diff options
Diffstat (limited to 'contrib/ntp/ntpd/ntp.conf.mdoc.in')
-rw-r--r-- | contrib/ntp/ntpd/ntp.conf.mdoc.in | 26 |
1 files changed, 24 insertions, 2 deletions
diff --git a/contrib/ntp/ntpd/ntp.conf.mdoc.in b/contrib/ntp/ntpd/ntp.conf.mdoc.in index 82164a3..a9a3424 100644 --- a/contrib/ntp/ntpd/ntp.conf.mdoc.in +++ b/contrib/ntp/ntpd/ntp.conf.mdoc.in @@ -1,9 +1,9 @@ -.Dd April 26 2016 +.Dd June 2 2016 .Dt NTP_CONF 5 File Formats .Os .\" EDIT THIS FILE WITH CAUTION (ntp.mdoc) .\" -.\" It has been AutoGen-ed April 26, 2016 at 08:28:36 PM by AutoGen 5.18.5 +.\" It has been AutoGen-ed June 2, 2016 at 07:36:16 AM by AutoGen 5.18.5 .\" From the definitions ntp.conf.def .\" and the template file agmdoc-cmd.tpl .Sh NAME @@ -2440,6 +2440,7 @@ The default value is 46, signifying Expedited Forwarding. .Cm calibrate | Cm kernel | .Cm mode7 | Cm monitor | .Cm ntp | Cm stats | +.Cm peer_clear_digest_early | .Cm unpeer_crypto_early | Cm unpeer_crypto_nak_early | Cm unpeer_digest_early .Oc .Xc @@ -2449,6 +2450,7 @@ The default value is 46, signifying Expedited Forwarding. .Cm calibrate | Cm kernel | .Cm mode7 | Cm monitor | .Cm ntp | Cm stats | +.Cm peer_clear_digest_early | .Cm unpeer_crypto_early | Cm unpeer_crypto_nak_early | Cm unpeer_digest_early .Oc .Xc @@ -2516,6 +2518,26 @@ closes the feedback loop, which is useful for testing. The default for this flag is .Ic enable . +.It Cm peer_clear_digest_early +By default, if +.Xr ntpd @NTPD_MS@ +is using autokey and it +receives a crypto\-NAK packet that +passes the duplicate packet and origin timestamp checks +the peer variables are immediately cleared. +While this is generally a feature +as it allows for quick recovery if a server key has changed, +a properly forged and appropriately delivered crypto\-NAK packet +can be used in a DoS attack. +If you have active noticable problems with this type of DoS attack +then you should consider +disabling this option. +You can check your +.Cm peerstats +file for evidence of any of these attacks. +The +default for this flag is +.Ic enable . .It Cm stats Enables the statistics facility. See the |