb1d38
--- /dev/null
+++ b/html/scripts/confopt.txt
@@ -0,0 +1,12 @@
+document.write("<h4>Server Commands</h4><p><ul>\
+<li class='inline'><a href='confopt.html#server'>server - configure client association</a><br>\
+<li class='inline'><a href='confopt.html#server'>peer - configure symmetric peer association</a><br>\
+<li class='inline'><a href='confopt.html#server'>broadcast - configure broadcast server association</a><br>\
+<li class='inline'><a href='confopt.html#server'>manycastclient - configure manycast client  association</a><br>\
+<li class='inline'><a href='confopt.html#server'>pool - configure pool association</a><br>\
+<li class='inline'><a href='confopt.html#server'>unpeer - remove association</a><br>\
+<li class='inline'><a href='confopt.html#broadcastclient'>broadcastclient - enable broadcast client</a><br>\
+<li class='inline'><a href='confopt.html#manycastserver'>manycastserver - enable manycast server</a><br>\
+<li class='inline'><a href='confopt.html#multicastclient'>multicastclient - enable multicast client</a><br>\
+<li class='inline'><a href='comdex.html'>Command Index</a></p>\
+</ul>")
\ No newline at end of file
diff --git a/html/scripts/external.txt b/html/scripts/external.txt
new file mode 100644
index 0000000..2cf13be
--- /dev/null
+++ b/html/scripts/external.txt
@@ -0,0 +1,15 @@
+document.write("<ul><p>External Links<br><ul>\
+<li class='inline'><a href='http://www.eecis.udel.edu/~mills/book.html'>Computer Network Time Synchronization - The Network Time Protocol (book)</a><br>\
+<li class='inline'><a href='http://www.ntp.org/index.html'>NTP Public Services Project (home page)</a><br>\
+<li class='inline'><a href='http://www.eecis.udel.edu/~mills/ntp.html'>NTP Research Project (home page)</a><br>\
+<li class='inline'><a href='http://www.eecis.udel.edu/~mills/exec.html'>Executive Summary: Computer Network Time Synchronization</a><br>\
+<li class='inline'><a href='http://www.eecis.udel.edu/~mills/leap.html'>The NTP Timescale and Leap Seconds</a><br>\
+<li class='inline'><a href='http://www.eecis.udel.edu/~mills/time.html'>NTP Timestamp Calculations</a><br>\
+<li class='inline'><a href='http://www.eecis.udel.edu/~mills/y2k.html'>The NTP Era and Era Numbering</a><br>\
+<li class='inline'><a href='http://www.eecis.udel.edu/~mills/stamp.html'>Timestamp Capture Principles</a><br>\
+<li class='inline'><a href='http://www.eecis.udel.edu/~mills/autocfg.html'>Autonomous Configuration</a><br>\
+<li class='inline'><a href='http://www.eecis.udel.edu/~mills/autokey.html'>Autonomous Authentication</a><br>\
+<li class='inline'><a href='http://www.eecis.udel.edu/~mills/proto.html'>Autokey Protocol</a><br>\
+<li class='inline'><a href='http://www.eecis.udel.edu/~mills/ident.html'>Autokey Identity Schemes</a><br>\
+<li class='inline'><a href='sitemap.html'>Site Map</a><\p>\
+</ul></ul>")
\ No newline at end of file
diff --git a/html/scripts/install.txt b/html/scripts/install.txt
new file mode 100644
index 0000000..8268f47
--- /dev/null
+++ b/html/scripts/install.txt
@@ -0,0 +1,12 @@
+document.write("<ul><p>Build and Install<br><ul>\
+<li class='inline'><a href='build.html'>Building and Installing the Distribution</a><br>\
+<li class='inline'><a href='quick.html'>Quick Start</a><br>\
+<li class='inline'><a href='release.html'>Release Notes</a><br>\
+<li class='inline'><a href='config.html'>Build Options</a><br>\
+<li class='inline'><a href='debug.html'>NTP Debugging Techniques</a><br>\
+<li class='inline'><a href='rdebug.html'>Debugging Reference Clock Drivers</a><br>\
+<li class='inline'><a href='decode.html'><tt>ntpd</tt> Event Messages and Status Words</a><br>\
+<li class='inline'><a href='msyslog.html'><tt>ntpd</tt> System Log Messages</a><br>\
+<li class='inline'><a href='bugs.html'>NTP Bug Reporting Procedures</a><br>\
+<li class='inline'><a href='sitemap.html'>Site Map</a></p>\
+</ul></ul>")
\ No newline at end of file
diff --git a/html/scripts/links10.txt b/html/scripts/links10.txt
deleted file mode 100644
index 880e379..0000000
--- a/html/scripts/links10.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-document.write("<ul>\

-<li class='inline'><a href='refclock.html'>Reference Clock Drivers</a><br>\

-<li class='inline'><a href='prefer.html'>Mitigation Rules and the <tt>prefer</tt> Keyword</a><br>\

-<li class='inline'><a href='howto.html'>How to Write a Reference Clock Driver</a><br>\

-</ul>")
\ No newline at end of file
diff --git a/html/scripts/links11.txt b/html/scripts/links11.txt
deleted file mode 100644
index 59e7017..0000000
--- a/html/scripts/links11.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-document.write("<ul>\

-<li class='inline'><a href='refclock.html'>Reference Clock Drivers</a><br>\

-<li class='inline'><a href='pps.html'>Pulse-per-second (PPS) Signal Interfacing</a><br>\

-<li class='inline'><a href='ldisc.html'>Line Disciplines and Streams Modules</a><br>\

-<li class='inline'><a href='kernpps.html'>PPSAPI Interface for Precision Time Signals</a><br>\
-<li class='inline'><a href='gadget.html'>Gadget Box PPS Level Converter and CHU Modem</a><br>\
-</ul>")
\ No newline at end of file
diff --git a/html/scripts/links12.txt b/html/scripts/links12.txt
deleted file mode 100644
index 7ca9249..0000000
--- a/html/scripts/links12.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-document.write("<ul>\

-<li class='inline'><a href='debug.html'>NTP Debugging Techniques</a><br>\

-<li class='inline'><a href='rdebug.html'>Debugging Reference Clock Drivers</a><br>\

-<li class='inline'><a href='msyslog.html'><tt>ntpd</tt> System Log Messages</a><br>\

-</ul>")
\ No newline at end of file
diff --git a/html/scripts/links7.txt b/html/scripts/links7.txt
deleted file mode 100644
index 0d33473..0000000
--- a/html/scripts/links7.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-document.write("<ul>\

-<li class='inline'><a href='confopt.html'>Server Options</a><br>\

-<li class='inline'><a href='authopt.html'>Authentication Options</a><br>\

-<li class='inline'><a href='monopt.html'>Monitoring Options</a><br>\

-<li class='inline'><a href='ntp_conf.html'>Configuration File Definition (Advanced)</a><br>\
-</ul>")
\ No newline at end of file
diff --git a/html/scripts/links8.txt b/html/scripts/links8.txt
deleted file mode 100644
index 135310c..0000000
--- a/html/scripts/links8.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-document.write("<ul>\

-<li class='inline'><a href='refclock.html'>Reference Clock Drivers</a><br>\

-<li class='inline'><a href='drivers/driver7.html'>Radio CHU Audio Demodulator/Decoder</a><br>\
-<li class='inline'><a href='drivers/driver36.html'>Radio WWV/H Audio Demodulator/Decoder</a><br>\
-<li class='inline'><a href='drivers/driver6.html'>IRIG Audio Decoder</a>\
-</ul>")
\ No newline at end of file
diff --git a/html/scripts/links9.txt b/html/scripts/links9.txt
deleted file mode 100644
index 6ea32f0..0000000
--- a/html/scripts/links9.txt
+++ /dev/null
@@ -1,8 +0,0 @@
-document.write("<ul>\

-<li class='inline'><a href='authopt.html'>Authentication Options</a><br>\

-<li class='inline'><a href='manyopt.html'>Automatic NTP Configuration Options</a><br>\

-<li class='inline'><a href='confopt.html'>Server Options</a><br>\

-<li class='inline'><a href='groups.html'>Trusted Hosts and Groups</a><br>\
-<li class='inline'><a href='keygen.html'><tt>ntp-keygen</tt> - generate public and private keys</a>\
-<li class='inline'><a href='http://www.eecis.udel.edu/~mills/autokey.html'>Autonomous Authentication</a>\

-</ul>")
\ No newline at end of file
diff --git a/html/scripts/manual.txt b/html/scripts/manual.txt
new file mode 100644
index 0000000..545b413
--- /dev/null
+++ b/html/scripts/manual.txt
@@ -0,0 +1,13 @@
+document.write("<ul><p>Program Manual Pages<br><ul>\
+<li class='inline'><a href='ntpd.html'><tt>ntpd</tt> - Network Time Protocol (NTP) daemon</a><br>\
+<li class='inline'><a href='ntpq.html'><tt>ntpq</tt> - standard NTP query program</a><br>\
+<li class='inline'><a href='ntpdc.html'><tt>ntpdc</tt> - special NTP query program</a><br>\
+<li class='inline'><a href='ntpdate.html'><tt>ntpdate</tt> - set the date and time via NTP</a><br>\
+<li class='inline'><a href='sntp.html'><tt>sntp</tt> - Simple Network Time Protocol (SNTP) client</a><br>\
+<li class='inline'><a href='ntptrace.html'><tt>ntptrace</tt> - trace a chain of NTP servers back to the primary source</a><br>\
+<li class='inline'><a href='tickadj.html'><tt>tickadj</tt> - set time-related kernel variables</a><br>\
+<li class='inline'><a href='ntptime.html'><tt>ntptime</tt> - read and set kernel time variables</a><br>\
+<li class='inline'><a href='keygen.html'><tt>ntp-keygen</tt> - generate public and private keys</a><br>\
+<li class='inline'><a href='ntpdsim_new.html'><tt>ntpdsim</tt> - Network Time Protocol (NTP) simulator</a><br>\
+<li class='inline'><a href='sitemap.html'>Site Map</a></p>\
+</ul></ul>")
\ No newline at end of file
diff --git a/html/scripts/misc.txt b/html/scripts/misc.txt
new file mode 100644
index 0000000..b88cf79
--- /dev/null
+++ b/html/scripts/misc.txt
@@ -0,0 +1,9 @@
+document.write("<ul><p>Miscellaneous<br><ul>\
+<li class='inline'><a href='copyright.html'>Copyright Notice</a><br>\
+<li class='inline'><a href='prefer.html'>Mitigation Rules and the <tt>prefer</tt> Keyword</a><br>\
+<li class='inline'><a href='kern.html'>Kernel Model for Precision Timekeeping</a><br>\
+<li class='inline'><a href='kernpps.html'>PPSAPI Interface for Precision Time Signals</a><br>\
+<li class='inline'><a href='pps.html'>Pulse-per-second (PPS) Signal Interfacing</a><br>\
+<li class='inline'><a href='gadget.html'>Gadget Box PPS Level Converter and CHU Modem</a><br>\
+<li class='inline'><a href='sitemap.html'>Site Map</a></p>\
+</ul></ul>")
\ No newline at end of file
diff --git a/html/scripts/miscopt.txt b/html/scripts/miscopt.txt
new file mode 100644
index 0000000..3506c4d
--- /dev/null
+++ b/html/scripts/miscopt.txt
@@ -0,0 +1,19 @@
+document.write("<h4>Miscellaneous Commands</h4><p><ul>\
+<li class='inline'><a href='miscopt.html#broadcastdelay'>broadcastdelay - specify broadcast delay</a><br>\
+<li class='inline'><a href='miscopt.html#driftfile'>driftfile - specify frequency file</a><br>\
+<li class='inline'><a href='miscopt.html#enable'>enable - enable options</a><br>\
+<li class='inline'><a href='miscopt.html#enable'>disable - disable options</a><br>\
+<li class='inline'><a href='miscopt.html#includefile'>includefile - specify include file</a><br>\
+<li class='inline'><a href='miscopt.html#interface'>interface - specify which local network addresses to use</a><br>\
+<li class='inline'><a href='miscopt.html#leapfile'>leapfile - specify leapseconds file</a><br>\
+<li class='inline'><a href='miscopt.html#logconfig'>logconfig - configure log file</a><br>\
+<li class='inline'><a href='miscopt.html#interface'>nic - alias for interface</a><br>\
+<li class='inline'><a href='miscopt.html#phone'>phone - specify modem phone numbers</a><br>\
+<li class='inline'><a href='miscopt.html#saveconfigdir'>saveconfigdir - specify saveconfig directory</a><br>\
+<li class='inline'><a href='miscopt.html#setvar'>setvar - set system variables</a><br>\
+<li class='inline'><a href='miscopt.html#tinker'>tinker - modify sacred system parameters (dangerous)</a><br>\
+<li class='inline'><a href='miscopt.html#tos'>tos - modify service parameters</a><br>\
+<li class='inline'><a href='miscopt.html#trap'>trap - set trap address</a><br>\
+<li class='inline'><a href='miscopt.html#ttl'>ttl - set time to live</a><br>\
+<li class='inline'><a href='comdex.html'>Command Index</a></p>\
+</ul>")
\ No newline at end of file
diff --git a/html/scripts/monopt.txt b/html/scripts/monopt.txt
new file mode 100644
index 0000000..857401f
--- /dev/null
+++ b/html/scripts/monopt.txt
@@ -0,0 +1,5 @@
+document.write("<h4>Monitoring Commands</h4><p><ul>\
+<li class='inline'><a href='monopt.html#filegen'>filegen - specify monitor files</a><br>\
+<li class='inline'><a href='monopt.html#statsdir'>statsdir - specify monitor files directory</a><br>\
+<li class='inline'><a href='comdex.html'>Command Index</a></p>\
+</ul>")
\ No newline at end of file
diff --git a/html/scripts/refclock.txt b/html/scripts/refclock.txt
new file mode 100644
index 0000000..4f1a647
--- /dev/null
+++ b/html/scripts/refclock.txt
@@ -0,0 +1,7 @@
+document.write("<ul><p>Reference Clock Support<br><ul>\
+<li class='inline'><a href='refclock.html'>Reference Clock Drivers</a><br>\
+<li class='inline'><a href='extern.html'>External Clock Discipline and the Local Clock Driver</a><br>\
+<li class='inline'><a href='howto.html'>How to Write a Reference Clock Driver</a><br>\
+<li class='inline'><a href='howto.html'>How to build new PARSE clocks</a><br>\
+<li class='inline'><a href='sitemap.html'>Site Map</a></p>\
+</ul></ul>")
\ No newline at end of file
diff --git a/html/sitemap.html b/html/sitemap.html
new file mode 100644
index 0000000..0dd5705
--- /dev/null
+++ b/html/sitemap.html
@@ -0,0 +1,36 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+
+<html>
+
+	<head>
+		<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
+		<meta name="generator" content="HTML Tidy, see www.w3.org">
+		<title>Site Map</title>
+		<link href="scripts/style.css" type="text/css" rel="stylesheet">
+	</head>
+
+	<body>
+		<h3>Site Map</h3>
+		<img src="pic/alice15.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/%7emills/pictures.html">from <i>Alice in Wonderland</i>, Lewis Carroll</a>
+		<p>Welcome to the tea party.</p>
+		<p>Last update:
+			<!-- #BeginDate format:En2m -->08-Apr-2009  2:54<!-- #EndDate --> 
+			UTC<br clear="left">
+		</p>
+	<h4>Related Links</h4>
+		<script type="text/javascript" language="javascript" src="scripts/install.txt"></script>
+		<script type="text/javascript" language="javascript" src="scripts/manual.txt"></script>
+		<script type="text/javascript" language="javascript" src="scripts/command.txt"></script>
+		<script type="text/javascript" language="javascript" src="scripts/config.txt"></script>
+		<script type="text/javascript" language="javascript" src="scripts/refclock.txt"></script>
+		<script type="text/javascript" language="javascript" src="scripts/audio.txt"></script>
+		<script type="text/javascript" language="javascript" src="scripts/misc.txt"></script>
+		<script type="text/javascript" language="javascript" src="scripts/external.txt"></script>
+		<hr>
+		<div align="center">
+			<img src="pic/tribeb.gif" alt="gif"></div>
+		<br>
+		<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
+	</body>
+
+</html>
\ No newline at end of file
diff --git a/html/sntp.html b/html/sntp.html
index 839271e..93a34ab 100644
--- a/html/sntp.html
+++ b/html/sntp.html
@@ -4,22 +4,21 @@
 
 	<head>
 		<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
-		<title>Simple Network Time Protocol (SNTP) Client</title>
+		<title><tt>sntp</tt> - Simple Network Time Protocol (SNTP) Client</title>
 		<link href="scripts/style.css" type="text/css" rel="stylesheet">
 	</head>
 
 	<body>
-		<h3>Simple Network Time Protocol (SNTP) Client</h3>
+		<h3><tt>sntp</tt> - Simple Network Time Protocol (SNTP) Client</h3>
 		<img src="pic/dogsnake.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/~mills/pictures.html">from <i>Alice's Adventures in Wonderland</i>, Lewis Carroll</a>
-		<p>S is for snakeoil</p>
-		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">18:50</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="246">Thursday, July 28, 2005</csobj></p>
+		<p>S is for snakeoil.</p>
+		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">16:31</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="289">Wednesday, March 12, 2008</csobj></p>
 		<br clear="left">
 		<hr>
 		<h4>Synopsis</h4>
 		<tt>sntp [{-h --help -?}][{ -v -V -W }][{-r -a}][-P <i>prompt</i>][-e <i>minerr</i>][-E <i>maxerr</i>][-c <i>count</i>][-d <i>delay</i>][address(es)]</tt>
 		<h4>Description</h4>
-		<p>This program is a Simple Network Time Protocol (SNTP) client that can be used to query a Network TIme Protocol (NTP) server and display the time offset of the system clock relative to the server clock. Run as root it can correct the system clock to this offset as well. It can be run as an interactive command or from a script by a <tt>cron</tt> job. The program implements the SNTP protocol defined in RFC-2030, which is a subset of the NTP&nbsp;protocol defined in RFC-1305, but does not provide the sanity checks, access controls, security functions and mitigation algorithms as in the full NTP implementation.</p>
-		<p>While this program can do other things, including operation as a primitive server, some of these things are truly dangerous in a ubiquitous public time server network. A full disclosure is in the man page in the <tt>./sntp</tt> directory, but be truly advised RFC-2030 specifically <b>forbids</b> a SNTP client to operate as a server for other NTP or SNTP&nbsp;clients. If such operation is contemplated, do <b>not</b>&nbsp;allow access by clients on the public Internet.</p>
+		<p>This program is a Simple Network Time Protocol (SNTP) client that can be used to query a Network Time Protocol (NTP) server and display the time offset of the system clock relative to the server clock. Run as root it can correct the system clock to this offset as well. It can be run as an interactive command or from a script by a <tt>cron</tt> job. The program implements the SNTP protocol defined in RFC-4330, which is a subset of the NTP&nbsp;protocol defined in RFC-1305, but does not provide the sanity checks, access controls, security functions and mitigation algorithms as in the full NTP implementation.</p>
 		<p>By default, <tt>sntp</tt> writes the local date and time (i.e., not UTC) to the standard output in the format</p>
 		<p><tt>1996 Oct 15 20:17:25.123 + 4.567 +/- 0.089 secs</tt>,</p>
 		<p>where the <tt>+ 4.567 +/- 0.089 secs</tt> indicates the time offset and error bound of the system clock relative to the server clock.</p>
diff --git a/html/tickadj.html b/html/tickadj.html
index 14559ed..7a30f53 100644
--- a/html/tickadj.html
+++ b/html/tickadj.html
@@ -11,12 +11,15 @@
 
 	<body>
 		<h3><tt>tickadj</tt> - set time-related kernel variables</h3>
-		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">18:50</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="246">Thursday, July 28, 2005</csobj></p>
+		<p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">18:53</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="308">Wednesday, January 16, 2008</csobj></p>
 		<hr>
 		<h4>Synopsis</h4>
-		<tt>tickadj [ -Aqs ] [ -a <i>tickadj</i> ] [ -t <i>tick</i> ]</tt>
+		<p><tt>tickadj [ <i>tick</i> ]</tt></p>
+		<p><tt>tickadj [ -Aqs ] [ -a <i>tickadj</i> ] [ -t <i>tick</i> ]</tt></p>
 		<h4>Description</h4>
-		<p>The <tt>tickadj</tt> program reads, and optionally modifies, several timekeeping-related variables in older kernels that do not have support for precision ttimekeeping, including HP-UX, SunOS, Ultrix, SGI and probably others. Those machines provide means to patch the kernel <tt>/dev/kmem</tt>. Newer machines with precision time support, including Solaris, Tru64, FreeBSD and Linux (with PPSkit patch) should NOT use the program. The particular variables that can be changed with <tt>tickadj</tt> include <tt>tick</tt>, which is the number of microseconds added to the system time for a clock interrupt, <tt>tickadj</tt>, which sets the slew rate and resolution used by the <tt>adjtime</tt> system call, and <tt>dosynctodr</tt>, which indicates to the kernels on some machines whether they should internally adjust the system clock to keep it in line with time-of-day clock or not.</p>
+		<p>The <tt>tickadj</tt> program reads, and optionally modifies, several timekeeping-related variables in older kernels that do not have support for precision ttimekeeping, including HP-UX, SunOS, Ultrix, SGI and probably others. Those machines provide means to patch the kernel <tt>/dev/kmem</tt>. Newer machines with kernel time support, including Solaris, Tru64, FreeBSD and Linux, should NOT use the program, even if it appears to work, as it will destabilize the kernel time support. Use the <a href="ntptime.html"><tt>ntptime</tt></a> program instead.</p>
+		<p>The particular variables that can be changed with <tt>tickadj</tt> include <tt>tick</tt>, which is the number of microseconds added to the system time for a clock interrupt, <tt>tickadj</tt>, which sets the slew rate and resolution used by the <tt>adjtime</tt> system call, and <tt>dosynctodr</tt>, which indicates to the kernels on some machines whether they should internally adjust the system clock to keep it in line with time-of-day clock or not.</p>
+		<p>On Linux, only the <tt>tick</tt> variable is supported and the only allowed argument is the tick value.</p>
 		<p>By default, with no arguments, <tt>tickadj</tt> reads the variables of interest in the kernel and displays them. At the same time, it determines an &quot;optimal&quot; value for the value of the <tt>tickadj</tt> variable if the intent is to run the <tt>ntpd</tt> Network Time Protocol (NTP) daemon, and prints this as well. Since the operation of <tt>tickadj</tt> when reading the kernel mimics the operation of similar parts of the <tt>ntpd</tt> program fairly closely, this can be useful when debugging problems with <tt>ntpd</tt>.</p>
 		<p>Note that <tt>tickadj</tt> should be run with some caution when being used for the first time on different types of machines. The operations which <tt>tickadj</tt> tries to perform are not guaranteed to work on all Unix machines and may in rare cases cause the kernel to crash.</p>
 		<h4>Command Line Options</h4>
@@ -28,18 +31,14 @@
 			<dt><tt>-t <i>tick</i></tt>
 			<dd>Set the kernel variable <tt>tick</tt> to the value <i><tt>tick</tt></i> specified.
 			<dt><tt>-s</tt>
-			<dd>Set the kernel variable <tt>dosynctodr</tt> to zero, which disables the hardware time-of-year clock, a prerequisite for running the <tt>ntpd</tt> daemon under SunOS4.
-			<dt><tt>-q</tt>
+			<dd>Set the kernel variable <tt>dosynctodr</tt> to zero, which disables the hardware time-of-year clock, a prerequisite for running the <tt>ntpd</tt> daemon under SunOS 4.x.<dt><tt>-q</tt>
 			<dd>Normally, <tt>tickadj</tt> is quite verbose about what it is doing. The <tt>-q</tt> flag tells it to shut up about everything except errors.
 		</dl>
 		<h4>Files</h4>
-		<pre>
-/vmunix
-
-/unix
-
-/dev/kmem
-</pre>
+		<tt>/vmunix<br>
+			/unix<br>
+			/dev/kmem<br>
+		</tt>
 		<h4>Bugs</h4>
 		Fiddling with kernel variables at run time as a part of ordinary operations is a hideous practice which is only necessary to make up for deficiencies in the implementation of <tt>adjtime</tt> in many kernels and/or brokenness of the system clock in some vendors' kernels. It would be much better if the kernels were fixed and the <tt>tickadj</tt> program went away.
 		<hr>
diff --git a/html/xleave.html b/html/xleave.html
new file mode 100644
index 0000000..7e98ca9
--- /dev/null
+++ b/html/xleave.html
@@ -0,0 +1,42 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+
+<html>
+
+	<head>
+		<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
+		<meta name="generator" content="HTML Tidy, see www.w3.org">
+		<title>NTP Interleaved Modes</title>
+		<link href="scripts/style.css" type="text/css" rel="stylesheet">
+	</head>
+
+	<body>
+		<h3>NTP Interleaved Modes </h3>
+		<img src="pic/pogo4.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/%7emills/pictures.html">from <i>Pogo</i>, Walt Kelly</a>
+		<p>You need a little magic.</p>
+		<p>Last update: 
+			<!-- #BeginDate format:En2m -->03-May-2009  3:37<!-- #EndDate -->
+		UTC</p>
+<br clear="left">
+		<hr>
+		<p>In the protocol described in the NTP specification and implemented today the transmit timestamp is captured before the MD5 digest is computed and the packet is sent, while the receive timestamp is captured after the packet is received.  For enhanced accuracy it is desirable to capture the timestamps as close to the wire as possible; i.e., with hardware assist or with a modified driver.</p>
+		<p> The problem is, while the receive timestamp could in principle  be piggybacked in the receive buffer, the transmit timestamp cannot ordinarily be transmitted in the same packet. A solution for this problem is the two-step or interleaved protocol described on this page and included in the the current reference implementation. In this experimental variant the transmit timestamp for one packet is actually carried in the immediately following packet. The trick, however, is to implement the interleaved protocol without changing the NTP packet header format, without compromising backwards compatibility and without compromising the error recovery properties.</p>
+		<p>Currently, the reference implementation uses only software timestamps (softstamps). The receive softstamp is captured at software interrupt time and before the buffer is queued for later processing. The reference implementation captures a softstamp before the message digest routine and another after the send-packet routine. In this design the latter timestamp can be considered most accurate, as it avoids the kernel latencies and queueing mechanisms. The difference, called the interleaved or output delay, varies from 16 <font face="symbol">m</font>s for a dual-core, 2.8 GHz Pentium 4 running FreeBSD 6.1 to 1100 <font face="symbol">m</font>s for a Sun Blade 1500 running Solaris 10.</p>
+		<p>Performacne varies widely between machines and network interface cards on a 100-Mb switched Ethernet where the NTP packet is about 1000 bits or 10 <font face="symbol">m</font>s. On two identical Pentium 4 machines in symmetric mode, the measured output delay is 16 <font face="symbol">m</font>s and remaining one-way delay components 45-150 <font face="symbol">m</font>s. Two LAN segments account for 20 <font face="symbol">m</font>s, which leaves 25-130 <font face="symbol">m</font>s for input delay.  On two identical UltraSPARC machines running Solaris 10 in symmetric mode, the measured output delay is 160 <font face="symbol">m</font>s and remaining one-way delay components 195 <font face="symbol">m</font>s. Two LAN segments account for 20 <font face="symbol">m</font>s, which leaves 175 ms for input delay.</p>
+		<p>Performance with the Pentia show a residual jitter of about 20 <font face="symbol">m</font>s, which is by far the best performance so far. However, much better performance could result if the input delay could be reduced or elminated with driver or hardware timestamps. Should that be done, performance should be in the same order as the the PPS and kernel discipline, which is in the order of 2 <font face="symbol">m</font>s.</p>
+		<p>Interleaved modes can be used only in NTP symmetric and broadcast modes.
+			It is activated by the <tt>xleave</tt> option with the <tt>peer</tt> or <tt>broadcast</tt> configuration
+			commands. The NTP protocol automatically reconfigures in normal or
+			interleaved mode as required. Ordinary broadcast clients can use
+			the same servers as interleaved broadcast clients at the same time.
+			Further details are in the white paper <a href="http://www.eecis.udel.edu/~mills/onwire.html">NTP
+			Interleaved On-Wire Protocol</a> and the briefing <a href="http://www.eecis.udel.edu/~mills/database/brief/onwire/onwire.ppt">Interleaved
+			Synchronization Protocols for LANs and Space Data Links</a>.</p>
+		<hr>
+		<div align="center">
+			<img src="pic/pogo1a.gif" alt="gif">
+			</div>
+		<br>
+		<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
+	</body>
+
+</html>
\ No newline at end of file