summaryrefslogtreecommitdiffstats
path: root/usr.sbin/ntp/doc
diff options
context:
space:
mode:
Diffstat (limited to 'usr.sbin/ntp/doc')
-rw-r--r--usr.sbin/ntp/doc/Makefile33
-rw-r--r--usr.sbin/ntp/doc/ntp-keygen.8602
-rw-r--r--usr.sbin/ntp/doc/ntp.conf.52715
-rw-r--r--usr.sbin/ntp/doc/ntp.keys.5120
-rw-r--r--usr.sbin/ntp/doc/ntpd.8612
-rw-r--r--usr.sbin/ntp/doc/ntpdate.8280
-rw-r--r--usr.sbin/ntp/doc/ntpdc.8715
-rw-r--r--usr.sbin/ntp/doc/ntpq.8851
-rw-r--r--usr.sbin/ntp/doc/ntptime.869
-rw-r--r--usr.sbin/ntp/doc/ntptrace.876
10 files changed, 0 insertions, 6073 deletions
diff --git a/usr.sbin/ntp/doc/Makefile b/usr.sbin/ntp/doc/Makefile
deleted file mode 100644
index 64e3571..0000000
--- a/usr.sbin/ntp/doc/Makefile
+++ /dev/null
@@ -1,33 +0,0 @@
-# $FreeBSD$
-
-.include <bsd.own.mk>
-
-FILESDIR= ${SHAREDIR}/doc/ntp
-
-.if ${MK_HTML} != "no"
-FILES= accopt.html assoc.html audio.html authopt.html build.html \
- clockopt.html \
- config.html confopt.html copyright.html debug.html driver1.html \
- driver10.html driver11.html driver12.html driver16.html driver18.html \
- driver19.html driver2.html driver20.html driver22.html \
- driver26.html driver27.html driver28.html driver29.html \
- driver3.html driver30.html driver32.html driver33.html driver34.html \
- driver35.html driver36.html driver37.html \
- driver4.html driver5.html driver6.html driver7.html driver8.html \
- driver9.html extern.html hints.html \
- howto.html index.html kern.html \
- ldisc.html measure.html miscopt.html monopt.html mx4200data.html \
- notes.html ntpd.html ntpdate.html ntpdc.html ntpq.html ntptime.html \
- ntptrace.html parsedata.html parsenew.html patches.html porting.html \
- pps.html prefer.html quick.html rdebug.html refclock.html \
- release.html tickadj.html
-.endif
-
-MAN= ntp.conf.5 ntp.keys.5
-MAN+= ntp-keygen.8 ntpd.8 ntpdate.8 ntpdc.8 ntpq.8 ntptime.8
-
-.PATH: ${.CURDIR}/../../../contrib/ntp/html \
- ${.CURDIR}/../../../contrib/ntp/html/build \
- ${.CURDIR}/../../../contrib/ntp/html/drivers
-
-.include <bsd.prog.mk>
diff --git a/usr.sbin/ntp/doc/ntp-keygen.8 b/usr.sbin/ntp/doc/ntp-keygen.8
deleted file mode 100644
index 536900f..0000000
--- a/usr.sbin/ntp/doc/ntp-keygen.8
+++ /dev/null
@@ -1,602 +0,0 @@
-.\"
-.\" $FreeBSD$
-.\"
-.Dd May 17, 2006
-.Dt NTP-KEYGEN 8
-.Os
-.Sh NAME
-.Nm ntp-keygen
-.Nd key generation program for ntpd
-.Sh SYNOPSIS
-.Nm
-.Op Fl deGgHIMnPT
-.Op Fl c Ar scheme
-.Op Fl i Ar name
-.Op Fl p Ar password
-.Op Fl S Op Cm RSA | DSA
-.Op Fl s Ar name
-.Op Fl v Ar nkeys
-.Sh DESCRIPTION
-This program generates cryptographic data files used by the NTPv4
-authentication and identification schemes.
-It generates MD5 key files used in symmetric key cryptography.
-In addition, if the OpenSSL software library has been installed,
-it generates keys, certificate and identity files used in public key
-cryptography.
-These files are used for cookie encryption,
-digital signature and challenge/response identification algorithms
-compatible with the Internet standard security infrastructure.
-.Pp
-All files are in PEM-encoded printable ASCII format,
-so they can be embedded as MIME attachments in mail to other sites
-and certificate authorities.
-By default, files are not encrypted.
-The
-.Fl p Ar password
-option specifies the write password and
-.Fl q Ar password
-option the read password for previously encrypted files.
-The
-.Nm
-program prompts for the password if it reads an encrypted file
-and the password is missing or incorrect.
-If an encrypted file is read successfully and
-no write password is specified, the read password is used
-as the write password by default.
-.Pp
-The
-.Xr ntpd 8
-configuration command
-.Ic crypto pw Ar password
-specifies the read password for previously encrypted files.
-The daemon expires on the spot if the password is missing
-or incorrect.
-For convenience, if a file has been previously encrypted,
-the default read password is the name of the host running
-the program.
-If the previous write password is specified as the host name,
-these files can be read by that host with no explicit password.
-.Pp
-File names begin with the prefix
-.Cm ntpkey_
-and end with the postfix
-.Ar _hostname.filestamp ,
-where
-.Ar hostname
-is the owner name, usually the string returned
-by the Unix gethostname() routine, and
-.Ar filestamp
-is the NTP seconds when the file was generated, in decimal digits.
-This both guarantees uniqueness and simplifies maintenance
-procedures, since all files can be quickly removed
-by a
-.Ic rm ntpkey\&*
-command or all files generated
-at a specific time can be removed by a
-.Ic rm
-.Ar \&*filestamp
-command.
-To further reduce the risk of misconfiguration,
-the first two lines of a file contain the file name
-and generation date and time as comments.
-.Pp
-All files are installed by default in the keys directory
-.Pa /usr/local/etc ,
-which is normally in a shared filesystem
-in NFS-mounted networks.
-The actual location of the keys directory
-and each file can be overridden by configuration commands,
-but this is not recommended.
-Normally, the files for each host are generated by that host
-and used only by that host, although exceptions exist
-as noted later on this page.
-.Pp
-Normally, files containing private values,
-including the host key, sign key and identification parameters,
-are permitted root read/write-only;
-while others containing public values are permitted world readable.
-Alternatively, files containing private values can be encrypted
-and these files permitted world readable,
-which simplifies maintenance in shared file systems.
-Since uniqueness is insured by the hostname and
-file name extensions, the files for a NFS server and
-dependent clients can all be installed in the same shared directory.
-.Pp
-The recommended practice is to keep the file name extensions
-when installing a file and to install a soft link
-from the generic names specified elsewhere on this page
-to the generated files.
-This allows new file generations to be activated simply
-by changing the link.
-If a link is present, ntpd follows it to the file name
-to extract the filestamp.
-If a link is not present,
-.Xr ntpd 8
-extracts the filestamp from the file itself.
-This allows clients to verify that the file and generation times
-are always current.
-The
-.Nm
-program uses the same timestamp extension for all files generated
-at one time, so each generation is distinct and can be readily
-recognized in monitoring data.
-.Ss Running the program
-The safest way to run the
-.Nm
-program is logged in directly as root.
-The recommended procedure is change to the keys directory,
-usually
-.Pa /usr/local/etc ,
-then run the program.
-When run for the first time,
-or if all
-.Cm ntpkey
-files have been removed,
-the program generates a RSA host key file and matching RSA-MD5 certificate file,
-which is all that is necessary in many cases.
-The program also generates soft links from the generic names
-to the respective files.
-If run again, the program uses the same host key file,
-but generates a new certificate file and link.
-.Pp
-The host key is used to encrypt the cookie when required and so must be RSA type.
-By default, the host key is also the sign key used to encrypt signatures.
-When necessary, a different sign key can be specified and this can be
-either RSA or DSA type.
-By default, the message digest type is MD5, but any combination
-of sign key type and message digest type supported by the OpenSSL library
-can be specified, including those using the MD2, MD5, SHA, SHA1, MDC2
-and RIPE160 message digest algorithms.
-However, the scheme specified in the certificate must be compatible
-with the sign key.
-Certificates using any digest algorithm are compatible with RSA sign keys;
-however, only SHA and SHA1 certificates are compatible with DSA sign keys.
-.Pp
-Private/public key files and certificates are compatible with
-other OpenSSL applications and very likely other libraries as well.
-Certificates or certificate requests derived from them should be compatible
-with extant industry practice, although some users might find
-the interpretation of X509v3 extension fields somewhat liberal.
-However, the identification parameter files, although encoded
-as the other files, are probably not compatible with anything other than Autokey.
-.Pp
-Running the program as other than root and using the Unix
-.Ic su
-command
-to assume root may not work properly, since by default the OpenSSL library
-looks for the random seed file
-.Cm .rnd
-in the user home directory.
-However, there should be only one
-.Cm .rnd ,
-most conveniently
-in the root directory, so it is convenient to define the
-.Cm $RANDFILE
-environment variable used by the OpenSSL library as the path to
-.Cm /.rnd .
-.Pp
-Installing the keys as root might not work in NFS-mounted
-shared file systems, as NFS clients may not be able to write
-to the shared keys directory, even as root.
-In this case, NFS clients can specify the files in another
-directory such as
-.Pa /etc
-using the
-.Ic keysdir
-command.
-There is no need for one client to read the keys and certificates
-of other clients or servers, as these data are obtained automatically
-by the Autokey protocol.
-.Pp
-Ordinarily, cryptographic files are generated by the host that uses them,
-but it is possible for a trusted agent (TA) to generate these files
-for other hosts; however, in such cases files should always be encrypted.
-The subject name and trusted name default to the hostname
-of the host generating the files, but can be changed by command line options.
-It is convenient to designate the owner name and trusted name
-as the subject and issuer fields, respectively, of the certificate.
-The owner name is also used for the host and sign key files,
-while the trusted name is used for the identity files.
-.Pp
-.Ss Trusted Hosts and Groups
-Each cryptographic configuration involves selection of a signature scheme
-and identification scheme, called a cryptotype,
-as explained in the
-.Sx Authentication Options
-section of
-.Xr ntp.conf 5 .
-The default cryptotype uses RSA encryption, MD5 message digest
-and TC identification.
-First, configure a NTP subnet including one or more low-stratum
-trusted hosts from which all other hosts derive synchronization
-directly or indirectly.
-Trusted hosts have trusted certificates;
-all other hosts have nontrusted certificates.
-These hosts will automatically and dynamically build authoritative
-certificate trails to one or more trusted hosts.
-A trusted group is the set of all hosts that have, directly or indirectly,
-a certificate trail ending at a trusted host.
-The trail is defined by static configuration file entries
-or dynamic means described on the
-.Sx Automatic NTP Configuration Options
-section of
-.Xr ntp.conf 5 .
-.Pp
-On each trusted host as root, change to the keys directory.
-To insure a fresh fileset, remove all
-.Cm ntpkey
-files.
-Then run
-.Nm
-.Fl T
-to generate keys and a trusted certificate.
-On all other hosts do the same, but leave off the
-.Fl T
-flag to generate keys and nontrusted certificates.
-When complete, start the NTP daemons beginning at the lowest stratum
-and working up the tree.
-It may take some time for Autokey to instantiate the certificate trails
-throughout the subnet, but setting up the environment is completely automatic.
-.Pp
-If it is necessary to use a different sign key or different digest/signature
-scheme than the default, run
-.Nm
-with the
-.Fl S Ar type
-option, where
-.Ar type
-is either
-.Cm RSA
-or
-.Cm DSA .
-The most often need to do this is when a DSA-signed certificate is used.
-If it is necessary to use a different certificate scheme than the default,
-run
-.Nm
-with the
-.Fl c Ar scheme
-option and selected
-.Ar scheme
-as needed.
-If
-.Nm
-is run again without these options, it generates a new certificate
-using the same scheme and sign key.
-.Pp
-After setting up the environment it is advisable to update certificates
-from time to time, if only to extend the validity interval.
-Simply run
-.Nm
-with the same flags as before to generate new certificates
-using existing keys.
-However, if the host or sign key is changed,
-.Xr ntpd 8
-should be restarted.
-When
-.Xr ntpd 8
-is restarted, it loads any new files and restarts the protocol.
-Other dependent hosts will continue as usual until signatures are refreshed,
-at which time the protocol is restarted.
-.Ss Identity Schemes
-As mentioned on the Autonomous Authentication page,
-the default TC identity scheme is vulnerable to a middleman attack.
-However, there are more secure identity schemes available,
-including PC, IFF, GQ and MV described on the
-.Qq Identification Schemes
-page
-(maybe available at
-.Li http://www.eecis.udel.edu/%7emills/keygen.html ) .
-These schemes are based on a TA, one or more trusted hosts
-and some number of nontrusted hosts.
-Trusted hosts prove identity using values provided by the TA,
-while the remaining hosts prove identity using values provided
-by a trusted host and certificate trails that end on that host.
-The name of a trusted host is also the name of its sugroup
-and also the subject and issuer name on its trusted certificate.
-The TA is not necessarily a trusted host in this sense, but often is.
-.Pp
-In some schemes there are separate keys for servers and clients.
-A server can also be a client of another server,
-but a client can never be a server for another client.
-In general, trusted hosts and nontrusted hosts that operate
-as both server and client have parameter files that contain
-both server and client keys.
-Hosts that operate
-only as clients have key files that contain only client keys.
-.Pp
-The PC scheme supports only one trusted host in the group.
-On trusted host alice run
-.Nm
-.Fl P
-.Fl p Ar password
-to generate the host key file
-.Pa ntpkey_RSAkey_ Ns Ar alice.filestamp
-and trusted private certificate file
-.Pa ntpkey_RSA-MD5_cert_ Ns Ar alice.filestamp .
-Copy both files to all group hosts;
-they replace the files which would be generated in other schemes.
-On each host bob install a soft link from the generic name
-.Pa ntpkey_host_ Ns Ar bob
-to the host key file and soft link
-.Pa ntpkey_cert_ Ns Ar bob
-to the private certificate file.
-Note the generic links are on bob, but point to files generated
-by trusted host alice.
-In this scheme it is not possible to refresh
-either the keys or certificates without copying them
-to all other hosts in the group.
-.Pp
-For the IFF scheme proceed as in the TC scheme to generate keys
-and certificates for all group hosts, then for every trusted host in the group,
-generate the IFF parameter file.
-On trusted host alice run
-.Nm
-.Fl T
-.Fl I
-.Fl p Ar password
-to produce her parameter file
-.Pa ntpkey_IFFpar_ Ns Ar alice.filestamp ,
-which includes both server and client keys.
-Copy this file to all group hosts that operate as both servers
-and clients and install a soft link from the generic
-.Pa ntpkey_iff_ Ns Ar alice
-to this file.
-If there are no hosts restricted to operate only as clients,
-there is nothing further to do.
-As the IFF scheme is independent
-of keys and certificates, these files can be refreshed as needed.
-.Pp
-If a rogue client has the parameter file, it could masquerade
-as a legitimate server and present a middleman threat.
-To eliminate this threat, the client keys can be extracted
-from the parameter file and distributed to all restricted clients.
-After generating the parameter file, on alice run
-.Nm
-.Fl e
-and pipe the output to a file or mail program.
-Copy or mail this file to all restricted clients.
-On these clients install a soft link from the generic
-.Pa ntpkey_iff_ Ns Ar alice
-to this file.
-To further protect the integrity of the keys,
-each file can be encrypted with a secret password.
-.Pp
-For the GQ scheme proceed as in the TC scheme to generate keys
-and certificates for all group hosts, then for every trusted host
-in the group, generate the IFF parameter file.
-On trusted host alice run
-.Nm
-.Fl T
-.Fl G
-.Fl p Ar password
-to produce her parameter file
-.Pa ntpkey_GQpar_ Ns Ar alice.filestamp ,
-which includes both server and client keys.
-Copy this file to all group hosts and install a soft link
-from the generic
-.Pa ntpkey_gq_ Ns Ar alice
-to this file.
-In addition, on each host bob install a soft link
-from generic
-.Pa ntpkey_gq_ Ns Ar bob
-to this file.
-As the GQ scheme updates the GQ parameters file and certificate
-at the same time, keys and certificates can be regenerated as needed.
-.Pp
-For the MV scheme, proceed as in the TC scheme to generate keys
-and certificates for all group hosts.
-For illustration assume trish is the TA, alice one of several trusted hosts
-and bob one of her clients.
-On TA trish run
-.Nm
-.Fl V Ar n
-.Fl p Ar password ,
-where
-.Ar n
-is the number of revokable keys (typically 5) to produce
-the parameter file
-.Pa ntpkeys_MVpar_ Ns Ar trish.filestamp
-and client key files
-.Pa ntpkeys_MVkeyd_ Ns Ar trish.filestamp
-where
-.Ar d
-is the key number (0 \&<
-.Ar d
-\&<
-.Ar n ) .
-Copy the parameter file to alice and install a soft link
-from the generic
-.Pa ntpkey_mv_ Ns Ar alice
-to this file.
-Copy one of the client key files to alice for later distribution
-to her clients.
-It doesn't matter which client key file goes to alice,
-since they all work the same way.
-Alice copies the client key file to all of her cliens.
-On client bob install a soft link from generic
-.Pa ntpkey_mvkey_ Ns Ar bob
-to the client key file.
-As the MV scheme is independent of keys and certificates,
-these files can be refreshed as needed.
-.Ss Command Line Options
-.Bl -tag -width indent
-.It Fl c Ar scheme
-Select certificate message digest/signature encryption scheme.
-The
-.Ar scheme
-can be one of the following:
-. Cm RSA-MD2 , RSA-MD5 , RSA-SHA , RSA-SHA1 , RSA-MDC2 , RSA-RIPEMD160 , DSA-SHA ,
-or
-.Cm DSA-SHA1 .
-Note that RSA schemes must be used with a RSA sign key and DSA
-schemes must be used with a DSA sign key.
-The default without this option is
-.Cm RSA-MD5 .
-.It Fl d
-Enable debugging.
-This option displays the cryptographic data produced in eye-friendly billboards.
-.It Fl e
-Write the IFF client keys to the standard output.
-This is intended for automatic key distribution by mail.
-.It Fl G
-Generate parameters and keys for the GQ identification scheme,
-obsoleting any that may exist.
-.It Fl g
-Generate keys for the GQ identification scheme
-using the existing GQ parameters.
-If the GQ parameters do not yet exist, create them first.
-.It Fl H
-Generate new host keys, obsoleting any that may exist.
-.It Fl I
-Generate parameters for the IFF identification scheme,
-obsoleting any that may exist.
-.It Fl i Ar name
-Set the suject name to
-.Ar name .
-This is used as the subject field in certificates
-and in the file name for host and sign keys.
-.It Fl M
-Generate MD5 keys, obsoleting any that may exist.
-.It Fl P
-Generate a private certificate.
-By default, the program generates public certificates.
-.It Fl p Ar password
-Encrypt generated files containing private data with
-.Ar password
-and the DES-CBC algorithm.
-.It Fl q
-Set the password for reading files to password.
-.It Fl S Oo Cm RSA | DSA Oc
-Generate a new sign key of the designated type,
-obsoleting any that may exist.
-By default, the program uses the host key as the sign key.
-.It Fl s Ar name
-Set the issuer name to
-.Ar name .
-This is used for the issuer field in certificates
-and in the file name for identity files.
-.It Fl T
-Generate a trusted certificate.
-By default, the program generates a non-trusted certificate.
-.It Fl V Ar nkeys
-Generate parameters and keys for the Mu-Varadharajan (MV) identification scheme.
-.El
-.Ss Random Seed File
-All cryptographically sound key generation schemes must have means
-to randomize the entropy seed used to initialize
-the internal pseudo-random number generator used
-by the library routines.
-The OpenSSL library uses a designated random seed file for this purpose.
-The file must be available when starting the NTP daemon and
-.Nm
-program.
-If a site supports OpenSSL or its companion OpenSSH,
-it is very likely that means to do this are already available.
-.Pp
-It is important to understand that entropy must be evolved
-for each generation, for otherwise the random number sequence
-would be predictable.
-Various means dependent on external events, such as keystroke intervals,
-can be used to do this and some systems have built-in entropy sources.
-Suitable means are described in the OpenSSL software documentation,
-but are outside the scope of this page.
-.Pp
-The entropy seed used by the OpenSSL library is contained in a file,
-usually called
-.Cm .rnd ,
-which must be available when starting the NTP daemon
-or the
-.Nm
-program.
-The NTP daemon will first look for the file
-using the path specified by the
-.Ic randfile
-subcommand of the
-.Ic crypto
-configuration command.
-If not specified in this way, or when starting the
-.Nm
-program,
-the OpenSSL library will look for the file using the path specified
-by the
-.Ev RANDFILE
-environment variable in the user home directory,
-whether root or some other user.
-If the
-.Ev RANDFILE
-environment variable is not present,
-the library will look for the
-.Cm .rnd
-file in the user home directory.
-If the file is not available or cannot be written,
-the daemon exits with a message to the system log and the program
-exits with a suitable error message.
-.Ss Cryptographic Data Files
-All other file formats begin with two lines.
-The first contains the file name, including the generated host name
-and filestamp.
-The second contains the datestamp in conventional Unix date format.
-Lines beginning with # are considered comments and ignored by the
-.Nm
-program and
-.Xr ntpd 8
-daemon.
-Cryptographic values are encoded first using ASN.1 rules,
-then encrypted if necessary, and finally written PEM-encoded
-printable ASCII format preceded and followed by MIME content identifier lines.
-.Pp
-The format of the symmetric keys file is somewhat different
-than the other files in the interest of backward compatibility.
-Since DES-CBC is deprecated in NTPv4, the only key format of interest
-is MD5 alphanumeric strings.
-Following hte heard the keys are
-entered one per line in the format
-.D1 Ar keyno type key
-where
-.Ar keyno
-is a positive integer in the range 1-65,535,
-.Ar type
-is the string MD5 defining the key format and
-.Ar key
-is the key itself,
-which is a printable ASCII string 16 characters or less in length.
-Each character is chosen from the 93 printable characters
-in the range 0x21 through 0x7f excluding space and the
-.Ql #
-character.
-.Pp
-Note that the keys used by the
-.Xr ntpq 8
-and
-.Xr ntpdc 8
-programs
-are checked against passwords requested by the programs
-and entered by hand, so it is generally appropriate to specify these keys
-in human readable ASCII format.
-.Pp
-The
-.Nm
-program generates a MD5 symmetric keys file
-.Pa ntpkey_MD5key_ Ns Ar hostname.filestamp .
-Since the file contains private shared keys,
-it should be visible only to root and distributed by secure means
-to other subnet hosts.
-The NTP daemon loads the file
-.Pa ntp.keys ,
-so
-.Nm
-installs a soft link from this name to the generated file.
-Subsequently, similar soft links must be installed by manual
-or automated means on the other subnet hosts.
-While this file is not used with the Autokey Version 2 protocol,
-it is needed to authenticate some remote configuration commands
-used by the
-.Xr ntpq 8
-and
-.Xr ntpdc 8
-utilities.
-.Sh Bugs
-It can take quite a while to generate some cryptographic values,
-from one to several minutes with modern architectures
-such as UltraSPARC and up to tens of minutes to an hour
-with older architectures such as SPARC IPC.
diff --git a/usr.sbin/ntp/doc/ntp.conf.5 b/usr.sbin/ntp/doc/ntp.conf.5
deleted file mode 100644
index a04f16e..0000000
--- a/usr.sbin/ntp/doc/ntp.conf.5
+++ /dev/null
@@ -1,2715 +0,0 @@
-.\"
-.\" $FreeBSD$
-.\"
-.Dd December 21, 2006
-.Dt NTP.CONF 5
-.Os
-.Sh NAME
-.Nm ntp.conf
-.Nd Network Time Protocol (NTP) daemon configuration file
-.Sh SYNOPSIS
-.Nm /etc/ntp.conf
-.Sh DESCRIPTION
-The
-.Nm
-configuration file is read at initial startup by the
-.Xr ntpd 8
-daemon in order to specify the synchronization sources,
-modes and other related information.
-Usually, it is installed in the
-.Pa /etc
-directory,
-but could be installed elsewhere
-(see the daemon's
-.Fl c
-command line option).
-.Pp
-The
-.Pa /etc/rc.d/ntpdate
-script reads this file to get a list of NTP servers to use if the
-variable
-.Dq Li ntpdate_hosts
-was not declared.
-Refer to the
-.Xr rc.conf 5
-man page for further info about this.
-.Pp
-The file format is similar to other
-.Ux
-configuration files.
-Comments begin with a
-.Ql #
-character and extend to the end of the line;
-blank lines are ignored.
-Configuration commands consist of an initial keyword
-followed by a list of arguments,
-some of which may be optional, separated by whitespace.
-Commands may not be continued over multiple lines.
-Arguments may be host names,
-host addresses written in numeric, dotted-quad form,
-integers, floating point numbers (when specifying times in seconds)
-and text strings.
-.Pp
-The rest of this page describes the configuration and control options.
-The
-.Qq Notes on Configuring NTP and Setting up a NTP Subnet
-page
-(available as part of the HTML documentation
-provided in
-.Pa /usr/share/doc/ntp )
-contains an extended discussion of these options.
-In addition to the discussion of general
-.Sx Configuration Options ,
-there are sections describing the following supported functionality
-and the options used to control it:
-.Bl -bullet -offset indent
-.It
-.Sx Authentication Support
-.It
-.Sx Monitoring Support
-.It
-.Sx Access Control Support
-.It
-.Sx Automatic NTP Configuration Options
-.It
-.Sx Reference Clock Support
-.It
-.Sx Miscellaneous Options
-.El
-.Pp
-Following these is a section describing
-.Sx Miscellaneous Options .
-While there is a rich set of options available,
-the only required option is one or more
-.Ic server ,
-.Ic peer ,
-.Ic broadcast
-or
-.Ic manycastclient
-commands.
-.Sh Configuration Support
-Following is a description of the configuration commands in
-NTPv4.
-These commands have the same basic functions as in NTPv3 and
-in some cases new functions and new arguments.
-There are two
-classes of commands, configuration commands that configure a
-persistent association with a remote server or peer or reference
-clock, and auxiliary commands that specify environmental variables
-that control various related operations.
-.Ss Configuration Commands
-The various modes are determined by the command keyword and the
-type of the required IP address.
-Addresses are classed by type as
-(s) a remote server or peer (IPv4 class A, B and C), (b) the
-broadcast address of a local interface, (m) a multicast address (IPv4
-class D), or (r) a reference clock address (127.127.x.x).
-Note that
-only those options applicable to each command are listed below.
-Use
-of options not listed may not be caught as an error, but may result
-in some weird and even destructive behavior.
-.Pp
-If the Basic Socket Interface Extensions for IPv6 (RFC-2553)
-is detected, support for the IPv6 address family is generated
-in addition to the default support of the IPv4 address family.
-In a few cases, including the reslist billboard generated
-by ntpdc, IPv6 addresses are automatically generated.
-IPv6 addresses can be identified by the presence of colons
-.Dq \&:
-in the address field.
-IPv6 addresses can be used almost everywhere where
-IPv4 addresses can be used,
-with the exception of reference clock addresses,
-which are always IPv4.
-.Pp
-Note that in contexts where a host name is expected, a
-.Fl 4
-qualifier preceding
-the host name forces DNS resolution to the IPv4 namespace,
-while a
-.Fl 6
-qualifier forces DNS resolution to the IPv6 namespace.
-See IPv6 references for the
-equivalent classes for that address family.
-.Bl -tag -width indent
-.It Xo Ic server Ar address
-.Op Cm key Ar key \&| Cm autokey
-.Op Cm burst
-.Op Cm iburst
-.Op Cm version Ar version
-.Op Cm prefer
-.Op Cm minpoll Ar minpoll
-.Op Cm maxpoll Ar maxpoll
-.Xc
-.It Xo Ic peer Ar address
-.Op Cm key Ar key \&| Cm autokey
-.Op Cm version Ar version
-.Op Cm prefer
-.Op Cm minpoll Ar minpoll
-.Op Cm maxpoll Ar maxpoll
-.Xc
-.It Xo Ic broadcast Ar address
-.Op Cm key Ar key \&| Cm autokey
-.Op Cm version Ar version
-.Op Cm prefer
-.Op Cm minpoll Ar minpoll
-.Op Cm ttl Ar ttl
-.Xc
-.It Xo Ic manycastclient Ar address
-.Op Cm key Ar key \&| Cm autokey
-.Op Cm version Ar version
-.Op Cm prefer
-.Op Cm minpoll Ar minpoll
-.Op Cm maxpoll Ar maxpoll
-.Op Cm ttl Ar ttl
-.Xc
-.El
-.Pp
-These four commands specify the time server name or address to
-be used and the mode in which to operate.
-The
-.Ar address
-can be
-either a DNS name or an IP address in dotted-quad notation.
-Additional information on association behavior can be found in the
-.Qq Association Management
-page
-(available as part of the HTML documentation
-provided in
-.Pa /usr/share/doc/ntp ) .
-.Bl -tag -width indent
-.It Ic server
-For type s and r addresses, this command mobilizes a persistent
-client mode association with the specified remote server or local
-radio clock.
-In this mode the local clock can synchronized to the
-remote server, but the remote server can never be synchronized to
-the local clock.
-This command should
-.Em not
-be used for type
-b or m addresses.
-.It Ic peer
-For type s addresses (only), this command mobilizes a
-persistent symmetric-active mode association with the specified
-remote peer.
-In this mode the local clock can be synchronized to
-the remote peer or the remote peer can be synchronized to the local
-clock.
-This is useful in a network of servers where, depending on
-various failure scenarios, either the local or remote peer may be
-the better source of time.
-This command should NOT be used for type
-b, m or r addresses.
-.It Ic broadcast
-For type b and m addresses (only), this
-command mobilizes a persistent broadcast mode association.
-Multiple
-commands can be used to specify multiple local broadcast interfaces
-(subnets) and/or multiple multicast groups.
-Note that local
-broadcast messages go only to the interface associated with the
-subnet specified, but multicast messages go to all interfaces.
-In broadcast mode the local server sends periodic broadcast
-messages to a client population at the
-.Ar address
-specified, which is usually the broadcast address on (one of) the
-local network(s) or a multicast address assigned to NTP.
-The IANA
-has assigned the multicast group address IPv4 224.0.1.1 and
-IPv6 ff05::101 (site local) exclusively to
-NTP, but other nonconflicting addresses can be used to contain the
-messages within administrative boundaries.
-Ordinarily, this
-specification applies only to the local server operating as a
-sender; for operation as a broadcast client, see the
-.Ic broadcastclient
-or
-.Ic multicastclient
-commands
-below.
-.It Ic manycastclient
-For type m addresses (only), this command mobilizes a
-manycast client mode association for the multicast address
-specified.
-In this case a specific address must be supplied which
-matches the address used on the
-.Ic manycastserver
-command for
-the designated manycast servers.
-The NTP multicast address
-224.0.1.1 assigned by the IANA should NOT be used, unless specific
-means are taken to avoid spraying large areas of the Internet with
-these messages and causing a possibly massive implosion of replies
-at the sender.
-The
-.Ic manycastserver
-command specifies that the local server
-is to operate in client mode with the remote servers that are
-discovered as the result of broadcast/multicast messages.
-The
-client broadcasts a request message to the group address associated
-with the specified
-.Ar address
-and specifically enabled
-servers respond to these messages.
-The client selects the servers
-providing the best time and continues as with the
-.Ic server
-command.
-The remaining servers are discarded as if never
-heard.
-.El
-.Pp
-Options:
-.Bl -tag -width indent
-.It Cm autokey
-All packets sent to and received from the server or peer are to
-include authentication fields encrypted using the autokey scheme
-described in
-.Sx Authentication Options .
-.It Cm burst
-when the server is reachable, send a burst of eight packets
-instead of the usual one.
-The packet spacing is normally 2 s;
-however, the spacing between the first and second packets
-can be changed with the calldelay command to allow
-additional time for a modem or ISDN call to complete.
-This is designed to improve timekeeping quality
-with the
-.Ic server
-command and s addresses.
-.It Cm iburst
-When the server is unreachable, send a burst of eight packets
-instead of the usual one.
-The packet spacing is normally 2 s;
-however, the spacing between the first two packets can be
-changed with the calldelay command to allow
-additional time for a modem or ISDN call to complete.
-This is designed to speed the initial synchronization
-acquisition with the
-.Ic server
-command and s addresses and when
-.Xr ntpd 8
-is started with the
-.Fl q
-option.
-.It Cm key Ar key
-All packets sent to and received from the server or peer are to
-include authentication fields encrypted using the specified
-.Ar key
-identifier with values from 1 to 65534, inclusive.
-The
-default is to include no encryption field.
-.It Cm minpoll Ar minpoll
-.It Cm maxpoll Ar maxpoll
-These options specify the minimum and maximum poll intervals
-for NTP messages, as a power of 2 in seconds
-The maximum poll
-interval defaults to 10 (1,024 s), but can be increased by the
-.Cm maxpoll
-option to an upper limit of 17 (36.4 h).
-The
-minimum poll interval defaults to 6 (64 s), but can be decreased by
-the
-.Cm minpoll
-option to a lower limit of 4 (16 s).
-.It Cm noselect
-Marks the server as unused, except for display purposes.
-The server is discarded by the selection algorithm.
-.It Cm prefer
-Marks the server as preferred.
-All other things being equal,
-this host will be chosen for synchronization among a set of
-correctly operating hosts.
-See the
-.Qq Mitigation Rules and the prefer Keyword
-page
-(available as part of the HTML documentation
-provided in
-.Pa /usr/share/doc/ntp )
-for further information.
-.It Cm ttl Ar ttl
-This option is used only with broadcast server and manycast
-client modes.
-It specifies the time-to-live
-.Ar ttl
-to
-use on broadcast server and multicast server and the maximum
-.Ar ttl
-for the expanding ring search with manycast
-client packets.
-Selection of the proper value, which defaults to
-127, is something of a black art and should be coordinated with the
-network administrator.
-.It Cm version Ar version
-Specifies the version number to be used for outgoing NTP
-packets.
-Versions 1-4 are the choices, with version 4 the
-default.
-.El
-.Ss Auxiliary Commands
-.Bl -tag -width indent
-.It Ic broadcastclient
-This command enables reception of broadcast server messages to
-any local interface (type b) address.
-Upon receiving a message for
-the first time, the broadcast client measures the nominal server
-propagation delay using a brief client/server exchange with the
-server, then enters the broadcast client mode, in which it
-synchronizes to succeeding broadcast messages.
-Note that, in order
-to avoid accidental or malicious disruption in this mode, both the
-server and client should operate using symmetric-key or public-key
-authentication as described in
-.Sx Authentication Options .
-.It Ic manycastserver Ar address ...
-This command enables reception of manycast client messages to
-the multicast group address(es) (type m) specified.
-At least one
-address is required, but the NTP multicast address 224.0.1.1
-assigned by the IANA should NOT be used, unless specific means are
-taken to limit the span of the reply and avoid a possibly massive
-implosion at the original sender.
-Note that, in order to avoid
-accidental or malicious disruption in this mode, both the server
-and client should operate using symmetric-key or public-key
-authentication as described in
-.Sx Authentication Options .
-.It Ic multicastclient Ar address ...
-This command enables reception of multicast server messages to
-the multicast group address(es) (type m) specified.
-Upon receiving
-a message for the first time, the multicast client measures the
-nominal server propagation delay using a brief client/server
-exchange with the server, then enters the broadcast client mode, in
-which it synchronizes to succeeding multicast messages.
-Note that,
-in order to avoid accidental or malicious disruption in this mode,
-both the server and client should operate using symmetric-key or
-public-key authentication as described in
-.Sx Authentication Options .
-.El
-.Sh Authentication Support
-Authentication support allows the NTP client to verify that the
-server is in fact known and trusted and not an intruder intending
-accidentally or on purpose to masquerade as that server.
-The NTPv3
-specification RFC-1305 defines a scheme which provides
-cryptographic authentication of received NTP packets.
-Originally,
-this was done using the Data Encryption Standard (DES) algorithm
-operating in Cipher Block Chaining (CBC) mode, commonly called
-DES-CBC.
-Subsequently, this was replaced by the RSA Message Digest
-5 (MD5) algorithm using a private key, commonly called keyed-MD5.
-Either algorithm computes a message digest, or one-way hash, which
-can be used to verify the server has the correct private key and
-key identifier.
-.Pp
-NTPv4 retains the NTPv3 scheme, properly described as symmetric key
-cryptography and, in addition, provides a new Autokey scheme
-based on public key cryptography.
-Public key cryptography is generally considered more secure
-than symmetric key cryptography, since the security is based
-on a private value which is generated by each server and
-never revealed.
-With Autokey all key distribution and
-management functions involve only public values, which
-considerably simplifies key distribution and storage.
-Public key management is based on X.509 certificates,
-which can be provided by commercial services or
-produced by utility programs in the OpenSSL software library
-or the NTPv4 distribution.
-.Pp
-While the algorithms for symmetric key cryptography are
-included in the NTPv4 distribution, public key cryptography
-requires the OpenSSL software library to be installed
-before building the NTP distribution.
-Directions for doing that
-are on the Building and Installing the Distribution page.
-.Pp
-Authentication is configured separately for each association
-using the
-.Cm key
-or
-.Cm autokey
-subcommand on the
-.Ic peer ,
-.Ic server ,
-.Ic broadcast
-and
-.Ic manycastclient
-configuration commands as described in
-.Sx Configuration Options
-page.
-The authentication
-options described below specify the locations of the key files,
-if other than default, which symmetric keys are trusted
-and the interval between various operations, if other than default.
-.Pp
-Authentication is always enabled,
-although ineffective if not configured as
-described below.
-If a NTP packet arrives
-including a message authentication
-code (MAC), it is accepted only if it
-passes all cryptographic checks.
-The
-checks require correct key ID, key value
-and message digest.
-If the packet has
-been modified in any way or replayed
-by an intruder, it will fail one or more
-of these checks and be discarded.
-Furthermore, the Autokey scheme requires a
-preliminary protocol exchange to obtain
-the server certificate, verify its
-credentials and initialize the protocol
-.Pp
-The
-.Cm auth
-flag controls whether new associations or
-remote configuration commands require cryptographic authentication.
-This flag can be set or reset by the
-.Ic enable
-and
-.Ic disable
-commands and also by remote
-configuration commands sent by a
-.Xr ntpdc 8
-program running in
-another machine.
-If this flag is enabled, which is the default
-case, new broadcast client and symmetric passive associations and
-remote configuration commands must be cryptographically
-authenticated using either symmetric key or public key cryptography.
-If this
-flag is disabled, these operations are effective
-even if not cryptographic
-authenticated.
-It should be understood
-that operating with the
-.Ic auth
-flag disabled invites a significant vulnerability
-where a rogue hacker can
-masquerade as a falseticker and seriously
-disrupt system timekeeping.
-It is
-important to note that this flag has no purpose
-other than to allow or disallow
-a new association in response to new broadcast
-and symmetric active messages
-and remote configuration commands and, in particular,
-the flag has no effect on
-the authentication process itself.
-.Pp
-An attractive alternative where multicast support is available
-is manycast mode, in which clients periodically troll
-for servers as described in the
-.Sx Automatic NTP Configuration Options
-page.
-Either symmetric key or public key
-cryptographic authentication can be used in this mode.
-The principle advantage
-of manycast mode is that potential servers need not be
-configured in advance,
-since the client finds them during regular operation,
-and the configuration
-files for all clients can be identical.
-.Pp
-The security model and protocol schemes for
-both symmetric key and public key
-cryptography are summarized below;
-further details are in the briefings, papers
-and reports at the NTP project page linked from
-.Li http://www.ntp.org/ .
-.Ss Symmetric-Key Cryptography
-The original RFC-1305 specification allows any one of possibly
-65,534 keys, each distinguished by a 32-bit key identifier, to
-authenticate an association.
-The servers and clients involved must
-agree on the key and key identifier to
-authenticate NTP packets.
-Keys and
-related information are specified in a key
-file, usually called
-.Pa ntp.keys ,
-which must be distributed and stored using
-secure means beyond the scope of the NTP protocol itself.
-Besides the keys used
-for ordinary NTP associations,
-additional keys can be used as passwords for the
-.Xr ntpq 8
-and
-.Xr ntpdc 8
-utility programs.
-.Pp
-When
-.Xr ntpd 8
-is first started, it reads the key file specified in the
-.Ic keys
-configuration command and installs the keys
-in the key cache.
-However,
-individual keys must be activated with the
-.Ic trusted
-command before use.
-This
-allows, for instance, the installation of possibly
-several batches of keys and
-then activating or deactivating each batch
-remotely using
-.Xr ntpdc 8 .
-This also provides a revocation capability that can be used
-if a key becomes compromised.
-The
-.Ic requestkey
-command selects the key used as the password for the
-.Xr ntpdc 8
-utility, while the
-.Ic controlkey
-command selects the key used as the password for the
-.Xr ntpq 8
-utility.
-.Ss Public Key Cryptography
-NTPv4 supports the original NTPv3 symmetric key scheme
-described in RFC-1305 and in addition the Autokey protocol,
-which is based on public key cryptography.
-The Autokey Version 2 protocol described on the Autokey Protocol
-page verifies packet integrity using MD5 message digests
-and verifies the source with digital signatures and any of several
-digest/signature schemes.
-Optional identity schemes described on the Identity Schemes
-page and based on cryptographic challenge/response algorithms
-are also available.
-Using all of these schemes provides strong security against
-replay with or without modification, spoofing, masquerade
-and most forms of clogging attacks.
-.\" .Pp
-.\" The cryptographic means necessary for all Autokey operations
-.\" is provided by the OpenSSL software library.
-.\" This library is available from http://www.openssl.org/
-.\" and can be installed using the procedures outlined
-.\" in the Building and Installing the Distribution page.
-.\" Once installed,
-.\" the configure and build
-.\" process automatically detects the library and links
-.\" the library routines required.
-.Pp
-The Autokey protocol has several modes of operation
-corresponding to the various NTP modes supported.
-Most modes use a special cookie which can be
-computed independently by the client and server,
-but encrypted in transmission.
-All modes use in addition a variant of the S-KEY scheme,
-in which a pseudo-random key list is generated and used
-in reverse order.
-These schemes are described along with an executive summary,
-current status, briefing slides and reading list on the
-.Sx Autonomous Authentication
-page.
-.Pp
-The specific cryptographic environment used by Autokey servers
-and clients is determined by a set of files
-and soft links generated by the
-.Xr ntp-keygen 8
-program.
-This includes a required host key file,
-required certificate file and optional sign key file,
-leapsecond file and identity scheme files.
-The
-digest/signature scheme is specified in the X.509 certificate
-along with the matching sign key.
-There are several schemes
-available in the OpenSSL software library, each identified
-by a specific string such as
-.Cm md5WithRSAEncryption ,
-which stands for the MD5 message digest with RSA
-encryption scheme.
-The current NTP distribution supports
-all the schemes in the OpenSSL library, including
-those based on RSA and DSA digital signatures.
-.Pp
-NTP secure groups can be used to define cryptographic compartments
-and security hierarchies.
-It is important that every host
-in the group be able to construct a certificate trail to one
-or more trusted hosts in the same group.
-Each group
-host runs the Autokey protocol to obtain the certificates
-for all hosts along the trail to one or more trusted hosts.
-This requires the configuration file in all hosts to be
-engineered so that, even under anticipated failure conditions,
-the NTP subnet will form such that every group host can find
-a trail to at least one trusted host.
-.Ss Naming and Addressing
-It is important to note that Autokey does not use DNS to
-resolve addresses, since DNS can't be completely trusted
-until the name servers have synchronized clocks.
-The cryptographic name used by Autokey to bind the host identity
-credentials and cryptographic values must be independent
-of interface, network and any other naming convention.
-The name appears in the host certificate in either or both
-the subject and issuer fields, so protection against
-DNS compromise is essential.
-.Pp
-By convention, the name of an Autokey host is the name returned
-by the Unix
-.Xr gethostname 2
-system call or equivalent in other systems.
-By the system design
-model, there are no provisions to allow alternate names or aliases.
-However, this is not to say that DNS aliases, different names
-for each interface, etc., are constrained in any way.
-.Pp
-It is also important to note that Autokey verifies authenticity
-using the host name, network address and public keys,
-all of which are bound together by the protocol specifically
-to deflect masquerade attacks.
-For this reason Autokey
-includes the source and destinatino IP addresses in message digest
-computations and so the same addresses must be available
-at both the server and client.
-For this reason operation
-with network address translation schemes is not possible.
-This reflects the intended robust security model where government
-and corporate NTP servers are operated outside firewall perimeters.
-.Ss Operation
-A specific combination of authentication scheme (none,
-symmetric key, public key) and identity scheme is called
-a cryptotype, although not all combinations are compatible.
-There may be management configurations where the clients,
-servers and peers may not all support the same cryptotypes.
-A secure NTPv4 subnet can be configured in many ways while
-keeping in mind the principles explained above and
-in this section.
-Note however that some cryptotype
-combinations may successfully interoperate with each other,
-but may not represent good security practice.
-.Pp
-The cryptotype of an association is determined at the time
-of mobilization, either at configuration time or some time
-later when a message of appropriate cryptotype arrives.
-When mobilized by a
-.Ic server
-or
-.Ic peer
-configuration command and no
-.Ic key
-or
-.Ic autokey
-subcommands are present, the association is not
-authenticated; if the
-.Ic key
-subcommand is present, the association is authenticated
-using the symmetric key ID specified; if the
-.Ic autokey
-subcommand is present, the association is authenticated
-using Autokey.
-.Pp
-When multiple identity schemes are supported in the Autokey
-protocol, the first message exchange determines which one is used.
-The client request message contains bits corresponding
-to which schemes it has available.
-The server response message
-contains bits corresponding to which schemes it has available.
-Both server and client match the received bits with their own
-and select a common scheme.
-.Pp
-Following the principle that time is a public value,
-a server responds to any client packet that matches
-its cryptotype capabilities.
-Thus, a server receiving
-an unauthenticated packet will respond with an unauthenticated
-packet, while the same server receiving a packet of a cryptotype
-it supports will respond with packets of that cryptotype.
-However, unconfigured broadcast or manycast client
-associations or symmetric passive associations will not be
-mobilized unless the server supports a cryptotype compatible
-with the first packet received.
-By default, unauthenticated associations will not be mobilized
-unless overridden in a decidedly dangerous way.
-.Pp
-Some examples may help to reduce confusion.
-Client Alice has no specific cryptotype selected.
-Server Bob has both a symmetric key file and minimal Autokey files.
-Alice's unauthenticated messages arrive at Bob, who replies with
-unauthenticated messages.
-Cathy has a copy of Bob's symmetric
-key file and has selected key ID 4 in messages to Bob.
-Bob verifies the message with his key ID 4.
-If it's the
-same key and the message is verified, Bob sends Cathy a reply
-authenticated with that key.
-If verification fails,
-Bob sends Cathy a thing called a crypto-NAK, which tells her
-something broke.
-She can see the evidence using the ntpq program.
-.Pp
-Denise has rolled her own host key and certificate.
-She also uses one of the identity schemes as Bob.
-She sends the first Autokey message to Bob and they
-both dance the protocol authentication and identity steps.
-If all comes out okay, Denise and Bob continue as described above.
-.Pp
-It should be clear from the above that Bob can support
-all the girls at the same time, as long as he has compatible
-authentication and identity credentials.
-Now, Bob can act just like the girls in his own choice of servers;
-he can run multiple configured associations with multiple different
-servers (or the same server, although that might not be useful).
-But, wise security policy might preclude some cryptotype
-combinations; for instance, running an identity scheme
-with one server and no authentication with another might not be wise.
-.Ss Key Management
-The cryptographic values used by the Autokey protocol are
-incorporated as a set of files generated by the
-.Xr ntp-keygen 8
-utility program, including symmetric key, host key and
-public certificate files, as well as sign key, identity parameters
-and leapseconds files.
-Alternatively, host and sign keys and
-certificate files can be generated by the OpenSSL utilities
-and certificates can be imported from public certificate
-authorities.
-Note that symmetric keys are necessary for the
-.Xr ntpq 8
-and
-.Xr ntpdc 8
-utility programs.
-The remaining files are necessary only for the
-Autokey protocol.
-.Pp
-Certificates imported from OpenSSL or public certificate
-authorities have certian limitations.
-The certificate should be in ASN.1 syntax, X.509 Version 3
-format and encoded in PEM, which is the same format
-used by OpenSSL.
-The overall length of the certificate encoded
-in ASN.1 must not exceed 1024 bytes.
-The subject distinguished
-name field (CN) is the fully qualified name of the host
-on which it is used; the remaining subject fields are ignored.
-The certificate extension fields must not contain either
-a subject key identifier or a issuer key identifier field;
-however, an extended key usage field for a trusted host must
-contain the value
-.Cm trustRoot ; .
-Other extension fields are ignored.
-.Ss Authentication Commands
-.Bl -tag -width indent
-.It Ic autokey Op Ar logsec
-Specifies the interval between regenerations of the session key
-list used with the Autokey protocol.
-Note that the size of the key
-list for each association depends on this interval and the current
-poll interval.
-The default value is 12 (4096 s or about 1.1 hours).
-For poll intervals above the specified interval, a session key list
-with a single entry will be regenerated for every message
-sent.
-.It Ic controlkey Ar key
-Specifies the key identifier to use with the
-.Xr ntpq 8
-utility, which uses the standard
-protocol defined in RFC-1305.
-The
-.Ar key
-argument is
-the key identifier for a trusted key, where the value can be in the
-range 1 to 65,534, inclusive.
-.It Xo Ic crypto
-.Op Cm cert Ar file
-.Op Cm leap Ar file
-.Op Cm randfile Ar file
-.Op Cm host Ar file
-.Op Cm sign Ar file
-.Op Cm gq Ar file
-.Op Cm gqpar Ar file
-.Op Cm iffpar Ar file
-.Op Cm mvpar Ar file
-.Op Cm pw Ar password
-.Xc
-This command requires the OpenSSL library.
-It activates public key
-cryptography, selects the message digest and signature
-encryption scheme and loads the required private and public
-values described above.
-If one or more files are left unspecified,
-the default names are used as described above.
-Unless the complete path and name of the file are specified, the
-location of a file is relative to the keys directory specified
-in the
-.Ic keysdir
-command or default
-.Pa /usr/local/etc .
-Following are the subcommands:
-.Bl -tag -width indent
-.It Cm cert Ar file
-Specifies the location of the required host public certificate file.
-This overrides the link
-.Pa ntpkey_cert_ Ns Ar hostname
-in the keys directory.
-.It Cm gqpar Ar file
-Specifies the location of the optional GQ parameters file.
-This
-overrides the link
-.Pa ntpkey_gq_ Ns Ar hostname
-in the keys directory.
-.It Cm host Ar file
-Specifies the location of the required host key file.
-This overrides
-the link
-.Pa ntpkey_key_ Ns Ar hostname
-in the keys directory.
-.It Cm iffpar Ar file
-Specifies the location of the optional IFF parameters file.This
-overrides the link
-.Pa ntpkey_iff_ Ns Ar hostname
-in the keys directory.
-.It Cm leap Ar file
-Specifies the location of the optional leapsecond file.
-This overrides the link
-.Pa ntpkey_leap
-in the keys directory.
-.It Cm mvpar Ar file
-Specifies the location of the optional MV parameters file.
-This
-overrides the link
-.Pa ntpkey_mv_ Ns Ar hostname
-in the keys directory.
-.It Cm pw Ar password
-Specifies the password to decrypt files containing private keys and
-identity parameters.
-This is required only if these files have been
-encrypted.
-.It Cm randfile Ar file
-Specifies the location of the random seed file used by the OpenSSL
-library.
-The defaults are described in the main text above.
-.It Cm sign Ar file
-Specifies the location of the optional sign key file.
-This overrides
-the link
-.Pa ntpkey_sign_ Ns Ar hostname
-in the keys directory.
-If this file is
-not found, the host key is also the sign key.
-.El
-.It Ic keys Ar keyfile
-Specifies the complete path and location of the MD5 key file
-containing the keys and key identifiers used by
-.Xr ntpd 8 ,
-.Xr ntpq 8
-and
-.Xr ntpdc
-when operating with symmetric key cryptography.
-This is the same operation as the
-.Fl k
-command line option.
-.It Ic keysdir Ar path
-This command specifies the default directory path for
-cryptographic keys, parameters and certificates.
-The default is
-.Pa /usr/local/etc/ .
-.It Ic requestkey Ar key
-Specifies the key identifier to use with the
-.Xr ntpdc 8
-utility program, which uses a
-proprietary protocol specific to this implementation of
-.Xr ntpd 8 .
-The
-.Ar key
-argument is a key identifier
-for the trusted key, where the value can be in the range 1 to
-65,534, inclusive.
-.It Ic revoke Ar logsec
-Specifies the interval between re-randomization of certain
-cryptographic values used by the Autokey scheme, as a power of 2 in
-seconds.
-These values need to be updated frequently in order to
-deflect brute-force attacks on the algorithms of the scheme;
-however, updating some values is a relatively expensive operation.
-The default interval is 16 (65,536 s or about 18 hours).
-For poll
-intervals above the specified interval, the values will be updated
-for every message sent.
-.It Ic trustedkey Ar key ...
-Specifies the key identifiers which are trusted for the
-purposes of authenticating peers with symmetric key cryptography,
-as well as keys used by the
-.Xr ntpq 8
-and
-.Xr ntpdc 8
-programs.
-The authentication procedures require that both the local
-and remote servers share the same key and key identifier for this
-purpose, although different keys can be used with different
-servers.
-The
-.Ar key
-arguments are 32-bit unsigned
-integers with values from 1 to 65,534.
-.El
-.Ss Error Codes
-The following error codes are reported via the NTP control
-and monitoring protocol trap mechanism.
-.Bl -tag -width indent
-.It 101
-.Pq bad field format or length
-The packet has invalid version, length or format.
-.It 102
-.Pq bad timestamp
-The packet timestamp is the same or older than the most recent received.
-This could be due to a replay or a server clock time step.
-.It 103
-.Pq bad filestamp
-The packet filestamp is the same or older than the most recent received.
-This could be due to a replay or a key file generation error.
-.It 104
-.Pq bad or missing public key
-The public key is missing, has incorrect format or is an unsupported type.
-.It 105
-.Pq unsupported digest type
-The server requires an unsupported digest/signature scheme.
-.It 106
-.Pq mismatched digest types
-Not used.
-.It 107
-.Pq bad signature length
-The signature length does not match the current public key.
-.It 108
-.Pq signature not verified
-The message fails the signature check.
-It could be bogus or signed by a
-different private key.
-.It 109
-.Pq certificate not verified
-The certificate is invalid or signed with the wrong key.
-.It 110
-.Pq certificate not verified
-The certificate is not yet valid or has expired or the signature could not
-be verified.
-.It 111
-.Pq bad or missing cookie
-The cookie is missing, corrupted or bogus.
-.It 112
-.Pq bad or missing leapseconds table
-The leapseconds table is missing, corrupted or bogus.
-.It 113
-.Pq bad or missing certificate
-The certificate is missing, corrupted or bogus.
-.It 114
-.Pq bad or missing identity
-The identity key is missing, corrupt or bogus.
-.El
-.Sh Monitoring Support
-.Xr ntpd 8
-includes a comprehensive monitoring facility suitable
-for continuous, long term recording of server and client
-timekeeping performance.
-See the
-.Ic statistics
-command below
-for a listing and example of each type of statistics currently
-supported.
-Statistic files are managed using file generation sets
-and scripts in the
-.Pa ./scripts
-directory of this distribution.
-Using
-these facilities and
-.Ux
-.Xr cron 8
-jobs, the data can be
-automatically summarized and archived for retrospective analysis.
-.Ss Monitoring Commands
-.Bl -tag -width indent
-.It Ic statistics Ar name ...
-Enables writing of statistics records.
-Currently, four kinds of
-.Ar name
-statistics are supported.
-.Bl -tag -width indent
-.It Cm clockstats
-Enables recording of clock driver statistics information.
-Each update
-received from a clock driver appends a line of the following form to
-the file generation set named
-.Cm clockstats :
-.Bd -literal
-49213 525.624 127.127.4.1 93 226 00:08:29.606 D
-.Ed
-.Pp
-The first two fields show the date (Modified Julian Day) and time
-(seconds and fraction past UTC midnight).
-The next field shows the
-clock address in dotted-quad notation.
-The final field shows the last
-timecode received from the clock in decoded ASCII format, where
-meaningful.
-In some clock drivers a good deal of additional information
-can be gathered and displayed as well.
-See information specific to each
-clock for further details.
-.It Cm cryptostats
-This option requires the OpenSSL cryptographic software library.
-It
-enables recording of cryptographic public key protocol information.
-Each message received by the protocol module appends a line of the
-following form to the file generation set named
-.Cm cryptostats :
-.Bd -literal
-49213 525.624 127.127.4.1 message
-.Ed
-.Pp
-The first two fields show the date (Modified Julian Day) and time
-(seconds and fraction past UTC midnight).
-The next field shows the peer
-address in dotted-quad notation, The final message field includes the
-message type and certain ancillary information.
-See the
-.Sx Authentication Options
-section for further information.
-.It Cm loopstats
-Enables recording of loop filter statistics information.
-Each
-update of the local clock outputs a line of the following form to
-the file generation set named
-.Cm loopstats :
-.Bd -literal
-50935 75440.031 0.000006019 13.778190 0.000351733 0.0133806
-.Ed
-.Pp
-The first two fields show the date (Modified Julian Day) and
-time (seconds and fraction past UTC midnight).
-The next five fields
-show time offset (seconds), frequency offset (parts per million -
-PPM), RMS jitter (seconds), Allan deviation (PPM) and clock
-discipline time constant.
-.It Cm peerstats
-Enables recording of peer statistics information.
-This includes
-statistics records of all peers of a NTP server and of special
-signals, where present and configured.
-Each valid update appends a
-line of the following form to the current element of a file
-generation set named
-.Cm peerstats :
-.Bd -literal
-48773 10847.650 127.127.4.1 9714 -0.001605376 0.000000000 0.001424877 0.000958674
-.Ed
-.Pp
-The first two fields show the date (Modified Julian Day) and
-time (seconds and fraction past UTC midnight).
-The next two fields
-show the peer address in dotted-quad notation and status,
-respectively.
-The status field is encoded in hex in the format
-described in Appendix A of the NTP specification RFC 1305.
-The final four fields show the offset,
-delay, dispersion and RMS jitter, all in seconds.
-.It Cm rawstats
-Enables recording of raw-timestamp statistics information.
-This
-includes statistics records of all peers of a NTP server and of
-special signals, where present and configured.
-Each NTP message
-received from a peer or clock driver appends a line of the
-following form to the file generation set named
-.Cm rawstats :
-.Bd -literal
-50928 2132.543 128.4.1.1 128.4.1.20 3102453281.584327000 3102453281.58622800031 02453332.540806000 3102453332.541458000
-.Ed
-.Pp
-The first two fields show the date (Modified Julian Day) and
-time (seconds and fraction past UTC midnight).
-The next two fields
-show the remote peer or clock address followed by the local address
-in dotted-quad notation.
-The final four fields show the originate,
-receive, transmit and final NTP timestamps in order.
-The timestamp
-values are as received and before processing by the various data
-smoothing and mitigation algorithms.
-.It Cm sysstats
-Enables recording of ntpd statistics counters on a periodic basis.
-Each
-hour a line of the following form is appended to the file generation
-set named
-.Cm sysstats :
-.Bd -literal
-50928 2132.543 36000 81965 0 9546 56 71793 512 540 10 147
-.Ed
-.Pp
-The first two fields show the date (Modified Julian Day) and time
-(seconds and fraction past UTC midnight).
-The remaining ten fields show
-the statistics counter values accumulated since the last generated
-line.
-.Bl -tag -width indent
-.It Time since restart Cm 36000
-Time in hours since the system was last rebooted.
-.It Packets received Cm 81965
-Total number of packets received.
-.It Packets processed Cm 0
-Number of packets received in response to previous packets sent
-.It Current version Cm 9546
-Number of packets matching the current NTP version.
-.It Previous version Cm 56
-Number of packets matching the previous NTP version.
-.It Bad version Cm 71793
-Number of packets matching neither NTP version.
-.It Access denied Cm 512
-Number of packets denied access for any reason.
-.It Bad length or format Cm 540
-Number of packets with invalid length, format or port number.
-.It Bad authentication Cm 10
-Number of packets not verified as authentic.
-.It Rate exceeded Cm 147
-Number of packets discarded due to rate limitation.
-.El
-.It Cm statsdir Ar directory_path
-Indicates the full path of a directory where statistics files
-should be created (see below).
-This keyword allows
-the (otherwise constant)
-.Cm filegen
-filename prefix to be modified for file generation sets, which
-is useful for handling statistics logs.
-.It Cm filegen Ar name Xo
-.Op Cm file Ar filename
-.Op Cm type Ar typename
-.Op Cm link | nolink
-.Op Cm enable | disable
-.Xc
-Configures setting of generation file set name.
-Generation
-file sets provide a means for handling files that are
-continuously growing during the lifetime of a server.
-Server statistics are a typical example for such files.
-Generation file sets provide access to a set of files used
-to store the actual data.
-At any time at most one element
-of the set is being written to.
-The type given specifies
-when and how data will be directed to a new element of the set.
-This way, information stored in elements of a file set
-that are currently unused are available for administrational
-operations without the risk of disturbing the operation of ntpd.
-(Most important: they can be removed to free space for new data
-produced.)
-.Pp
-Note that this command can be sent from the
-.Xr ntpdc 8
-program running at a remote location.
-.Bl -tag -width indent
-.It Cm name
-This is the type of the statistics records, as shown in the
-.Cm statistics
-command.
-.It Cm file Ar filename
-This is the file name for the statistics records.
-Filenames of set
-members are built from three concatenated elements
-.Ar Cm prefix ,
-.Ar Cm filename
-and
-.Ar Cm suffix :
-.Bl -tag -width indent
-.It Cm prefix
-This is a constant filename path.
-It is not subject to
-modifications via the
-.Ar filegen
-option.
-It is defined by the
-server, usually specified as a compile-time constant.
-It may,
-however, be configurable for individual file generation sets
-via other commands.
-For example, the prefix used with
-.Ar loopstats
-and
-.Ar peerstats
-generation can be configured using the
-.Ar statsdir
-option explained above.
-.It Cm filename
-This string is directly concatenated to the prefix mentioned
-above (no intervening
-.Ql / ) .
-This can be modified using
-the file argument to the
-.Ar filegen
-statement.
-No
-.Pa ..
-elements are
-allowed in this component to prevent filenames referring to
-parts outside the filesystem hierarchy denoted by
-.Ar prefix .
-.It Cm suffix
-This part is reflects individual elements of a file set.
-It is
-generated according to the type of a file set.
-.El
-.It Cm type Ar typename
-A file generation set is characterized by its type.
-The following
-types are supported:
-.Bl -tag -width indent
-.It Cm none
-The file set is actually a single plain file.
-.It Cm pid
-One element of file set is used per incarnation of a ntpd
-server.
-This type does not perform any changes to file set
-members during runtime, however it provides an easy way of
-separating files belonging to different
-.Xr ntpd 8
-server incarnations.
-The set member filename is built by appending a
-.Ql \&.
-to concatenated
-.Ar prefix
-and
-.Ar filename
-strings, and
-appending the decimal representation of the process ID of the
-.Xr ntpd 8
-server process.
-.It Cm day
-One file generation set element is created per day.
-A day is
-defined as the period between 00:00 and 24:00 UTC.
-The file set
-member suffix consists of a
-.Ql \&.
-and a day specification in
-the form
-.Cm YYYYMMdd .
-.Cm YYYY
-is a 4-digit year number (e.g., 1992).
-.Cm MM
-is a two digit month number.
-.Cm dd
-is a two digit day number.
-Thus, all information written at 10 December 1992 would end up
-in a file named
-.Ar prefix
-.Ar filename Ns .19921210 .
-.It Cm week
-Any file set member contains data related to a certain week of
-a year.
-The term week is defined by computing day-of-year
-modulo 7.
-Elements of such a file generation set are
-distinguished by appending the following suffix to the file set
-filename base: A dot, a 4-digit year number, the letter
-.Cm W ,
-and a 2-digit week number.
-For example, information from January,
-10th 1992 would end up in a file with suffix
-.No . Ns Ar 1992W1 .
-.It Cm month
-One generation file set element is generated per month.
-The
-file name suffix consists of a dot, a 4-digit year number, and
-a 2-digit month.
-.It Cm year
-One generation file element is generated per year.
-The filename
-suffix consists of a dot and a 4 digit year number.
-.It Cm age
-This type of file generation sets changes to a new element of
-the file set every 24 hours of server operation.
-The filename
-suffix consists of a dot, the letter
-.Cm a ,
-and an 8-digit number.
-This number is taken to be the number of seconds the server is
-running at the start of the corresponding 24-hour period.
-Information is only written to a file generation by specifying
-.Cm enable ;
-output is prevented by specifying
-.Cm disable .
-.El
-.It Cm link | nolink
-It is convenient to be able to access the current element of a file
-generation set by a fixed name.
-This feature is enabled by
-specifying
-.Cm link
-and disabled using
-.Cm nolink .
-If link is specified, a
-hard link from the current file set element to a file without
-suffix is created.
-When there is already a file with this name and
-the number of links of this file is one, it is renamed appending a
-dot, the letter
-.Cm C ,
-and the pid of the ntpd server process.
-When the
-number of links is greater than one, the file is unlinked.
-This
-allows the current file to be accessed by a constant name.
-.It Cm enable \&| Cm disable
-Enables or disables the recording function.
-.El
-.El
-.El
-.Sh Access Control Support
-The
-.Xr ntpd 8
-daemon implements a general purpose address/mask based restriction
-list.
-The list contains address/match entries sorted first
-by increasing address values and and then by increasing mask values.
-A match occurs when the bitwise AND of the mask and the packet
-source address is equal to the bitwise AND of the mask and
-address in the list.
-The list is searched in order with the
-last match found defining the restriction flags associated
-with the entry.
-Additional information and examples can be found in the
-.Qq Notes on Configuring NTP and Setting up a NTP Subnet
-page
-(available as part of the HTML documentation
-provided in
-.Pa /usr/share/doc/ntp ) .
-.Pp
-The restriction facility was implemented in conformance
-with the access policies for the original NSFnet backbone
-time servers.
-Later the facility was expanded to deflect
-cryptographic and clogging attacks.
-While this facility may
-be useful for keeping unwanted or broken or malicious clients
-from congesting innocent servers, it should not be considered
-an alternative to the NTP authentication facilities.
-Source address based restrictions are easily circumvented
-by a determined cracker.
-.Pp
-Clients can be denied service because they are explicitly
-included in the restrict list created by the restrict command
-or implicitly as the result of cryptographic or rate limit
-violations.
-Cryptographic violations include certificate
-or identity verification failure; rate limit violations generally
-result from defective NTP implementations that send packets
-at abusive rates.
-Some violations cause denied service
-only for the offending packet, others cause denied service
-for a timed period and others cause the denied service for
-an indefinite period.
-When a client or network is denied access
-for an indefinite period, the only way at present to remove
-the restrictions is by restarting the server.
-.Ss The Kiss-of-Death Packet
-Ordinarily, packets denied service are simply dropped with no
-further action except incrementing statistics counters.
-Sometimes a
-more proactive response is needed, such as a server message that
-explicitly requests the client to stop sending and leave a message
-for the system operator.
-A special packet format has been created
-for this purpose called the "kiss-of-death" (KoD) packet.
-KoD packets have the leap bits set unsynchronized and stratum set
-to zero and the reference identifier field set to a four-byte
-ASCII code.
-If the
-.Cm noserve
-or
-.Cm notrust
-flag of the matching restrict list entry is set,
-the code is "DENY"; if the
-.Cm limited
-flag is set and the rate limit
-is exceeded, the code is "RATE".
-Finally, if a cryptographic violation occurs, the code is "CRYP".
-.Pp
-A client receiving a KoD performs a set of sanity checks to
-minimize security exposure, then updates the stratum and
-reference identifier peer variables, sets the access
-denied (TEST4) bit in the peer flash variable and sends
-a message to the log.
-As long as the TEST4 bit is set,
-the client will send no further packets to the server.
-The only way at present to recover from this condition is
-to restart the protocol at both the client and server.
-This
-happens automatically at the client when the association times out.
-It will happen at the server only if the server operator cooperates.
-.Ss Access Control Commands
-.Bl -tag -width indent
-.It Xo Ic discard
-.Op Cm average Ar avg
-.Op Cm minimum Ar min
-.Op Cm monitor Ar prob
-.Xc
-Set the parameters of the
-.Cm limited
-facility which protects the server from
-client abuse.
-The
-.Cm average
-subcommand specifies the minimum average packet
-spacing, while the
-.Cm minimum
-subcommand specifies the minimum packet spacing.
-Packets that violate these minima are discarded
-and a kiss-o'-death packet returned if enabled.
-The default
-minimum average and minimum are 5 and 2, respectively.
-The monitor subcommand specifies the probability of discard
-for packets that overflow the rate-control window.
-.It Xo Ic restrict address
-.Op Cm mask Ar mask
-.Op Ar flag ...
-.Xc
-The
-.Ar address
-argument expressed in
-dotted-quad form is the address of a host or network.
-Alternatively, the
-.Ar address
-argument can be a valid host DNS name.
-The
-.Ar mask
-argument expressed in dotted-quad form defaults to
-.Cm 255.255.255.255 ,
-meaning that the
-.Ar address
-is treated as the address of an individual host.
-A default entry (address
-.Cm 0.0.0.0 ,
-mask
-.Cm 0.0.0.0 )
-is always included and is always the first entry in the list.
-Note that text string
-.Cm default ,
-with no mask option, may
-be used to indicate the default entry.
-In the current implementation,
-.Cm flag
-always
-restricts access, i.e., an entry with no flags indicates that free
-access to the server is to be given.
-The flags are not orthogonal,
-in that more restrictive flags will often make less restrictive
-ones redundant.
-The flags can generally be classed into two
-categories, those which restrict time service and those which
-restrict informational queries and attempts to do run-time
-reconfiguration of the server.
-One or more of the following flags
-may be specified:
-.Bl -tag -width indent
-.It Cm ignore
-Deny packets of all kinds, including
-.Xr ntpq 8
-and
-.Xr ntpdc 8
-queries.
-.It Cm kod
-If this flag is set when an access violation occurs, a kiss-o'-death
-(KoD) packet is sent.
-KoD packets are rate limited to no more than one
-per second.
-If another KoD packet occurs within one second after the
-last one, the packet is dropped.
-.It Cm limited
-Deny service if the packet spacing violates the lower limits specified
-in the discard command.
-A history of clients is kept using the
-monitoring capability of
-.Xr ntpd 8 .
-Thus, monitoring is always active as
-long as there is a restriction entry with the
-.Cm limited
-flag.
-.It Cm lowpriotrap
-Declare traps set by matching hosts to be low priority.
-The
-number of traps a server can maintain is limited (the current limit
-is 3).
-Traps are usually assigned on a first come, first served
-basis, with later trap requestors being denied service.
-This flag
-modifies the assignment algorithm by allowing low priority traps to
-be overridden by later requests for normal priority traps.
-.It Cm nomodify
-Deny
-.Xr ntpq 8
-and
-.Xr ntpdc 8
-queries which attempt to modify the state of the
-server (i.e., run time reconfiguration).
-Queries which return
-information are permitted.
-.It Cm noquery
-Deny
-.Xr ntpq 8
-and
-.Xr ntpdc 8
-queries.
-Time service is not affected.
-.It Cm nopeer
-Deny packets which would result in mobilizing a new association.
-This
-includes broadcast and symmetric active packets when a configured
-association does not exist.
-.It Cm noserve
-Deny all packets except
-.Xr ntpq 8
-and
-.Xr ntpdc 8
-queries.
-.It Cm notrap
-Decline to provide mode 6 control message trap service to matching
-hosts.
-The trap service is a subsystem of the ntpdq control message
-protocol which is intended for use by remote event logging programs.
-.It Cm notrust
-Deny service unless the packet is cryptographically authenticated.
-.It Cm ntpport
-This is actually a match algorithm modifier, rather than a
-restriction flag.
-Its presence causes the restriction entry to be
-matched only if the source port in the packet is the standard NTP
-UDP port (123).
-Both
-.Cm ntpport
-and
-.Cm non-ntpport
-may
-be specified.
-The
-.Cm ntpport
-is considered more specific and
-is sorted later in the list.
-.It Cm version
-Deny packets that do not match the current NTP version.
-.El
-.Pp
-Default restriction list entries with the flags ignore, interface,
-ntpport, for each of the local host's interface addresses are
-inserted into the table at startup to prevent the server
-from attempting to synchronize to its own time.
-A default entry is also always present, though if it is
-otherwise unconfigured; no flags are associated
-with the default entry (i.e., everything besides your own
-NTP server is unrestricted).
-.El
-.Sh Automatic NTP Configuration Options
-.Ss Manycasting
-Manycasting is a automatic discovery and configuration paradigm
-new to NTPv4.
-It is intended as a means for a multicast client
-to troll the nearby network neighborhood to find cooperating
-manycast servers, validate them using cryptographic means
-and evaluate their time values with respect to other servers
-that might be lurking in the vicinity.
-The intended result is that each manycast client mobilizes
-client associations with some number of the "best"
-of the nearby manycast servers, yet automatically reconfigures
-to sustain this number of servers should one or another fail.
-.Pp
-Note that the manycasting paradigm does not coincide
-with the anycast paradigm described in RFC-1546,
-which is designed to find a single server from a clique
-of servers providing the same service.
-The manycast paradigm is designed to find a plurality
-of redundant servers satisfying defined optimality criteria.
-.Pp
-Manycasting can be used with either symmetric key
-or public key cryptography.
-The public key infrastructure (PKI)
-offers the best protection against compromised keys
-and is generally considered stronger, at least with relatively
-large key sizes.
-It is implemented using the Autokey protocol and
-the OpenSSL cryptographic library available from
-.Li http://www.openssl.org/ .
-The library can also be used with other NTPv4 modes
-as well and is highly recommended, especially for broadcast modes.
-.Pp
-A persistent manycast client association is configured
-using the manycastclient command, which is similar to the
-server command but with a multicast (IPv4 class
-.Cm D
-or IPv6 prefix
-.Cm FF )
-group address.
-The IANA has designated IPv4 address 224.1.1.1
-and IPv6 address FF05::101 (site local) for NTP.
-When more servers are needed, it broadcasts manycast
-client messages to this address at the minimum feasible rate
-and minimum feasible time-to-live (TTL) hops, depending
-on how many servers have already been found.
-There can be as many manycast client associations
-as different group address, each one serving as a template
-for a future ephemeral unicast client/server association.
-.Pp
-Manycast servers configured with the
-.Ic manycastserver
-command listen on the specified group address for manycast
-client messages.
-Note the distinction between manycast client,
-which actively broadcasts messages, and manycast server,
-which passively responds to them.
-If a manycast server is
-in scope of the current TTL and is itself synchronized
-to a valid source and operating at a stratum level equal
-to or lower than the manycast client, it replies to the
-manycast client message with an ordinary unicast server message.
-.Pp
-The manycast client receiving this message mobilizes
-an ephemeral client/server association according to the
-matching manycast client template, but only if cryptographically
-authenticated and the server stratum is less than or equal
-to the client stratum.
-Authentication is explicitly required
-and either symmetric key or public key (Autokey) can be used.
-Then, the client polls the server at its unicast address
-in burst mode in order to reliably set the host clock
-and validate the source.
-This normally results
-in a volley of eight client/server at 2-s intervals
-during which both the synchronization and cryptographic
-protocols run concurrently.
-Following the volley,
-the client runs the NTP intersection and clustering
-algorithms, which act to discard all but the "best"
-associations according to stratum and synchronization
-distance.
-The surviving associations then continue
-in ordinary client/server mode.
-.Pp
-The manycast client polling strategy is designed to reduce
-as much as possible the volume of manycast client messages
-and the effects of implosion due to near-simultaneous
-arrival of manycast server messages.
-The strategy is determined by the
-.Ic manycastclient ,
-.Ic tos
-and
-.Ic ttl
-configuration commands.
-The manycast poll interval is
-normally eight times the system poll interval,
-which starts out at the
-.Cm minpoll
-value specified in the
-.Ic manycastclient ,
-command and, under normal circumstances, increments to the
-.Cm maxpolll
-value specified in this command.
-Initially, the TTL is
-set at the minimum hops specified by the ttl command.
-At each retransmission the TTL is increased until reaching
-the maximum hops specified by this command or a sufficient
-number client associations have been found.
-Further retransmissions use the same TTL.
-.Pp
-The quality and reliability of the suite of associations
-discovered by the manycast client is determined by the NTP
-mitigation algorithms and the
-.Cm minclock
-and
-.Cm minsane
-values specified in the
-.Ic tos
-configuration command.
-At least
-.Cm minsane
-candidate servers must be available and the mitigation
-algorithms produce at least
-.Cm minclock
-survivors in order to synchronize the clock.
-Byzantine agreement principles require at least four
-candidates in order to correctly discard a single falseticker.
-For legacy purposes,
-.Cm minsane
-defaults to 1 and
-.Cm minclock
-defaults to 3.
-For manycast service
-.Cm minsane
-should be explicitly set to 4, assuming at least that
-number of servers are available.
-.Pp
-If at least
-.Cm minclock
-servers are found, the manycast poll interval is immediately
-set to eight times
-.Cm maxpoll .
-If less than
-.Cm minclock
-servers are found when the TTL has reached the maximum hops,
-the manycast poll interval is doubled.
-For each transmission
-after that, the poll interval is doubled again until
-reaching the maximum of eight times
-.Cm maxpoll .
-Further transmissions use the same poll interval and
-TTL values.
-Note that while all this is going on,
-each client/server association found is operating normally
-it the system poll interval.
-.Pp
-Administratively scoped multicast boundaries are normally
-specified by the network router configuration and,
-in the case of IPv6, the link/site scope prefix.
-By default, the increment for TTL hops is 32 starting
-from 31; however, the
-.Ic ttl
-configuration command can be
-used to modify the values to match the scope rules.
-.Pp
-It is often useful to narrow the range of acceptable
-servers which can be found by manycast client associations.
-Because manycast servers respond only when the client
-stratum is equal to or greater than the server stratum,
-primary (stratum 1) servers fill find only primary servers
-in TTL range, which is probably the most common objective.
-However, unless configured otherwise, all manycast clients
-in TTL range will eventually find all primary servers
-in TTL range, which is probably not the most common
-objective in large networks.
-The
-.Ic tos
-command can be used to modify this behavior.
-Servers with stratum below
-.Cm floor
-or above
-.Cm ceiling
-specified in the
-.Ic tos
-command are strongly discouraged during the selection
-process; however, these servers may be temporally
-accepted if the number of servers within TTL range is
-less than
-.Cm minclock .
-.Pp
-The above actions occur for each manycast client message,
-which repeats at the designated poll interval.
-However, once the ephemeral client association is mobilized,
-subsequent manycast server replies are discarded,
-since that would result in a duplicate association.
-If during a poll interval the number of client associations
-falls below
-.Cm minclock ,
-all manycast client prototype associations are reset
-to the initial poll interval and TTL hops and operation
-resumes from the beginning.
-It is important to avoid
-frequent manycast client messages, since each one requires
-all manycast servers in TTL range to respond.
-The result could well be an implosion, either minor or major,
-depending on the number of servers in range.
-The recommended value for
-.Cm maxpoll
-is 12 (4,096 s).
-.Pp
-It is possible and frequently useful to configure a host
-as both manycast client and manycast server.
-A number of hosts configured this way and sharing a common
-group address will automatically organize themselves
-in an optimum configuration based on stratum and
-synchronization distance.
-For example, consider an NTP
-subnet of two primary servers and a hundred or more
-dependent clients.
-With two exceptions, all servers
-and clients have identical configuration files including both
-.Ic multicastclient
-and
-.Ic multicastserver
-commands using, for instance, multicast group address
-239.1.1.1.
-The only exception is that each primary server
-configuration file must include commands for the primary
-reference source such as a GPS receiver.
-.Pp
-The remaining configuration files for all secondary
-servers and clients have the same contents, except for the
-.Ic tos
-command, which is specific for each stratum level.
-For stratum 1 and stratum 2 servers, that command is
-not necessary.
-For stratum 3 and above servers the
-.Cm floor
-value is set to the intended stratum number.
-Thus, all stratum 3 configuration files are identical,
-all stratum 4 files are identical and so forth.
-.Pp
-Once operations have stabilized in this scenario,
-the primary servers will find the primary reference source
-and each other, since they both operate at the same
-stratum (1), but not with any secondary server or client,
-since these operate at a higher stratum.
-The secondary
-servers will find the servers at the same stratum level.
-If one of the primary servers loses its GPS receiver,
-it will continue to operate as a client and other clients
-will time out the corresponding association and
-re-associate accordingly.
-.Pp
-Some administrators prefer to avoid running
-.Xr ntpd 8
-continuously and run either
-.Xr ntpdate 8
-or
-.Xr ntpd 8
-.Fl q
-as a cron job.
-In either case the servers must be
-configured in advance and the program fails if none are
-available when the cron job runs.
-A really slick
-application of manycast is with
-.Xr ntpd 8
-.Fl q .
-The program wakes up, scans the local landscape looking
-for the usual suspects, selects the best from among
-the rascals, sets the clock and then departs.
-Servers do not have to be configured in advance and
-all clients throughout the network can have the same
-configuration file.
-.Ss Manycast Interactions with Autokey
-Each time a manycast client sends a client mode packet
-to a multicast group address, all manycast servers
-in scope generate a reply including the host name
-and status word.
-The manycast clients then run
-the Autokey protocol, which collects and verifies
-all certificates involved.
-Following the burst interval
-all but three survivors are cast off,
-but the certificates remain in the local cache.
-It often happens that several complete signing trails
-from the client to the primary servers are collected in this way.
-.Pp
-About once an hour or less often if the poll interval
-exceeds this, the client regenerates the Autokey key list.
-This is in general transparent in client/server mode.
-However, about once per day the server private value
-used to generate cookies is refreshed along with all
-manycast client associations.
-In this case all
-cryptographic values including certificates is refreshed.
-If a new certificate has been generated since
-the last refresh epoch, it will automatically revoke
-all prior certificates that happen to be in the
-certificate cache.
-At the same time, the manycast
-scheme starts all over from the beginning and
-the expanding ring shrinks to the minimum and increments
-from there while collecting all servers in scope.
-.Ss Manycast Options
-.Bl -tag -width indent
-.It Xo Ic tos
-.Oo
-.Cm ceiling Ar ceiling |
-.Cm cohort { 0 | 1 } |
-.Cm floor Ar floor |
-.Cm minclock Ar minclock |
-.Cm minsane Ar minsane
-.Oc
-.Xc
-This command affects the clock selection and clustering
-algorithms.
-It can be used to select the quality and
-quantity of peers used to synchronize the system clock
-and is most useful in manycast mode.
-The variables operate
-as follows:
-.Bl -tag -width indent
-.It Cm ceiling Ar ceiling
-Peers with strata above
-.Cm ceiling
-will be discarded if there are at least
-.Cm minclock
-peers remaining.
-This value defaults to 15, but can be changed
-to any number from 1 to 15.
-.It Cm cohort Bro 0 | 1 Brc
-This is a binary flag which enables (0) or disables (1)
-manycast server replies to manycast clients with the same
-stratum level.
-This is useful to reduce implosions where
-large numbers of clients with the same stratum level
-are present.
-The default is to enable these replies.
-.It Cm floor Ar floor
-Peers with strata below
-.Cm floor
-will be discarded if there are at least
-.Cm minclock
-peers remaining.
-This value defaults to 1, but can be changed
-to any number from 1 to 15.
-.It Cm minclock Ar minclock
-The clustering algorithm repeatedly casts out outlyer
-associations until no more than
-.Cm minclock
-associations remain.
-This value defaults to 3,
-but can be changed to any number from 1 to the number of
-configured sources.
-.It Cm minsane Ar minsane
-This is the minimum number of candidates available
-to the clock selection algorithm in order to produce
-one or more truechimers for the clustering algorithm.
-If fewer than this number are available, the clock is
-undisciplined and allowed to run free.
-The default is 1
-for legacy purposes.
-However, according to principles of
-Byzantine agreement,
-.Cm minsane
-should be at least 4 in order to detect and discard
-a single falseticker.
-.El
-.It Cm ttl Ar hop ...
-This command specifies a list of TTL values in increasing
-order, up to 8 values can be specified.
-In manycast mode these values are used in turn
-in an expanding-ring search.
-The default is eight
-multiples of 32 starting at 31.
-.El
-.Sh Reference Clock Support
-The NTP Version 4 daemon supports some three dozen different radio,
-satellite and modem reference clocks plus a special pseudo-clock
-used for backup or when no other clock source is available.
-Detailed descriptions of individual device drivers and options can
-be found in the
-.Qq Reference Clock Drivers
-page
-(available as part of the HTML documentation
-provided in
-.Pa /usr/share/doc/ntp ) .
-Additional information can be found in the pages linked
-there, including the
-.Qq Debugging Hints for Reference Clock Drivers
-and
-.Qq How To Write a Reference Clock Driver
-pages
-(available as part of the HTML documentation
-provided in
-.Pa /usr/share/doc/ntp ) .
-In addition, support for a PPS
-signal is available as described in the
-.Qq Pulse-per-second (PPS) Signal Interfacing
-page
-(available as part of the HTML documentation
-provided in
-.Pa /usr/share/doc/ntp ) .
-Many
-drivers support special line discipline/streams modules which can
-significantly improve the accuracy using the driver.
-These are
-described in the
-.Qq Line Disciplines and Streams Drivers
-page
-(available as part of the HTML documentation
-provided in
-.Pa /usr/share/doc/ntp ) .
-.Pp
-A reference clock will generally (though not always) be a radio
-timecode receiver which is synchronized to a source of standard
-time such as the services offered by the NRC in Canada and NIST and
-USNO in the US.
-The interface between the computer and the timecode
-receiver is device dependent, but is usually a serial port.
-A
-device driver specific to each reference clock must be selected and
-compiled in the distribution; however, most common radio, satellite
-and modem clocks are included by default.
-Note that an attempt to
-configure a reference clock when the driver has not been compiled
-or the hardware port has not been appropriately configured results
-in a scalding remark to the system log file, but is otherwise non
-hazardous.
-.Pp
-For the purposes of configuration,
-.Xr ntpd 8
-treats
-reference clocks in a manner analogous to normal NTP peers as much
-as possible.
-Reference clocks are identified by a syntactically
-correct but invalid IP address, in order to distinguish them from
-normal NTP peers.
-Reference clock addresses are of the form
-.Sm off
-.Li 127.127. Ar t . Ar u ,
-.Sm on
-where
-.Ar t
-is an integer
-denoting the clock type and
-.Ar u
-indicates the unit
-number in the range 0-3.
-While it may seem overkill, it is in fact
-sometimes useful to configure multiple reference clocks of the same
-type, in which case the unit numbers must be unique.
-.Pp
-The
-.Ic server
-command is used to configure a reference
-clock, where the
-.Ar address
-argument in that command
-is the clock address.
-The
-.Cm key ,
-.Cm version
-and
-.Cm ttl
-options are not used for reference clock support.
-The
-.Cm mode
-option is added for reference clock support, as
-described below.
-The
-.Cm prefer
-option can be useful to
-persuade the server to cherish a reference clock with somewhat more
-enthusiasm than other reference clocks or peers.
-Further
-information on this option can be found in the
-.Qq Mitigation Rules and the prefer Keyword
-(available as part of the HTML documentation
-provided in
-.Pa /usr/share/doc/ntp )
-page.
-The
-.Cm minpoll
-and
-.Cm maxpoll
-options have
-meaning only for selected clock drivers.
-See the individual clock
-driver document pages for additional information.
-.Pp
-The
-.Ic fudge
-command is used to provide additional
-information for individual clock drivers and normally follows
-immediately after the
-.Ic server
-command.
-The
-.Ar address
-argument specifies the clock address.
-The
-.Cm refid
-and
-.Cm stratum
-options can be used to
-override the defaults for the device.
-There are two optional
-device-dependent time offsets and four flags that can be included
-in the
-.Ic fudge
-command as well.
-.Pp
-The stratum number of a reference clock is by default zero.
-Since the
-.Xr ntpd 8
-daemon adds one to the stratum of each
-peer, a primary server ordinarily displays an external stratum of
-one.
-In order to provide engineered backups, it is often useful to
-specify the reference clock stratum as greater than zero.
-The
-.Cm stratum
-option is used for this purpose.
-Also, in cases
-involving both a reference clock and a pulse-per-second (PPS)
-discipline signal, it is useful to specify the reference clock
-identifier as other than the default, depending on the driver.
-The
-.Cm refid
-option is used for this purpose.
-Except where noted,
-these options apply to all clock drivers.
-.Ss Reference Clock Commands
-.Bl -tag -width indent
-.It Xo Ic server
-.Sm off
-.Li 127.127. Ar t . Ar u
-.Sm on
-.Op Cm prefer
-.Op Cm mode Ar int
-.Op Cm minpoll Ar int
-.Op Cm maxpoll Ar int
-.Xc
-This command can be used to configure reference clocks in
-special ways.
-The options are interpreted as follows:
-.Bl -tag -width indent
-.It Cm prefer
-Marks the reference clock as preferred.
-All other things being
-equal, this host will be chosen for synchronization among a set of
-correctly operating hosts.
-See the
-.Qq Mitigation Rules and the prefer Keyword
-page
-(available as part of the HTML documentation
-provided in
-.Pa /usr/share/doc/ntp )
-for further information.
-.It Cm mode Ar int
-Specifies a mode number which is interpreted in a
-device-specific fashion.
-For instance, it selects a dialing
-protocol in the ACTS driver and a device subtype in the
-parse
-drivers.
-.It Cm minpoll Ar int
-.It Cm maxpoll Ar int
-These options specify the minimum and maximum polling interval
-for reference clock messages, as a power of 2 in seconds
-For
-most directly connected reference clocks, both
-.Cm minpoll
-and
-.Cm maxpoll
-default to 6 (64 s).
-For modem reference clocks,
-.Cm minpoll
-defaults to 10 (17.1 m) and
-.Cm maxpoll
-defaults to 14 (4.5 h).
-The allowable range is 4 (16 s) to 17 (36.4 h) inclusive.
-.El
-.It Xo Ic fudge
-.Sm off
-.Li 127.127. Ar t . Ar u
-.Sm on
-.Op Cm time1 Ar sec
-.Op Cm time2 Ar sec
-.Op Cm stratum Ar int
-.Op Cm refid Ar string
-.Op Cm mode Ar int
-.Op Cm flag1 Cm 0 \&| Cm 1
-.Op Cm flag2 Cm 0 \&| Cm 1
-.Op Cm flag3 Cm 0 \&| Cm 1
-.Op Cm flag4 Cm 0 \&| Cm 1
-.Xc
-This command can be used to configure reference clocks in
-special ways.
-It must immediately follow the
-.Ic server
-command which configures the driver.
-Note that the same capability
-is possible at run time using the
-.Xr ntpdc 8
-program.
-The options are interpreted as
-follows:
-.Bl -tag -width indent
-.It Cm time1 Ar sec
-Specifies a constant to be added to the time offset produced by
-the driver, a fixed-point decimal number in seconds.
-This is used
-as a calibration constant to adjust the nominal time offset of a
-particular clock to agree with an external standard, such as a
-precision PPS signal.
-It also provides a way to correct a
-systematic error or bias due to serial port or operating system
-latencies, different cable lengths or receiver internal delay.
-The
-specified offset is in addition to the propagation delay provided
-by other means, such as internal DIPswitches.
-Where a calibration
-for an individual system and driver is available, an approximate
-correction is noted in the driver documentation pages.
-Note: in order to facilitate calibration when more than one
-radio clock or PPS signal is supported, a special calibration
-feature is available.
-It takes the form of an argument to the
-.Ic enable
-command described in
-.Sx Miscellaneous Options
-page and operates as described in the
-.Qq Reference Clock Drivers
-page
-(available as part of the HTML documentation
-provided in
-.Pa /usr/share/doc/ntp ) .
-.It Cm time2 Ar secs
-Specifies a fixed-point decimal number in seconds, which is
-interpreted in a driver-dependent way.
-See the descriptions of
-specific drivers in the
-.Qq Reference Clock Drivers
-page
-(available as part of the HTML documentation
-provided in
-.Pa /usr/share/doc/ntp ) .
-.It Cm stratum Ar int
-Specifies the stratum number assigned to the driver, an integer
-between 0 and 15.
-This number overrides the default stratum number
-ordinarily assigned by the driver itself, usually zero.
-.It Cm refid Ar string
-Specifies an ASCII string of from one to four characters which
-defines the reference identifier used by the driver.
-This string
-overrides the default identifier ordinarily assigned by the driver
-itself.
-.It Cm mode Ar int
-Specifies a mode number which is interpreted in a
-device-specific fashion.
-For instance, it selects a dialing
-protocol in the ACTS driver and a device subtype in the
-parse
-drivers.
-.It Cm flag1 Cm 0 \&| Cm 1
-.It Cm flag2 Cm 0 \&| Cm 1
-.It Cm flag3 Cm 0 \&| Cm 1
-.It Cm flag4 Cm 0 \&| Cm 1
-These four flags are used for customizing the clock driver.
-The
-interpretation of these values, and whether they are used at all,
-is a function of the particular clock driver.
-However, by
-convention
-.Cm flag4
-is used to enable recording monitoring
-data to the
-.Cm clockstats
-file configured with the
-.Ic filegen
-command.
-Further information on the
-.Ic filegen
-command can be found in
-.Sx Monitoring Options .
-.El
-.El
-.Sh Miscellaneous Options
-.Bl -tag -width indent
-.It Ic broadcastdelay Ar seconds
-The broadcast and multicast modes require a special calibration
-to determine the network delay between the local and remote
-servers.
-Ordinarily, this is done automatically by the initial
-protocol exchanges between the client and server.
-In some cases,
-the calibration procedure may fail due to network or server access
-controls, for example.
-This command specifies the default delay to
-be used under these circumstances.
-Typically (for Ethernet), a
-number between 0.003 and 0.007 seconds is appropriate.
-The default
-when this command is not used is 0.004 seconds.
-.It Ic calldelay Ar delay
-This option controls the delay in seconds between the first and second
-packets sent in burst or iburst mode to allow additional time for a modem
-or ISDN call to complete.
-.It Ic driftfile Ar driftfile
-This command specifies the complete path and name of the file used to
-record the frequency of the local clock oscillator.
-This is the same
-operation as the
-.Fl f
-command line option.
-If the file exists, it is read at
-startup in order to set the initial frequency and then updated once per
-hour with the current frequency computed by the daemon.
-If the file name is
-specified, but the file itself does not exist, the starts with an initial
-frequency of zero and creates the file when writing it for the first time.
-If this command is not given, the daemon will always start with an initial
-frequency of zero.
-.Pp
-The file format consists of a single line containing a single
-floating point number, which records the frequency offset measured
-in parts-per-million (PPM).
-The file is updated by first writing
-the current drift value into a temporary file and then renaming
-this file to replace the old version.
-This implies that
-.Xr ntpd 8
-must have write permission for the directory the
-drift file is located in, and that file system links, symbolic or
-otherwise, should be avoided.
-.It Xo Ic enable
-.Oo
-.Cm auth | Cm bclient |
-.Cm calibrate | Cm kernel |
-.Cm monitor | Cm ntp |
-.Cm pps | Cm stats
-.Oc
-.Xc
-.It Xo Ic disable
-.Oo
-.Cm auth | Cm bclient |
-.Cm calibrate | Cm kernel |
-.Cm monitor | Cm ntp |
-.Cm pps | Cm stats
-.Oc
-.Xc
-Provides a way to enable or disable various server options.
-Flags not mentioned are unaffected.
-Note that all of these flags
-can be controlled remotely using the
-.Xr ntpdc 8
-utility program.
-.Bl -tag -width indent
-.It Cm auth
-Enables the server to synchronize with unconfigured peers only if the
-peer has been correctly authenticated using either public key or
-private key cryptography.
-The default for this flag is
-.Ic enable .
-.It Cm bclient
-Enables the server to listen for a message from a broadcast or
-multicast server, as in the
-.Ic multicastclient
-command with default
-address.
-The default for this flag is
-.Ic disable .
-.It Cm calibrate
-Enables the calibrate feature for reference clocks.
-The default for
-this flag is
-.Ic disable .
-.It Cm kernel
-Enables the kernel time discipline, if available.
-The default for this
-flag is
-.Ic enable
-if support is available, otherwise
-.Ic disable .
-.It Cm monitor
-Enables the monitoring facility.
-See the
-.Xr ntpdc 8
-program
-and the
-.Ic monlist
-command or further information.
-The
-default for this flag is
-.Ic enable .
-.It Cm ntp
-Enables time and frequency discipline.
-In effect, this switch opens and
-closes the feedback loop, which is useful for testing.
-The default for
-this flag is
-.Ic enable .
-.It Cm pps
-Enables the pulse-per-second (PPS) signal when frequency and time is
-disciplined by the precision time kernel modifications.
-See the
-.Qq A Kernel Model for Precision Timekeeping
-(available as part of the HTML documentation
-provided in
-.Pa /usr/share/doc/ntp )
-page for further information.
-The default for this flag is
-.Ic disable .
-.It Cm stats
-Enables the statistics facility.
-See the
-.Sx Monitoring Options
-section for further information.
-The default for this flag is
-.Ic disable .
-.El
-.It Ic includefile Ar includefile
-This command allows additional configuration commands
-to be included from a separate file.
-Include files may
-be nested to a depth of five; upon reaching the end of any
-include file, command processing resumes in the previous
-configuration file.
-This option is useful for sites that run
-.Xr ntpd 8
-on multiple hosts, with (mostly) common options (e.g., a
-restriction list).
-.It Ic logconfig Ar configkeyword
-This command controls the amount and type of output written to
-the system
-.Xr syslog 3
-facility or the alternate
-.Ic logfile
-log file.
-By default, all output is turned on.
-All
-.Ar configkeyword
-keywords can be prefixed with
-.Ql = ,
-.Ql +
-and
-.Ql - ,
-where
-.Ql =
-sets the
-.Xr syslog 3
-priority mask,
-.Ql +
-adds and
-.Ql -
-removes
-messages.
-.Xr syslog 3
-messages can be controlled in four
-classes
-.Po
-.Cm clock ,
-.Cm peer ,
-.Cm sys
-and
-.Cm sync
-.Pc .
-Within these classes four types of messages can be
-controlled: informational messages
-.Po
-.Cm info
-.Pc ,
-event messages
-.Po
-.Cm events
-.Pc ,
-statistics messages
-.Po
-.Cm statistics
-.Pc
-and
-status messages
-.Po
-.Cm status
-.Pc .
-.Pp
-Configuration keywords are formed by concatenating the message class with
-the event class.
-The
-.Cm all
-prefix can be used instead of a message class.
-A
-message class may also be followed by the
-.Cm all
-keyword to enable/disable all
-messages of the respective message class.Thus, a minimal log configuration
-could look like this:
-.Bd -literal
-logconfig =syncstatus +sysevents
-.Ed
-.Pp
-This would just list the synchronizations state of
-.Xr ntpd 8
-and the major system events.
-For a simple reference server, the
-following minimum message configuration could be useful:
-.Bd -literal
-logconfig =syncall +clockall
-.Ed
-.Pp
-This configuration will list all clock information and
-synchronization information.
-All other events and messages about
-peers, system events and so on is suppressed.
-.It Ic logfile Ar logfile
-This command specifies the location of an alternate log file to
-be used instead of the default system
-.Xr syslog 3
-facility.
-This is the same operation as the -l command line option.
-.It Ic setvar Ar variable Op Cm default
-This command adds an additional system variable.
-These
-variables can be used to distribute additional information such as
-the access policy.
-If the variable of the form
-.Sm off
-.Va name = Ar value
-.Sm on
-is followed by the
-.Cm default
-keyword, the
-variable will be listed as part of the default system variables
-.Po
-.Xr ntpq 8
-.Ic rv
-command
-.Pc ) .
-These additional variables serve
-informational purposes only.
-They are not related to the protocol
-other that they can be listed.
-The known protocol variables will
-always override any variables defined via the
-.Ic setvar
-mechanism.
-There are three special variables that contain the names
-of all variable of the same group.
-The
-.Va sys_var_list
-holds
-the names of all system variables.
-The
-.Va peer_var_list
-holds
-the names of all peer variables and the
-.Va clock_var_list
-holds the names of the reference clock variables.
-.It Xo Ic tinker
-.Oo
-.Cm allan Ar allan |
-.Cm dispersion Ar dispersion |
-.Cm freq Ar freq |
-.Cm huffpuff Ar huffpuff |
-.Cm panic Ar panic |
-.Cm step Ar srep |
-.Cm stepout Ar stepout
-.Oc
-.Xc
-This command can be used to alter several system variables in
-very exceptional circumstances.
-It should occur in the
-configuration file before any other configuration options.
-The
-default values of these variables have been carefully optimized for
-a wide range of network speeds and reliability expectations.
-In
-general, they interact in intricate ways that are hard to predict
-and some combinations can result in some very nasty behavior.
-Very
-rarely is it necessary to change the default values; but, some
-folks cannot resist twisting the knobs anyway and this command is
-for them.
-Emphasis added: twisters are on their own and can expect
-no help from the support group.
-.Pp
-The variables operate as follows:
-.Bl -tag -width indent
-.It Cm allan Ar allan
-The argument becomes the new value for the minimum Allan
-intercept, which is a parameter of the PLL/FLL clock discipline
-algorithm.
-The value in log2 seconds defaults to 7 (1024 s), which is also the lower
-limit.
-.It Cm dispersion Ar dispersion
-The argument becomes the new value for the dispersion increase rate,
-normally .000015 s/s.
-.It Cm freq Ar freq
-The argument becomes the initial value of the frequency offset in
-parts-per-million.
-This overrides the value in the frequency file, if
-present, and avoids the initial training state if it is not.
-.It Cm huffpuff Ar huffpuff
-The argument becomes the new value for the experimental
-huff-n'-puff filter span, which determines the most recent interval
-the algorithm will search for a minimum delay.
-The lower limit is
-900 s (15 m), but a more reasonable value is 7200 (2 hours).
-There
-is no default, since the filter is not enabled unless this command
-is given.
-.It Cm panic Ar panic
-The argument is the panic threshold, normally 1000 s.
-If set to zero,
-the panic sanity check is disabled and a clock offset of any value will
-be accepted.
-.It Cm step Ar step
-The argument is the step threshold, which by default is 0.128 s.
-It can
-be set to any positive number in seconds.
-If set to zero, step
-adjustments will never occur.
-Note: The kernel time discipline is
-disabled if the step threshold is set to zero or greater than the
-default.
-.It Cm stepout Ar stepout
-The argument is the stepout timeout, which by default is 900 s.
-It can
-be set to any positive number in seconds.
-If set to zero, the stepout
-pulses will not be suppressed.
-.El
-.It Xo Ic trap Ar host_address
-.Op Cm port Ar port_number
-.Op Cm interface Ar interface_address
-.Xc
-This command configures a trap receiver at the given host
-address and port number for sending messages with the specified
-local interface address.
-If the port number is unspecified, a value
-of 18447 is used.
-If the interface address is not specified, the
-message is sent with a source address of the local interface the
-message is sent through.
-Note that on a multihomed host the
-interface used may vary from time to time with routing changes.
-.Pp
-The trap receiver will generally log event messages and other
-information from the server in a log file.
-While such monitor
-programs may also request their own trap dynamically, configuring a
-trap receiver will ensure that no messages are lost when the server
-is started.
-.It Cm hop Ar ...
-This command specifies a list of TTL values in increasing order, up to 8
-values can be specified.
-In manycast mode these values are used in turn in
-an expanding-ring search.
-The default is eight multiples of 32 starting at
-31.
-.El
-.Sh FILES
-.Bl -tag -width /etc/ntp.drift -compact
-.It Pa /etc/ntp.conf
-the default name of the configuration file
-.It Pa ntp.keys
-private MD5 keys
-.It Pa ntpkey
-RSA private key
-.It Pa ntpkey_ Ns Ar host
-RSA public key
-.It Pa ntp_dh
-Diffie-Hellman agreement parameters
-.El
-.Sh SEE ALSO
-.Xr rc.conf 5 ,
-.Xr ntpd 8 ,
-.Xr ntpdc 8 ,
-.Xr ntpq 8
-.Pp
-In addition to the manual pages provided,
-comprehensive documentation is available on the world wide web
-at
-.Li http://www.ntp.org/ .
-A snapshot of this documentation is available in HTML format in
-.Pa /usr/share/doc/ntp .
-.Rs
-.%A David L. Mills
-.%T Network Time Protocol (Version 3)
-.%O RFC1305
-.Re
-.Sh BUGS
-The syntax checking is not picky; some combinations of
-ridiculous and even hilarious options and modes may not be
-detected.
-.Pp
-The
-.Pa ntpkey_ Ns Ar host
-files are really digital
-certificates.
-These should be obtained via secure directory
-services when they become universally available.
diff --git a/usr.sbin/ntp/doc/ntp.keys.5 b/usr.sbin/ntp/doc/ntp.keys.5
deleted file mode 100644
index dc9531c..0000000
--- a/usr.sbin/ntp/doc/ntp.keys.5
+++ /dev/null
@@ -1,120 +0,0 @@
-.\"
-.\" $FreeBSD$
-.\"
-.Dd January 13, 2000
-.Dt NTP.KEYS 5
-.Os
-.Sh NAME
-.Nm ntp.keys
-.Nd NTP daemon key file format
-.Sh SYNOPSIS
-.Nm /etc/ntp.keys
-.Sh DESCRIPTION
-Following is a description of the format of NTP key files.
-For a description of the use of these files, see the
-.Qq Authentication Support
-section of the
-.Xr ntp.conf 5
-page.
-.Pp
-In the case of DES, the keys are 56 bits long with,
-depending on type, a parity check on each byte.
-In the case of MD5, the keys are 64 bits (8 bytes).
-.Xr ntpd 8
-reads its keys from a file specified using the
-.Fl k
-command line option or the
-.Ic keys
-statement in the configuration file.
-While key number 0 is fixed by the NTP standard
-(as 56 zero bits)
-and may not be changed,
-one or more of the keys numbered 1 through 15
-may be arbitrarily set in the keys file.
-.Pp
-The key file uses the same comment conventions
-as the configuration file.
-Key entries use a fixed format of the form
-.Pp
-.D1 Ar keyno type key
-.Pp
-where
-.Ar keyno
-is a positive integer,
-.Ar type
-is a single character which defines the key format,
-and
-.Ar key
-is the key itself.
-.Pp
-The
-.Ar key
-may be given in one of four different formats,
-controlled by the
-.Ar type
-character.
-The four key types, and corresponding formats,
-are listed following.
-.Bl -tag -width X
-.It Li S
-The key is a 64-bit hexadecimal number in the format
-specified in the DES specification;
-that is, the high order seven bits of each octet are used
-to form the 56-bit key
-while the low order bit of each octet is given a value
-such that odd parity is maintained for the octet.
-Leading zeroes must be specified
-(i.e., the key must be exactly 16 hex digits long)
-and odd parity must be maintained.
-Hence a zero key, in standard format, would be given as
-.Ql 0101010101010101 .
-.It Li N
-The key is a 64-bit hexadecimal number in the format
-specified in the NTP standard.
-This is the same as the DES format,
-except the bits in each octet have been rotated one bit right
-so that the parity bit is now the high order bit of the octet.
-Leading zeroes must be specified and odd parity must be maintained.
-A zero key in NTP format would be specified as
-.Ql 8080808080808080 .
-.It Li A
-The key is a 1-to-8 character ASCII string.
-A key is formed from this by using the low order 7 bits
-of each ASCII character in the string,
-with zeroes added on the right
-when necessary to form a full width 56-bit key,
-in the same way that encryption keys are formed from
-.Ux
-passwords.
-.It Li M
-The key is a 1-to-8 character ASCII string,
-using the MD5 authentication scheme.
-Note that both the keys and the authentication schemes (DES or MD5)
-must be identical between a set of peers sharing the same key number.
-.El
-.Pp
-Note that the keys used by the
-.Xr ntpq 8
-and
-.Xr ntpdc 8
-programs are checked against passwords
-requested by the programs and entered by hand,
-so it is generally appropriate to specify these keys in ASCII format.
-.Sh FILES
-.Bl -tag -width /etc/ntp.drift -compact
-.It Pa /etc/ntp.keys
-the default name of the configuration file
-.El
-.Sh SEE ALSO
-.Xr ntp.conf 5 ,
-.Xr ntpd 8 ,
-.Xr ntpdate 8 ,
-.Xr ntpdc 8
-.Sh BUGS
-.Xr ntpd 8
-has gotten rather fat.
-While not huge, it has gotten larger than might
-be desirable for an elevated-priority daemon running on a workstation,
-particularly since many of the fancy features which consume the space
-were designed more with a busy primary server, rather than a high
-stratum workstation, in mind.
diff --git a/usr.sbin/ntp/doc/ntpd.8 b/usr.sbin/ntp/doc/ntpd.8
deleted file mode 100644
index 069ef42..0000000
--- a/usr.sbin/ntp/doc/ntpd.8
+++ /dev/null
@@ -1,612 +0,0 @@
-.\"
-.\" $FreeBSD$
-.\"
-.Dd May 18, 2010
-.Dt NTPD 8
-.Os
-.Sh NAME
-.Nm ntpd
-.Nd Network Time Protocol (NTP) daemon
-.Sh SYNOPSIS
-.Nm
-.Op Fl aAbDdgLmnPqx
-.Op Fl c Ar conffile
-.Op Fl f Ar driftfile
-.Op Fl k Ar keyfile
-.Op Fl l Ar logfile
-.Op Fl p Ar pidfile
-.Op Fl r Ar broadcastdelay
-.Op Fl s Ar statsdir
-.Op Fl t Ar key
-.Op Fl v Ar variable
-.Op Fl V Ar variable
-.Sh DESCRIPTION
-The
-.Nm
-utility is an operating system daemon which sets
-and maintains the system time of day in synchronism with Internet
-standard time servers.
-It is a complete implementation of the
-Network Time Protocol (NTP) version 4, but also retains
-compatibility with version 3, as defined by RFC-1305, and version 1
-and 2, as defined by RFC-1059 and RFC-1119, respectively.
-.Pp
-The
-.Nm
-utility does most computations in 64-bit floating point
-arithmetic and does relatively clumsy 64-bit fixed point operations
-only when necessary to preserve the ultimate precision, about 232
-picoseconds.
-While the ultimate precision is not achievable with
-ordinary workstations and networks of today, it may be required
-with future gigahertz CPU clocks and gigabit LANs.
-.Pp
-Ordinarily,
-.Nm
-reads the
-.Xr ntp.conf 5
-configuration file at startup time in order to determine the
-synchronization sources and operating modes.
-It is also possible to
-specify a working, although limited, configuration entirely on the
-command line, obviating the need for a configuration file.
-This may
-be particularly useful when the local host is to be configured as a
-broadcast/multicast client, with all peers being determined by
-listening to broadcasts at run time.
-.Pp
-If NetInfo support is built into
-.Nm ,
-then
-.Nm
-will attempt to read its configuration from the
-NetInfo if the default
-.Xr ntp.conf 5
-file cannot be read and no file is
-specified by the
-.Fl c
-option.
-.Pp
-Various internal
-.Nm
-variables can be displayed and
-configuration options altered while the
-.Nm
-is running
-using the
-.Xr ntpq 8
-and
-.Xr ntpdc 8
-utility programs.
-.Pp
-When
-.Nm
-starts it looks at the value of
-.Cm umask 2 ,
-and if zero
-.Nm
-will set the
-.Cm umask 2
-to 022.
-.Pp
-The following options are available:
-.Bl -tag -width indent
-.It Fl a
-Require cryptographic authentication for broadcast client,
-multicast client and symmetric passive associations.
-This is the default.
-.It Fl A
-Do not require cryptographic authentication for broadcast client,
-multicast client and symmetric passive associations.
-This is almost never a good idea.
-.It Fl b
-Enable the client to synchronize to broadcast servers.
-.It Fl c Ar conffile
-Specify the name and path of the configuration file, default
-.Pa /etc/ntp.conf .
-.It Fl d
-Specify debugging mode.
-This option may occur more than once,
-with each occurrence indicating greater detail of display.
-You need to compile
-.Nm
-with DEBUG in order to use this.
-.It Fl D Ar level
-Specify debugging level directly.
-.It Fl f Ar driftfile
-Specify the name and path of the frequency file, default
-.Pa /etc/ntp.drift .
-This is the same operation as the
-.Ic driftfile Ar driftfile
-configuration command.
-.It Fl g
-Normally,
-.Nm
-exits with a message to the system log if the offset exceeds
-the panic threshold, which is 1000 s by default.
-This option allows the time to be set to any value without restriction;
-however, this can happen only once.
-If the threshold is exceeded after that,
-.Nm
-will exit with a message to the system log.
-This option can be used with the
-.Fl q
-and
-.Fl x
-options.
-See the
-.Ic tinker
-command for other options.
-.It Fl k Ar keyfile
-Specify the name and path of the symmetric key file, default
-.Pa /etc/ntp.keys .
-This is the same operation as the
-.Ic keys Ar keyfile
-configuration command.
-.It Fl l Ar logfile
-Specify the name and path of the log file.
-The default is the system log file.
-This is the same operation as the
-.Ic logfile Ar logfile
-configuration command.
-.It Fl L
-Do not listen to virtual IPs.
-The default is to listen.
-.It Fl m
-Enable the client to synchronize to multicast servers at the IPv4 multicast
-group address 224.0.1.1.
-.It Fl n
-Do not fork.
-.It Fl N
-To the extent permitted by the operating system, run the
-.Nm
-at the highest priority.
-.It Fl p Ar pidfile
-Specify the name and path of the file used to record the
-.Nm
-process ID.
-This is the same operation as the
-.Ic pidfile Ar pidfile
-configuration command.
-.It Fl P Ar priority
-To the extent permitted by the operating system, run the
-.Nm
-at the specified priority.
-.It Fl q
-Exit the
-.Nm
-just after the first time the clock is
-set.
-This behavior mimics that of the
-.Xr ntpdate 8
-program,
-which is to be retired.
-The
-.Fl g
-and
-.Fl x
-options can
-be used with this option.
-Note: The kernel time discipline is disabled with this option.
-.It Fl r Ar broadcastdelay
-Specify the default propagation delay from the
-broadcast/multicast server to this client.
-This is necessary
-only if the delay cannot be computed automatically by the
-protocol.
-.It Fl s Ar statsdir
-Specify the directory path for files created by the statistics
-facility.
-This is the same operation as the
-.Ic statsdir Ar statsdir
-configuration command.
-.It Fl t Ar key
-Add a key number to the trusted key list.
-This option can occur more than once.
-.It Fl v Ar variable
-.It Fl V Ar variable
-Add a system variable listed by default.
-.It Fl x
-Normally, the time is slewed if the offset is less than the
-step threshold, which is 128 ms by default, and stepped if above
-the threshold.
-This option sets the threshold to 600 s,
-which is well within the accuracy window to set the clock manually.
-Note: Since the slew rate of typical Unix kernels is limited to 0.5 ms/s,
-each second of adjustment requires an amortization interval of 2000 s.
-Thus, an adjustment as much as 600 s will take almost 14 days to complete.
-This option can be used with the
-.Fl g
-and
-.Fl q
-options.
-See the
-.Ic tinker
-command for other options.
-Note: The kernel time discipline is disabled with this option.
-.El
-.Ss "How NTP Operates"
-The
-.Nm
-utility operates by exchanging messages with
-one or more configured servers at designated poll intervals.
-When
-started, whether for the first or subsequent times, the program
-requires several exchanges from the majority of these servers so
-the signal processing and mitigation algorithms can accumulate and
-groom the data and set the clock.
-In order to protect the network
-from bursts, the initial poll interval for each server is delayed
-an interval randomized over a few seconds.
-At the default initial poll
-interval of 64s, several minutes can elapse before the clock is
-set.
-The initial delay to set the clock can be reduced using the
-.Cm iburst
-keyword with the
-.Ic server
-configuration
-command, as described in
-.Xr ntp.conf 5 .
-.Pp
-Most operating systems and hardware of today incorporate a
-time-of-year (TOY) chip to maintain the time during periods when
-the power is off.
-When the machine is booted, the chip is used to
-initialize the operating system time.
-After the machine has
-synchronized to a NTP server, the operating system corrects the
-chip from time to time.
-In case there is no TOY chip or for some
-reason its time is more than 1000s from the server time,
-.Nm
-assumes something must be terribly wrong and the only
-reliable action is for the operator to intervene and set the clock
-by hand.
-This causes
-.Nm
-to exit with a panic message to
-the system log.
-The
-.Fl g
-option overrides this check and the
-clock will be set to the server time regardless of the chip time.
-However, and to protect against broken hardware, such as when the
-CMOS battery fails or the clock counter becomes defective, once the
-clock has been set, an error greater than 1000s will cause
-.Nm
-to exit anyway.
-.Pp
-Under ordinary conditions,
-.Nm
-adjusts the clock in
-small steps so that the timescale is effectively continuous and
-without discontinuities.
-Under conditions of extreme network
-congestion, the roundtrip delay jitter can exceed three seconds and
-the synchronization distance, which is equal to one-half the
-roundtrip delay plus error budget terms, can become very large.
-The
-.Nm
-algorithms discard sample offsets exceeding 128 ms,
-unless the interval during which no sample offset is less than 128
-ms exceeds 900s.
-The first sample after that, no matter what the
-offset, steps the clock to the indicated time.
-In practice this
-reduces the false alarm rate where the clock is stepped in error to
-a vanishingly low incidence.
-.Pp
-As the result of this behavior, once the clock has been set, it
-very rarely strays more than 128 ms, even under extreme cases of
-network path congestion and jitter.
-Sometimes, in particular when
-.Nm
-is first started, the error might exceed 128 ms.
-This
-may on occasion cause the clock to be set backwards if the local
-clock time is more than 128 s in the future relative to the server.
-In some applications, this behavior may be unacceptable.
-If the
-.Fl x
-option is included on the command line, the clock will
-never be stepped and only slew corrections will be used.
-.Pp
-The issues should be carefully explored before deciding to use
-the
-.Fl x
-option.
-The maximum slew rate possible is limited
-to 500 parts-per-million (PPM) as a consequence of the correctness
-principles on which the NTP protocol and algorithm design are
-based.
-As a result, the local clock can take a long time to
-converge to an acceptable offset, about 2,000 s for each second the
-clock is outside the acceptable range.
-During this interval the
-local clock will not be consistent with any other network clock and
-the system cannot be used for distributed applications that require
-correctly synchronized network time.
-.Pp
-In spite of the above precautions, sometimes when large
-frequency errors are present the resulting time offsets stray
-outside the 128-ms range and an eventual step or slew time
-correction is required.
-If following such a correction the
-frequency error is so large that the first sample is outside the
-acceptable range,
-.Nm
-enters the same state as when the
-.Pa ntp.drift
-file is not present.
-The intent of this behavior
-is to quickly correct the frequency and restore operation to the
-normal tracking mode.
-In the most extreme cases
-(
-.Cm time.ien.it
-comes to mind), there may be occasional
-step/slew corrections and subsequent frequency corrections.
-It
-helps in these cases to use the
-.Cm burst
-keyword when
-configuring the server.
-.Ss "Frequency Discipline"
-The
-.Nm
-behavior at startup depends on whether the
-frequency file, usually
-.Pa ntp.drift ,
-exists.
-This file
-contains the latest estimate of clock frequency error.
-When the
-.Nm
-is started and the file does not exist, the
-.Nm
-enters a special mode designed to quickly adapt to
-the particular system clock oscillator time and frequency error.
-This takes approximately 15 minutes, after which the time and
-frequency are set to nominal values and the
-.Nm
-enters
-normal mode, where the time and frequency are continuously tracked
-relative to the server.
-After one hour the frequency file is
-created and the current frequency offset written to it.
-When the
-.Nm
-is started and the file does exist, the
-.Nm
-frequency is initialized from the file and enters normal mode
-immediately.
-After that the current frequency offset is written to
-the file at hourly intervals.
-.Ss "Operating Modes"
-The
-.Nm
-utility can operate in any of several modes, including
-symmetric active/passive, client/server broadcast/multicast and
-manycast, as described in the
-.Qq Association Management
-page
-(available as part of the HTML documentation
-provided in
-.Pa /usr/share/doc/ntp ) .
-It normally operates continuously while
-monitoring for small changes in frequency and trimming the clock
-for the ultimate precision.
-However, it can operate in a one-time
-mode where the time is set from an external server and frequency is
-set from a previously recorded frequency file.
-A
-broadcast/multicast or manycast client can discover remote servers,
-compute server-client propagation delay correction factors and
-configure itself automatically.
-This makes it possible to deploy a
-fleet of workstations without specifying configuration details
-specific to the local environment.
-.Pp
-By default,
-.Nm
-runs in continuous mode where each of
-possibly several external servers is polled at intervals determined
-by an intricate state machine.
-The state machine measures the
-incidental roundtrip delay jitter and oscillator frequency wander
-and determines the best poll interval using a heuristic algorithm.
-Ordinarily, and in most operating environments, the state machine
-will start with 64s intervals and eventually increase in steps to
-1024s.
-A small amount of random variation is introduced in order to
-avoid bunching at the servers.
-In addition, should a server become
-unreachable for some time, the poll interval is increased in steps
-to 1024s in order to reduce network overhead.
-.Pp
-In some cases it may not be practical for
-.Nm
-to run
-continuously.
-A common workaround has been to run the
-.Xr ntpdate 8
-program from a
-.Xr cron 8
-job at designated
-times.
-However, this program does not have the crafted signal
-processing, error checking and mitigation algorithms of
-.Nm .
-The
-.Fl q
-option is intended for this purpose.
-Setting this option will cause
-.Nm
-to exit just after
-setting the clock for the first time.
-The procedure for initially
-setting the clock is the same as in continuous mode; most
-applications will probably want to specify the
-.Cm iburst
-keyword with the
-.Ic server
-configuration command.
-With this
-keyword a volley of messages are exchanged to groom the data and
-the clock is set in about 10 s.
-If nothing is heard after a
-couple of minutes, the daemon times out and exits.
-After a suitable
-period of mourning, the
-.Xr ntpdate 8
-program may be
-retired.
-.Pp
-When kernel support is available to discipline the clock
-frequency, which is the case for stock Solaris, Tru64, Linux and
-.Fx ,
-a useful feature is available to discipline the clock
-frequency.
-First,
-.Nm
-is run in continuous mode with
-selected servers in order to measure and record the intrinsic clock
-frequency offset in the frequency file.
-It may take some hours for
-the frequency and offset to settle down.
-Then the
-.Nm
-is
-stopped and run in one-time mode as required.
-At each startup, the
-frequency is read from the file and initializes the kernel
-frequency.
-.Ss "Poll Interval Control"
-This version of NTP includes an intricate state machine to
-reduce the network load while maintaining a quality of
-synchronization consistent with the observed jitter and wander.
-There are a number of ways to tailor the operation in order enhance
-accuracy by reducing the interval or to reduce network overhead by
-increasing it.
-However, the user is advised to carefully consider
-the consequences of changing the poll adjustment range from the
-default minimum of 64 s to the default maximum of 1,024 s.
-The
-default minimum can be changed with the
-.Ic tinker
-.Cm minpoll
-command to a value not less than 16 s.
-This value is used for all
-configured associations, unless overridden by the
-.Cm minpoll
-option on the configuration command.
-Note that most device drivers
-will not operate properly if the poll interval is less than 64 s
-and that the broadcast server and manycast client associations will
-also use the default, unless overridden.
-.Pp
-In some cases involving dial up or toll services, it may be
-useful to increase the minimum interval to a few tens of minutes
-and maximum interval to a day or so.
-Under normal operation
-conditions, once the clock discipline loop has stabilized the
-interval will be increased in steps from the minimum to the
-maximum.
-However, this assumes the intrinsic clock frequency error
-is small enough for the discipline loop correct it.
-The capture
-range of the loop is 500 PPM at an interval of 64s decreasing by a
-factor of two for each doubling of interval.
-At a minimum of 1,024
-s, for example, the capture range is only 31 PPM.
-If the intrinsic
-error is greater than this, the drift file
-.Pa ntp.drift
-will
-have to be specially tailored to reduce the residual error below
-this limit.
-Once this is done, the drift file is automatically
-updated once per hour and is available to initialize the frequency
-on subsequent daemon restarts.
-.Ss "The huff-n'-puff Filter"
-In scenarios where a considerable amount of data are to be
-downloaded or uploaded over telephone modems, timekeeping quality
-can be seriously degraded.
-This occurs because the differential
-delays on the two directions of transmission can be quite large.
-In
-many cases the apparent time errors are so large as to exceed the
-step threshold and a step correction can occur during and after the
-data transfer is in progress.
-.Pp
-The huff-n'-puff filter is designed to correct the apparent time
-offset in these cases.
-It depends on knowledge of the propagation
-delay when no other traffic is present.
-In common scenarios this
-occurs during other than work hours.
-The filter maintains a shift
-register that remembers the minimum delay over the most recent
-interval measured usually in hours.
-Under conditions of severe
-delay, the filter corrects the apparent offset using the sign of
-the offset and the difference between the apparent delay and
-minimum delay.
-The name of the filter reflects the negative (huff)
-and positive (puff) correction, which depends on the sign of the
-offset.
-.Pp
-The filter is activated by the
-.Ic tinker
-command and
-.Cm huffpuff
-keyword, as described in
-.Xr ntp.conf 5 .
-.Sh FILES
-.Bl -tag -width /etc/ntp.drift -compact
-.It Pa /etc/ntp.conf
-the default name of the configuration file
-.It Pa /etc/ntp.drift
-the default name of the drift file
-.It Pa /etc/ntp.keys
-the default name of the key file
-.El
-.Sh SEE ALSO
-.Xr ntp.conf 5 ,
-.Xr ntpdate 8 ,
-.Xr ntpdc 8 ,
-.Xr ntpq 8
-.Pp
-In addition to the manual pages provided,
-comprehensive documentation is available on the world wide web
-at
-.Li http://www.ntp.org/ .
-A snapshot of this documentation is available in HTML format in
-.Pa /usr/share/doc/ntp .
-.Rs
-.%A David L. Mills
-.%T Network Time Protocol (Version 1)
-.%O RFC1059
-.Re
-.Rs
-.%A David L. Mills
-.%T Network Time Protocol (Version 2)
-.%O RFC1119
-.Re
-.Rs
-.%A David L. Mills
-.%T Network Time Protocol (Version 3)
-.%O RFC1305
-.Re
-.Sh BUGS
-The
-.Nm
-utility has gotten rather fat.
-While not huge, it has gotten
-larger than might be desirable for an elevated-priority
-.Nm
-running on a workstation, particularly since many of
-the fancy features which consume the space were designed more with
-a busy primary server, rather than a high stratum workstation in
-mind.
diff --git a/usr.sbin/ntp/doc/ntpdate.8 b/usr.sbin/ntp/doc/ntpdate.8
deleted file mode 100644
index f361f17..0000000
--- a/usr.sbin/ntp/doc/ntpdate.8
+++ /dev/null
@@ -1,280 +0,0 @@
-.\"
-.\" $FreeBSD$
-.\"
-.Dd May 17, 2006
-.Dt NTPDATE 8
-.Os
-.Sh NAME
-.Nm ntpdate
-.Nd set the date and time via NTP
-.Sh SYNOPSIS
-.Nm
-.Op Fl 46bBdoqsuv
-.Op Fl a Ar key
-.Op Fl e Ar authdelay
-.Op Fl k Ar keyfile
-.Op Fl o Ar version
-.Op Fl p Ar samples
-.Op Fl t Ar timeout
-.Ar server ...
-.Sh DESCRIPTION
-.Pp
-.Em Note :
-The functionality of this program is now available
-in the
-.Xr ntpd 8
-program.
-See the
-.Fl q
-command line
-option in the
-.Xr ntpd 8
-page.
-After a suitable period of
-mourning, the
-.Nm
-utility is to be retired from this
-distribution.
-.Pp
-The
-.Nm
-utility sets the local date and time by polling the
-Network Time Protocol (NTP) server(s) given as the
-.Ar server
-arguments to determine the correct time.
-It must be run as root on
-the local host.
-A number of samples are obtained from each of the
-servers specified and a subset of the NTP clock filter and
-selection algorithms are applied to select the best of these.
-Note
-that the accuracy and reliability of
-.Nm
-depends on
-the number of servers, the number of polls each time it is run and
-the interval between runs.
-.Pp
-The following options are available:
-.Bl -tag -width indent
-.It Fl 4
-Force DNS resolution of following host names on the command line to the
-IPv4 namespace.
-.It Fl 6
-Force DNS resolution of following host names on the command line to the
-IPv6 namespace.
-.It Fl a Ar key
-Enable the authentication function and specify the key
-identifier to be used for authentication as the argument
-.Ar key .
-The keys and key identifiers must match
-in both the client and server key files.
-The default is to disable
-the authentication function.
-.It Fl B
-Force the time to always be slewed using the
-.Xr adjtime 2
-system
-call, even if the measured offset is greater than +-128 ms.
-The
-default is to step the time using
-.Xr settimeofday 2
-if the offset is
-greater than +-128 ms.
-Note that, if the offset is much greater
-than +-128 ms in this case, it can take a long time (hours) to
-slew the clock to the correct value.
-During this time, the host
-should not be used to synchronize clients.
-.It Fl b
-Force the time to be stepped using the
-.Xr settimeofday 2
-system
-call, rather than slewed (default) using the
-.Xr adjtime 2
-system call.
-This option should be used when called from a startup file at boot
-time.
-.It Fl d
-Enable the debugging mode, in which
-.Nm
-will go
-through all the steps, but not adjust the local clock.
-Information
-useful for general debugging will also be printed.
-.It Fl e Ar authdelay
-Specify the processing delay to perform an authentication
-function as the value
-.Ar authdelay ,
-in seconds and fraction
-(see
-.Xr ntpd 8
-for details).
-This number is usually small
-enough to be negligible for most purposes, though specifying a
-value may improve timekeeping on very slow CPU's.
-.It Fl k Ar keyfile
-Specify the path for the authentication key file as the string
-.Ar keyfile .
-The default is
-.Pa /etc/ntp.keys .
-This file
-should be in the format described in
-.Xr ntpd 8 .
-.It Fl o Ar version
-Specify the NTP version for outgoing packets as the integer
-.Ar version ,
-which can be 1 or 2.
-The default is 3.
-This allows
-.Nm
-to be used with older NTP versions.
-.It Fl p Ar samples
-Specify the number of samples to be acquired from each server
-as the integer
-.Ar samples ,
-with values from 1 to 8 inclusive.
-The default is 4.
-.It Fl q
-Query only - do not set the clock.
-.It Fl s
-Divert logging output from the standard output (default) to the
-system
-.Xr syslog 3
-facility.
-This is designed primarily for
-convenience of
-.Xr cron 8
-scripts.
-.It Fl t Ar timeout
-Specify the maximum time waiting for a server response as the
-value
-.Ar timeout ,
-in seconds and fraction.
-The value is
-rounded to a multiple of 0.2 seconds.
-The default is 1 second, a
-value suitable for polling across a LAN.
-.It Fl u
-Direct
-.Nm
-to use an unprivileged port for outgoing
-packets.
-This is most useful when behind a firewall that blocks
-incoming traffic to privileged ports, and you want to synchronise
-with hosts beyond the firewall.
-Note that the
-.Fl d
-option
-always uses unprivileged ports.
-.It Fl v
-Be verbose.
-This option will cause
-.Nm Ns 's
-version
-identification string to be logged.
-.El
-.Pp
-The
-.Nm
-utility can be run manually as necessary to set the
-host clock, or it can be run from the host startup script to set
-the clock at boot time.
-This is useful in some cases to set the
-clock initially before starting the NTP daemon
-.Xr ntpd 8 .
-It is
-also possible to run
-.Nm
-from a
-.Xr cron 8
-script.
-However, it is important to note that
-.Nm
-with
-contrived
-.Xr cron 8
-scripts is no substitute for the NTP
-daemon, which uses sophisticated algorithms to maximize accuracy
-and reliability while minimizing resource use.
-Finally, since
-.Nm
-does not discipline the host clock frequency as
-does
-.Xr ntpd 8 ,
-the accuracy using
-.Nm
-is
-limited.
-.Pp
-Time adjustments are made by
-.Nm
-in one of two
-ways.
-If
-.Nm
-determines the clock is in error more
-than 0.5 second it will simply step the time by calling the system
-.Xr settimeofday 2
-routine.
-If the error is less than 0.5
-seconds, it will slew the time by calling the system
-.Xr adjtime 2
-routine.
-The latter technique is less disruptive
-and more accurate when the error is small, and works quite well
-when
-.Nm
-is run by
-.Xr cron 8
-every hour or
-two.
-.Pp
-The
-.Nm
-utility will decline to set the date if an NTP server
-daemon (e.g.,
-.Xr ntpd 8 )
-is running on the same host.
-When
-running
-.Nm
-on a regular basis from
-.Xr cron 8
-as
-an alternative to running a daemon, doing so once every hour or two
-will result in precise enough timekeeping to avoid stepping the
-clock.
-.Pp
-Note that in contexts where a host name is expected, a
-.Fl 4
-qualifier preceding the host name forces DNS resolution to the
-IPv4 namespace, while a
-.Fl 6
-qualifier forces DNS resolution to the IPv6 namespace.
-.Pp
-If NetInfo support is compiled into
-.Nm ,
-then the
-.Cm server
-argument is optional if
-.Nm
-can find a
-time server in the NetInfo configuration for
-.Xr ntpd 8 .
-.Sh FILES
-.Bl -tag -width /etc/ntp.keys -compact
-.It Pa /etc/ntp.keys
-contains the encryption keys used by
-.Nm .
-.El
-.Sh SEE ALSO
-.Xr ntpd 8
-.Sh BUGS
-The slew adjustment is actually 50% larger than the measured
-offset, since this (it is argued) will tend to keep a badly
-drifting clock more accurate.
-This is probably not a good idea and
-may cause a troubling hunt for some values of the kernel variables
-.Va kern.clockrate.tick
-and
-.Va kern.clockrate.tickadj .
diff --git a/usr.sbin/ntp/doc/ntpdc.8 b/usr.sbin/ntp/doc/ntpdc.8
deleted file mode 100644
index 35ea7aa..0000000
--- a/usr.sbin/ntp/doc/ntpdc.8
+++ /dev/null
@@ -1,715 +0,0 @@
-.\"
-.\" $FreeBSD$
-.\"
-.Dd May 17, 2006
-.Dt NTPDC 8
-.Os
-.Sh NAME
-.Nm ntpdc
-.Nd special NTP query program
-.Sh SYNOPSIS
-.Nm
-.Op Fl 46ilnps
-.Op Fl c Ar command
-.Op Ar host
-.Op Ar ...
-.Sh DESCRIPTION
-The
-.Nm
-utility is used to query the
-.Xr ntpd 8
-daemon about its
-current state and to request changes in that state.
-The program may
-be run either in interactive mode or controlled using command line
-arguments.
-Extensive state and statistics information is available
-through the
-.Nm
-interface.
-In addition, nearly all the
-configuration options which can be specified at startup using
-ntpd's configuration file may also be specified at run time using
-.Nm .
-.Pp
-The following options are available:
-.Bl -tag -width indent
-.It Fl 4
-Force DNS resolution of following host names on the command line to the
-IPv4 namespace.
-.It Fl 6
-Force DNS resolution of following host names on the command line to the
-IPv6 namespace.
-.It Fl c Ar command
-The following argument is interpreted as an interactive format
-command and is added to the list of commands to be executed on the
-specified host(s).
-Multiple
-.Fl c
-options may be given.
-.It Fl i
-Force
-.Nm
-to operate in interactive mode.
-Prompts
-will be written to the standard output and commands read from the
-standard input.
-.It Fl l
-Obtain a list of peers which are known to the server(s).
-This
-switch is equivalent to
-.Ql Fl c Ar listpeers .
-.It Fl n
-Output all host addresses in dotted-quad numeric format rather
-than converting to the canonical host names.
-.It Fl p
-Print a list of the peers known to the server as well as a
-summary of their state.
-This is equivalent to
-.Ql Fn c Ar peers .
-.It Fl s
-Print a list of the peers known to the server as well as a
-summary of their state, but in a slightly different format than the
-.Fl p
-switch.
-This is equivalent to
-.Ql Fl c Ar dmpeers .
-.El
-.Pp
-If one or more request options are included on the command line
-when
-.Nm
-is executed, each of the requests will be sent
-to the NTP servers running on each of the hosts given as command
-line arguments, or on localhost by default.
-If no request options
-are given,
-.Nm
-will attempt to read commands from the
-standard input and execute these on the NTP server running on the
-first host given on the command line, again defaulting to localhost
-when no other host is specified.
-The
-.Nm
-utility will prompt for
-commands if the standard input is a terminal device.
-.Pp
-The
-.Nm
-utility uses NTP mode 7 packets to communicate with the
-NTP server, and hence can be used to query any compatible server on
-the network which permits it.
-Note that since NTP is a UDP protocol
-this communication will be somewhat unreliable, especially over
-large distances in terms of network topology.
-The
-.Nm
-utility makes
-no attempt to retransmit requests, and will time requests out if
-the remote host is not heard from within a suitable timeout
-time.
-.Pp
-The operation of
-.Nm
-are specific to the particular
-implementation of the
-.Xr ntpd 8
-daemon and can be expected to
-work only with this and maybe some previous versions of the daemon.
-Requests from a remote
-.Nm
-utility which affect the
-state of the local server must be authenticated, which requires
-both the remote program and local server share a common key and key
-identifier.
-.Pp
-Note that in contexts where a host name is expected, a
-.Fl 4
-qualifier preceding the host name forces DNS resolution to the IPv4 namespace,
-while a
-.Fl 6
-qualifier forces DNS resolution to the IPv6 namespace.
-Specifying a command line option other than
-.Fl i
-or
-.Fl n
-will cause the specified query (queries) to be sent to
-the indicated host(s) immediately.
-Otherwise,
-.Nm
-will
-attempt to read interactive format commands from the standard
-input.
-.Ss "Interactive Commands"
-Interactive format commands consist of a keyword followed by zero
-to four arguments.
-Only enough characters of the full keyword to
-uniquely identify the command need be typed.
-The output of a
-command is normally sent to the standard output, but optionally the
-output of individual commands may be sent to a file by appending a
-.Ql \&> ,
-followed by a file name, to the command line.
-.Pp
-A number of interactive format commands are executed entirely
-within the
-.Nm
-utility itself and do not result in NTP
-mode 7 requests being sent to a server.
-These are described
-following.
-.Bl -tag -width indent
-.It Ic \&? Ar command_keyword
-.It Ic help Ar command_keyword
-A
-.Sq Ic \&?
-will print a list of all the command
-keywords known to this incarnation of
-.Nm .
-A
-.Sq Ic \&?
-followed by a command keyword will print function and usage
-information about the command.
-This command is probably a better
-source of information about
-.Xr ntpq 8
-than this manual
-page.
-.It Ic delay Ar milliseconds
-Specify a time interval to be added to timestamps included in
-requests which require authentication.
-This is used to enable
-(unreliable) server reconfiguration over long delay network paths
-or between machines whose clocks are unsynchronized.
-Actually the
-server does not now require timestamps in authenticated requests,
-so this command may be obsolete.
-.It Ic host Ar hostname
-Set the host to which future queries will be sent.
-Hostname may
-be either a host name or a numeric address.
-.It Ic hostnames Op Cm yes | Cm no
-If
-.Cm yes
-is specified, host names are printed in
-information displays.
-If
-.Cm no
-is specified, numeric
-addresses are printed instead.
-The default is
-.Cm yes ,
-unless
-modified using the command line
-.Fl n
-switch.
-.It Ic keyid Ar keyid
-This command allows the specification of a key number to be
-used to authenticate configuration requests.
-This must correspond
-to a key number the server has been configured to use for this
-purpose.
-.It Ic quit
-Exit
-.Nm .
-.It Ic passwd
-This command prompts you to type in a password (which will not
-be echoed) which will be used to authenticate configuration
-requests.
-The password must correspond to the key configured for
-use by the NTP server for this purpose if such requests are to be
-successful.
-.It Ic timeout Ar milliseconds
-Specify a timeout period for responses to server queries.
-The
-default is about 8000 milliseconds.
-Note that since
-.Nm
-retries each query once after a timeout, the total waiting time for
-a timeout will be twice the timeout value set.
-.El
-.Ss "Control Message Commands"
-Query commands result in NTP mode 7 packets containing requests for
-information being sent to the server.
-These are read-only commands
-in that they make no modification of the server configuration
-state.
-.Bl -tag -width indent
-.It Ic listpeers
-Obtains and prints a brief list of the peers for which the
-server is maintaining state.
-These should include all configured
-peer associations as well as those peers whose stratum is such that
-they are considered by the server to be possible future
-synchronization candidates.
-.It Ic peers
-Obtains a list of peers for which the server is maintaining
-state, along with a summary of that state.
-Summary information
-includes the address of the remote peer, the local interface
-address (0.0.0.0 if a local address has yet to be determined), the
-stratum of the remote peer (a stratum of 16 indicates the remote
-peer is unsynchronized), the polling interval, in seconds, the
-reachability register, in octal, and the current estimated delay,
-offset and dispersion of the peer, all in seconds.
-.Pp
-The character in the left margin indicates the mode this peer
-entry is operating in.
-A
-.Ql \&+
-denotes symmetric active, a
-.Ql \&-
-indicates symmetric passive, a
-.Ql \&=
-means the
-remote server is being polled in client mode, a
-.Ql \&^
-indicates that the server is broadcasting to this address, a
-.Ql \&~
-denotes that the remote peer is sending broadcasts and a
-.Ql \&*
-marks the peer the server is currently synchronizing
-to.
-.Pp
-The contents of the host field may be one of four forms.
-It may
-be a host name, an IP address, a reference clock implementation
-name with its parameter or
-.Fn REFCLK "implementation_number" "parameter" .
-On
-.Ic hostnames
-.Cm no
-only IP-addresses
-will be displayed.
-.It Ic dmpeers
-A slightly different peer summary list.
-Identical to the output
-of the
-.Ic peers
-command, except for the character in the
-leftmost column.
-Characters only appear beside peers which were
-included in the final stage of the clock selection algorithm.
-A
-.Ql \&.
-indicates that this peer was cast off in the falseticker
-detection, while a
-.Ql \&+
-indicates that the peer made it
-through.
-A
-.Ql \&*
-denotes the peer the server is currently
-synchronizing with.
-.It Ic showpeer Ar peer_address Oo Ar ... Oc
-Shows a detailed display of the current peer variables for one
-or more peers.
-Most of these values are described in the NTP
-Version 2 specification.
-.It Ic pstats Ar peer_address Oo Ar ... Oc
-Show per-peer statistic counters associated with the specified
-peer(s).
-.It Ic clockinfo Ar clock_peer_address Oo Ar ... Oc
-Obtain and print information concerning a peer clock.
-The
-values obtained provide information on the setting of fudge factors
-and other clock performance information.
-.It Ic kerninfo
-Obtain and print kernel phase-lock loop operating parameters.
-This information is available only if the kernel has been specially
-modified for a precision timekeeping function.
-.It Ic loopinfo Op Cm oneline | Cm multiline
-Print the values of selected loop filter variables.
-The loop
-filter is the part of NTP which deals with adjusting the local
-system clock.
-The
-.Sq offset
-is the last offset given to the
-loop filter by the packet processing code.
-The
-.Sq frequency
-is the frequency error of the local clock in parts-per-million
-(ppm).
-The
-.Sq time_const
-controls the stiffness of the
-phase-lock loop and thus the speed at which it can adapt to
-oscillator drift.
-The
-.Sq watchdog timer
-value is the number
-of seconds which have elapsed since the last sample offset was
-given to the loop filter.
-The
-.Cm oneline
-and
-.Cm multiline
-options specify the format in which this
-information is to be printed, with
-.Cm multiline
-as the
-default.
-.It Ic sysinfo
-Print a variety of system state variables, i.e., state related
-to the local server.
-All except the last four lines are described
-in the NTP Version 3 specification, RFC-1305.
-.Pp
-The
-.Sq system flags
-show various system flags, some of
-which can be set and cleared by the
-.Ic enable
-and
-.Ic disable
-configuration commands, respectively.
-These are
-the
-.Cm auth ,
-.Cm bclient ,
-.Cm monitor ,
-.Cm pll ,
-.Cm pps
-and
-.Cm stats
-flags.
-See the
-.Xr ntpd 8
-documentation for the meaning of these flags.
-There
-are two additional flags which are read only, the
-.Cm kernel_pll
-and
-.Cm kernel_pps .
-These flags indicate
-the synchronization status when the precision time kernel
-modifications are in use.
-The
-.Sq kernel_pll
-indicates that
-the local clock is being disciplined by the kernel, while the
-.Sq kernel_pps
-indicates the kernel discipline is provided by the PPS
-signal.
-.Pp
-The
-.Sq stability
-is the residual frequency error remaining
-after the system frequency correction is applied and is intended for
-maintenance and debugging.
-In most architectures, this value will
-initially decrease from as high as 500 ppm to a nominal value in
-the range .01 to 0.1 ppm.
-If it remains high for some time after
-starting the daemon, something may be wrong with the local clock,
-or the value of the kernel variable
-.Va kern.clockrate.tick
-may be
-incorrect.
-.Pp
-The
-.Sq broadcastdelay
-shows the default broadcast delay,
-as set by the
-.Ic broadcastdelay
-configuration command.
-.Pp
-The
-.Sq authdelay
-shows the default authentication delay,
-as set by the
-.Ic authdelay
-configuration command.
-.It Ic sysstats
-Print statistics counters maintained in the protocol
-module.
-.It Ic memstats
-Print statistics counters related to memory allocation
-code.
-.It Ic iostats
-Print statistics counters maintained in the input-output
-module.
-.It Ic timerstats
-Print statistics counters maintained in the timer/event queue
-support code.
-.It Ic reslist
-Obtain and print the server's restriction list.
-This list is
-(usually) printed in sorted order and may help to understand how
-the restrictions are applied.
-.It Ic monlist Op Ar version
-Obtain and print traffic counts collected and maintained by the
-monitor facility.
-The version number should not normally need to be
-specified.
-.It Ic clkbug Ar clock_peer_address Oo Ar ... Oc
-Obtain debugging information for a reference clock driver.
-This
-information is provided only by some clock drivers and is mostly
-undecodable without a copy of the driver source in hand.
-.El
-.Ss "Runtime Configuration Requests"
-All requests which cause state changes in the server are
-authenticated by the server using a configured NTP key (the
-facility can also be disabled by the server by not configuring a
-key).
-The key number and the corresponding key must also be made
-known to
-.Nm .
-This can be done using the
-.Ic keyid
-and
-.Ic passwd
-commands, the latter of which will prompt at the terminal for a
-password to use as the encryption key.
-You will also be prompted
-automatically for both the key number and password the first time a
-command which would result in an authenticated request to the
-server is given.
-Authentication not only provides verification that
-the requester has permission to make such changes, but also gives
-an extra degree of protection again transmission errors.
-.Pp
-Authenticated requests always include a timestamp in the packet
-data, which is included in the computation of the authentication
-code.
-This timestamp is compared by the server to its receive time
-stamp.
-If they differ by more than a small amount the request is
-rejected.
-This is done for two reasons.
-First, it makes simple
-replay attacks on the server, by someone who might be able to
-overhear traffic on your LAN, much more difficult.
-Second, it makes
-it more difficult to request configuration changes to your server
-from topologically remote hosts.
-While the reconfiguration facility
-will work well with a server on the local host, and may work
-adequately between time-synchronized hosts on the same LAN, it will
-work very poorly for more distant hosts.
-As such, if reasonable
-passwords are chosen, care is taken in the distribution and
-protection of keys and appropriate source address restrictions are
-applied, the run time reconfiguration facility should provide an
-adequate level of security.
-.Pp
-The following commands all make authenticated requests.
-.Bl -tag -width indent
-.It Xo Ic addpeer Ar peer_address
-.Op Ar keyid
-.Op Ar version
-.Op Cm prefer
-.Xc
-Add a configured peer association at the given address and
-operating in symmetric active mode.
-Note that an existing
-association with the same peer may be deleted when this command is
-executed, or may simply be converted to conform to the new
-configuration, as appropriate.
-If the optional
-.Ar keyid
-is a
-nonzero integer, all outgoing packets to the remote server will
-have an authentication field attached encrypted with this key.
-If
-the value is 0 (or not given) no authentication will be done.
-The
-.Ar version
-can be 1, 2 or 3 and defaults to 3.
-The
-.Cm prefer
-keyword indicates a preferred peer (and thus will
-be used primarily for clock synchronisation if possible).
-The
-preferred peer also determines the validity of the PPS signal - if
-the preferred peer is suitable for synchronisation so is the PPS
-signal.
-.It Xo Ic addserver Ar peer_address
-.Op Ar keyid
-.Op Ar version
-.Op Cm prefer
-.Xc
-Identical to the addpeer command, except that the operating
-mode is client.
-.It Xo Ic broadcast Ar peer_address
-.Op Ar keyid
-.Op Ar version
-.Op Cm prefer
-.Xc
-Identical to the addpeer command, except that the operating
-mode is broadcast.
-In this case a valid key identifier and key are
-required.
-The
-.Ar peer_address
-parameter can be the broadcast
-address of the local network or a multicast group address assigned
-to NTP.
-If a multicast address, a multicast-capable kernel is
-required.
-.It Ic unconfig Ar peer_address Oo Ar ... Oc
-This command causes the configured bit to be removed from the
-specified peer(s).
-In many cases this will cause the peer
-association to be deleted.
-When appropriate, however, the
-association may persist in an unconfigured mode if the remote peer
-is willing to continue on in this fashion.
-.It Xo Ic fudge Ar peer_address
-.Op Cm time1
-.Op Cm time2
-.Op Ar stratum
-.Op Ar refid
-.Xc
-This command provides a way to set certain data for a reference
-clock.
-See the source listing for further information.
-.It Xo Ic enable
-.Oo
-.Cm auth | Cm bclient |
-.Cm calibrate | Cm kernel |
-.Cm monitor | Cm ntp |
-.Cm pps | Cm stats
-.Oc
-.Xc
-.It Xo Ic disable
-.Oo
-.Cm auth | Cm bclient |
-.Cm calibrate | Cm kernel |
-.Cm monitor | Cm ntp |
-.Cm pps | Cm stats
-.Oc
-.Xc
-These commands operate in the same way as the
-.Ic enable
-and
-.Ic disable
-configuration file commands of
-.Xr ntpd 8 .
-.Bl -tag -width indent
-.It Cm auth
-Enables the server to synchronize with unconfigured peers only
-if the peer has been correctly authenticated using either public key
-or private key cryptography.
-The default for this flag is enable.
-.It Cm bclient
-Enables the server to listen for a message from a broadcast or
-multicast server, as in the multicastclient command with
-default address.
-The default for this flag is disable.
-.It Cm calibrate
-Enables the calibrate feature for reference clocks.
-The default for this flag is disable.
-.It Cm kernel
-Enables the kernel time discipline, if available.
-The default for this flag is enable if support is available, otherwise disable.
-.It Cm monitor
-Enables the monitoring facility.
-See the
-.Xr ntpdc 8 .
-program and the monlist command or further information.
-The default for this flag is enable.
-.It Cm ntp
-Enables time and frequency discipline.
-In effect, this switch opens and closes the feedback loop,
-which is useful for testing.
-The default for this flag is enable.
-.It Cm pps
-Enables the pulse-per-second (PPS) signal when frequency
-and time is disciplined by the precision time kernel modifications.
-See the
-.Qq A Kernel Model for Precision Timekeeping
-(available as part of the HTML documentation
-provided in
-.Pa /usr/share/doc/ntp )
-page for further information.
-The default for this flag is disable.
-.It Cm stats
-Enables the statistics facility.
-See the
-.Sx Monitoring Options
-section of
-.Xr ntp.conf 5
-for further information.
-The default for this flag is disable.
-.El
-.It Xo Ic restrict Ar address Ar mask
-.Ar flag Oo Ar ... Oc
-.Xc
-This command operates in the same way as the
-.Ic restrict
-configuration file commands of
-.Xr ntpd 8 .
-.It Xo Ic unrestrict Ar address Ar mask
-.Ar flag Oo Ar ... Oc
-.Xc
-Unrestrict the matching entry from the restrict list.
-.It Xo Ic delrestrict Ar address Ar mask
-.Op Cm ntpport
-.Xc
-Delete the matching entry from the restrict list.
-.It Ic readkeys
-Causes the current set of authentication keys to be purged and
-a new set to be obtained by rereading the keys file (which must
-have been specified in the
-.Xr ntpd 8
-configuration file).
-This
-allows encryption keys to be changed without restarting the
-server.
-.It Ic trustedkey Ar keyid Oo Ar ... Oc
-.It Ic untrustedkey Ar keyid Oo Ar ... Oc
-These commands operate in the same way as the
-.Ic trustedkey
-and
-.Ic untrustedkey
-configuration file
-commands of
-.Xr ntpd 8 .
-.It Ic authinfo
-Returns information concerning the authentication module,
-including known keys and counts of encryptions and decryptions
-which have been done.
-.It Ic traps
-Display the traps set in the server.
-See the source listing for
-further information.
-.It Xo Ic addtrap Ar address
-.Op Ar port
-.Op Ar interface
-.Xc
-Set a trap for asynchronous messages.
-See the source listing
-for further information.
-.It Xo Ic clrtrap Ar address
-.Op Ar port
-.Op Ar interface
-.Xc
-Clear a trap for asynchronous messages.
-See the source listing
-for further information.
-.It Ic reset
-Clear the statistics counters in various modules of the server.
-See the source listing for further information.
-.El
-.Sh SEE ALSO
-.Xr ntp.conf 5 ,
-.Xr ntpd 8
-.Rs
-.%A David L. Mills
-.%T Network Time Protocol (Version 3)
-.%O RFC1305
-.Re
-.Sh BUGS
-The
-.Nm
-utility is a crude hack.
-Much of the information it shows is
-deadly boring and could only be loved by its implementer.
-The
-program was designed so that new (and temporary) features were easy
-to hack in, at great expense to the program's ease of use.
-Despite
-this, the program is occasionally useful.
diff --git a/usr.sbin/ntp/doc/ntpq.8 b/usr.sbin/ntp/doc/ntpq.8
deleted file mode 100644
index 0a47c76..0000000
--- a/usr.sbin/ntp/doc/ntpq.8
+++ /dev/null
@@ -1,851 +0,0 @@
-.\"
-.\" $FreeBSD$
-.\"
-.Dd May 17, 2006
-.Dt NTPQ 8
-.Os
-.Sh NAME
-.Nm ntpq
-.Nd standard NTP query program
-.Sh SYNOPSIS
-.Nm
-.Op Fl inp
-.Op Fl c Ar command
-.Op Ar host
-.Op Ar ...
-.Sh DESCRIPTION
-The
-.Nm
-utility is used to monitor NTP daemon
-.Xr ntpd 8
-operations and determine performance.
-It uses the standard NTP mode 6 control message formats
-defined in Appendix B of the NTPv3 specification RFC1305.
-The same formats are used in NTPv4, although some of the variables
-have changed and new ones added.
-The description on this page is for the NTPv4 variables.
-.Pp
-The program can be run either in interactive mode or controlled
-using command line arguments.
-Requests to read and write arbitrary variables can be assembled,
-with raw and pretty-printed output options being available.
-The
-.Nm
-can also obtain and print a list of peers in a common format
-by sendingmultiple queries to the server.
-.Pp
-If one or more request options is included on the command line
-when
-.Nm
-is executed, each of the requests will be sent
-to the NTP servers running on each of the hosts given as command
-line arguments, or on localhost by default.
-If no request options
-are given,
-.Nm
-will attempt to read commands from the
-standard input and execute these on the NTP server running on the
-first host given on the command line, again defaulting to localhost
-when no other host is specified.
-The
-.Nm
-utility will prompt for
-commands if the standard input is a terminal device.
-.Pp
-The
-.Nm
-utility uses NTP mode 6 packets to communicate with the
-NTP server, and hence can be used to query any compatible server on
-the network which permits it.
-Note that since NTP is a UDP protocol
-this communication will be somewhat unreliable, especially over
-large distances in terms of network topology.
-The
-.Nm
-utility makes
-one attempt to retransmit requests, and will time requests out if
-the remote host is not heard from within a suitable timeout
-time.
-.Pp
-For examples and usage, see the
-.Qq NTP Debugging Techniques
-page
-(available as part of the HTML documentation
-provided in
-.Pa /usr/share/doc/ntp ) .
-.Pp
-The following options are available:
-.Bl -tag -width indent
-.It Fl 4
-Force DNS resolution of following host names on the command line to the
-IPv4 namespace.
-.It Fl 6
-Force DNS resolution of following host names on the command line to the
-IPv6 namespace.
-.It Fl c
-The following argument is interpreted as an interactive format
-command and is added to the list of commands to be executed on the
-specified host(s).
-Multiple
-.Fl c
-options may be given.
-.It Fl d
-Turn on debugging mode.
-.It Fl i
-Force
-.Nm
-to operate in interactive mode.
-Prompts
-will be written to the standard output and commands read from the
-standard input.
-.It Fl n
-Output all host addresses in dotted-quad numeric format rather
-than converting to the canonical host names.
-.It Fl p
-Print a list of the peers known to the server as well as a
-summary of their state.
-This is equivalent to the
-.Ic peers
-interactive command.
-.El
-.Pp
-Note that in contexts where a host name is expected, a
-.Fl 4
-qualifier preceding the host name forces DNS resolution to the
-IPv4 namespace, while a
-.Fl 6
-qualifier forces DNS resolution to the IPv6 namespace.
-Specifying a
-command line option other than
-.Fl i
-or
-.Fl n
-will
-cause the specified query (queries) to be sent to the indicated
-host(s) immediately.
-Otherwise,
-.Nm
-will attempt to read
-interactive format commands from the standard input.
-.Ss "Internal Commands"
-Interactive format commands consist of a keyword followed by zero
-to four arguments.
-Only enough characters of the full keyword to
-uniquely identify the command need be typed.
-The output of a
-command is normally sent to the standard output, but optionally the
-output of individual commands may be sent to a file by appending a
-.Ql \&> ,
-followed by a file name, to the command line.
-A
-number of interactive format commands are executed entirely within
-the
-.Nm
-utility itself and do not result in NTP mode 6
-requests being sent to a server.
-These are described following.
-.Bl -tag -width indent
-.It Ic \&? Op Ar command_keyword
-.It Ic help Op Ar command_keyword
-A
-.Sq Ic \&?
-by itself will print a list of all the command
-keywords known to this incarnation of
-.Nm .
-A
-.Sq Ic \&?
-followed by a command keyword will print function and usage
-information about the command.
-This command is probably a better
-source of information about
-.Nm
-than this manual
-page.
-.It Xo Ic addvars
-.Ar variable_name Ns Op = Ns Ar value ...
-.Xc
-.It Ic rmvars Ar variable_name ...
-.It Ic clearvars
-The data carried by NTP mode 6 messages consists of a list of
-items of the form
-.Ql variable_name=value ,
-where the
-.Ql =value
-is ignored, and can be omitted,
-in requests to the server to read variables.
-The
-.Nm
-utility maintains an internal list in which data to be included in control
-messages can be assembled, and sent using the
-.Ic readlist
-and
-.Ic writelist
-commands described below.
-The
-.Ic addvars
-command allows variables and their optional values to be added to
-the list.
-If more than one variable is to be added, the list should
-be comma-separated and not contain white space.
-The
-.Ic rmvars
-command can be used to remove individual variables from the list,
-while the
-.Ic clearlist
-command removes all variables from the
-list.
-.It Ic cooked
-Causes output from query commands to be "cooked", so that
-variables which are recognized by
-.Nm
-will have their
-values reformatted for human consumption.
-Variables which
-.Nm
-thinks should have a decodable value but did not are
-marked with a trailing
-.Ql \&? .
-.It Xo Ic debug
-.Cm more |
-.Cm less |
-.Cm off
-.Xc
-Turns internal query program debugging on and off.
-.It Ic delay Ar milliseconds
-Specify a time interval to be added to timestamps included in
-requests which require authentication.
-This is used to enable
-(unreliable) server reconfiguration over long delay network paths
-or between machines whose clocks are unsynchronized.
-Actually the
-server does not now require timestamps in authenticated requests,
-so this command may be obsolete.
-.It Ic host Ar hostname
-Set the host to which future queries will be sent.
-Hostname may
-be either a host name or a numeric address.
-.It Ic hostnames Cm yes | Cm no
-If
-.Cm yes
-is specified, host names are printed in
-information displays.
-If
-.Cm no
-is specified, numeric
-addresses are printed instead.
-The default is
-.Cm yes ,
-unless
-modified using the command line
-.Fl n
-switch.
-.It Ic keyid Ar keyid
-This command specifies the key number to be used to authenticate
-configuration requests.
-This must correspond to a key number the server has
-been configured to use for this purpose.
-.It Xo Ic ntpversion
-.Cm 1 |
-.Cm 2 |
-.Cm 3 |
-.Cm 4
-.Xc
-Sets the NTP version number which
-.Nm
-claims in
-packets.
-Defaults to 3, Note that mode 6 control messages (and
-modes, for that matter) did not exist in NTP version 1.
-There appear
-to be no servers left which demand version 1.
-.It Ic passwd
-This command prompts for a password (which will not be echoed) which will
-be used to authenticate configuration requests.
-The password must
-correspond to the key configured for NTP server for this purpose.
-.It Ic quit
-Exit
-.Nm .
-.It Ic raw
-Causes all output from query commands is printed as received
-from the remote server.
-The only formatting/interpretation done on
-the data is to transform nonascii data into a printable (but barely
-understandable) form.
-.It Ic timeout Ar milliseconds
-Specify a timeout period for responses to server queries.
-The
-default is about 5000 milliseconds.
-Note that since
-.Nm
-retries each query once after a timeout, the total waiting time for
-a timeout will be twice the timeout value set.
-.El
-.Ss Control Message Commands
-Each association known to an NTP server has a 16 bit integer association
-identifier.
-NTP control messages which carry peer variables must identify the
-peer the values correspond to by including its association ID.
-An association
-ID of 0 is special, and indicates the variables are system variables, whose
-names are drawn from a separate name space.
-.Pp
-Control message commands result in one or more NTP mode 6
-messages being sent to the server, and cause the data returned to
-be printed in some format.
-Most commands currently implemented send
-a single message and expect a single response.
-The current
-exceptions are the peers command, which will send a preprogrammed
-series of messages to obtain the data it needs, and the mreadlist
-and mreadvar commands, which will iterate over a range of
-associations.
-.Bl -tag -width indent
-.It Ic associations
-Obtains and prints a list of association identifiers and peer
-statuses for in-spec peers of the server being queried.
-The list is
-printed in columns.
-The first of these is an index numbering the
-associations from 1 for internal use, the second the actual
-association identifier returned by the server and the third the
-status word for the peer.
-This is followed by a number of columns
-containing data decoded from the status word.
-See the peers command
-for a decode of the
-.Sq condition
-field.
-Note that the data
-returned by the
-.Ic associations
-command is cached internally
-in
-.Nm .
-The index is then of use when dealing with stupid
-servers which use association identifiers which are hard for humans
-to type, in that for any subsequent commands which require an
-association identifier as an argument, the form and index may be
-used as an alternative.
-.It Xo Ic clockvar Op Ar assocID
-.Oo
-.Ar variable_name Ns Op = Ns Ar value ...
-.Oc
-.Ar ...
-.Xc
-.It Xo Ic cv Op Ar assocID
-.Oo
-.Ar variable_name Ns Op = Ns Ar value ...
-.Oc
-.Ar ...
-.Xc
-Requests that a list of the server's clock variables be sent.
-Servers which have a radio clock or other external synchronization
-will respond positively to this.
-If the association identifier is
-omitted or zero the request is for the variables of the
-.Sq system clock
-and will generally get a positive response from all
-servers with a clock.
-If the server treats clocks as pseudo-peers,
-and hence can possibly have more than one clock connected at once,
-referencing the appropriate peer association ID will show the
-variables of a particular clock.
-Omitting the variable list will
-cause the server to return a default variable display.
-.It Ic lassociations
-Obtains and prints a list of association identifiers and peer
-statuses for all associations for which the server is maintaining
-state.
-This command differs from the
-.Ic associations
-command
-only for servers which retain state for out-of-spec client
-associations (i.e., fuzzballs).
-Such associations are normally
-omitted from the display when the
-.Ic associations
-command is
-used, but are included in the output of
-.Ic lassociations .
-.It Ic lpassociations
-Print data for all associations, including out-of-spec client
-associations, from the internally cached list of associations.
-This
-command differs from
-.Ic passociations
-only when dealing with
-fuzzballs.
-.It Ic lpeers
-Like R peers, except a summary of all associations for which
-the server is maintaining state is printed.
-This can produce a much
-longer list of peers from fuzzball servers.
-.It Ic mreadlist Ar assocID Ar assocID
-.It Ic mrl Ar assocID Ar assocID
-Like the
-.Ic readlist
-command, except the query is done
-for each of a range of (nonzero) association IDs.
-This range is
-determined from the association list cached by the most recent
-.Ic associations
-command.
-.It Xo Ic mreadvar Ar assocID Ar assocID
-.Oo
-.Ar variable_name Ns Op = Ns Ar value ...
-.Oc
-.Xc
-.It Xo Ic mrv Ar assocID Ar assocID
-.Oo
-.Ar variable_name Ns Op = Ns Ar value ...
-.Oc
-.Xc
-Like the
-.Ic readvar
-command, except the query is done for
-each of a range of (nonzero) association IDs.
-This range is
-determined from the association list cached by the most recent
-.Ic associations
-command.
-.It Ic opeers
-An old form of the
-.Ic peers
-command with the reference ID
-replaced by the local interface address.
-.It Ic passociations
-Displays association data concerning in-spec peers from the
-internally cached list of associations.
-This command performs
-identically to the
-.Ic associations
-except that it displays
-the internally stored data rather than making a new query.
-.It Ic peers
-Obtains a current list peers of the server, along with a
-summary of each peer's state.
-Summary information includes the
-address of the remote peer, the reference ID (0.0.0.0 if this is
-unknown), the stratum of the remote peer, the type of the peer
-(local, unicast, multicast or broadcast), when the last packet was
-received, the polling interval, in seconds, the reachability
-register, in octal, and the current estimated delay,
-offset and dispersion of the peer, all in milliseconds.
-The character at the left margin of each line shows the
-synchronization status of the association and is a valuable
-diagnostic tool.
-The encoding and meaning of this character,
-called the tally code, is given later in this page.
-.It Ic pstatus Ar assocID
-Sends a read status request to the server for the given
-association.
-The names and values of the peer variables returned
-will be printed.
-Note that the status word from the header is
-displayed preceding the variables, both in hexadecimal and in
-pidgeon English.
-.It Ic readlist Ar assocID
-.It Ic rl Ar assocID
-Requests that the values of the variables in the internal
-variable list be returned by the server.
-If the association ID is
-omitted or is 0 the variables are assumed to be system variables.
-Otherwise they are treated as peer variables.
-If the internal
-variable list is empty a request is sent without data, which should
-induce the remote server to return a default display.
-.It Xo Ic readvar Ar assocID
-.Ar variable_name Ns Op = Ns Ar value
-.Ar ...
-.Xc
-.It Xo Ic rv Ar assocID
-.Ar variable_name Ns Op = Ns Ar value
-.Ar ...
-.Xc
-Requests that the values of the specified variables be returned
-by the server by sending a read variables request.
-If the
-association ID is omitted or is given as zero the variables are
-system variables, otherwise they are peer variables and the values
-returned will be those of the corresponding peer.
-Omitting the
-variable list will send a request with no data which should induce
-the server to return a default display.
-The
-encoding and meaning of the variables derived from NTPv3 is given in
-RFC-1305; the encoding and meaning of the additional NTPv4 variables are
-given later in this page.
-.It Xo Ic writevar Ar assocID
-.Ar variable_name Ns Op = Ns Ar value
-.Ar ...
-.Xc
-Like the readvar request, except the specified variables are
-written instead of read.
-.It Ic writelist Op Ar assocID
-Like the readlist request, except the internal list variables
-are written instead of read.
-.El
-.Ss Tally Codes
-The character in the left margin in the
-.Sq peers
-billboard,
-called the tally code, shows the fate of each association
-in the clock selection process.
-Following is a list of these characters, the pigeon used
-in the
-.Ic rv
-command, and a short explanation of the condition revealed.
-.Bl -tag -width indent
-.It space
-.Pq reject
-The peer is discarded as unreachable, synchronized to this server (synch
-loop) or outrageous synchronization distance.
-.It x
-.Pq falsetick
-The peer is discarded by the intersection algorithm as a falseticker.
-.It \&.
-.Pq excess
-The peer is discarded as not among the first ten peers sorted by
-synchronization distance and so is probably a poor candidate for further
-consideration.
-.It \&-
-.Pq outlyer
-The peer is discarded by the clustering algorithm as an outlyer.
-.It \&+
-.Pq candidat
-The peer is a survivor and a candidate for the combining algorithm.
-.It \&#
-.Pq selected
-The peer is a survivor, but not among the first six peers sorted by
-synchronization distance.
-If the association is ephemeral, it may be
-demobilized to conserve resources.
-.It \&*
-.Pq sys.peer
-The peer has been declared the system peer and lends its variables to the
-system variables.
-.It o
-.Pq pps.peer
-The peer has been declared the system peer and lends its variables to
-the system variables.
-However, the actual system synchronization is derived
-from a pulse-per-second (PPS) signal, either indirectly via the PPS
-reference clock driver or directly via kernel interface.
-.El
-.Ss System Variables
-The
-.Cm status ,
-.Cm leap ,
-.Cm stratum ,
-.Cm precision ,
-.Cm rootdelay ,
-.Cm rootdispersion ,
-.Cm refid ,
-.Cm reftime ,
-.Cm poll ,
-.Cm offset ,
-and
-.Cm frequency
-variables are described in RFC-1305
-specification.
-Additional NTPv4 system variables include the following.
-.Bl -tag -width indent
-.It version
-Everything you might need to know about the software version and generation
-time.
-.It processor
-The processor and kernel identification string.
-.It system
-The operating system version and release identifier.
-.It state
-The state of the clock discipline state machine.
-The values are described
-in the architecture briefing on the NTP Project page linked from
-www.ntp.org.
-.It peer
-The internal integer used to identify the association currently designated
-the system peer.
-.It jitter
-The estimated time error of the system clock measured as an exponential
-average of RMS time differences.
-.It stability
-The estimated frequency stability of the system clock measured as an
-exponential average of RMS frequency differences.
-.El
-.Pp
-When the NTPv4 daemon is compiled with the OpenSSL software library, additional
-system variables are displayed, including some or all of the following,
-depending on the particular dance:
-.Bl -tag -width indent
-.It flags
-The current flags word bits and message digest algorithm identifier (NID)
-in hex format.
-The high order 16 bits of the four-byte word contain the NID
-from the OpenSSL ligrary, while the low-order bits are interpreted as
-follows:
-.Bl -tag -width indent
-.It 0x01
-autokey enabled
-.It 0x02
-NIST leapseconds file loaded
-.It 0x10
-PC identity scheme
-.It 0x20
-IFF identity scheme
-.It 0x40
-GQ identity scheme
-.El
-.It hostname
-The name of the host as returned by the Unix
-.Fn gethostname
-library
-function.
-.It hostkey
-The NTP filestamp of the host key file.
-.It cert
-A list of certificates held by the host.
-Each entry includes the subject,
-issuer, flags and NTP filestamp in order.
-The bits are interpreted as
-follows:
-.Bl -tag -width indent
-.It 0x01
-certificate has been signed by the server
-.It 0x02
-certificate is trusted
-.It 0x04
-certificate is private
-.It 0x08
-certificate contains errors and should not be trusted
-.El
-.It leapseconds
-The NTP filestamp of the NIST leapseconds file.
-.It refresh
-The NTP timestamp when the host public cryptographic values were refreshed
-and signed.
-.It signature
-The host digest/signature scheme name from the OpenSSL library.
-.It tai
-The TAI-UTC offset in seconds obtained from the NIST leapseconds table.
-.El
-.Ss Peer Variables
-The
-.Cm status ,
-.Cm srcadr ,
-.Cm srcport ,
-.Cm dstadr ,
-.Cm dstport ,
-.Cm leap ,
-.Cm stratum ,
-.Cm precision ,
-.Cm rootdelay ,
-.Cm rootdispersion ,
-.Cm readh ,
-.Cm hmode ,
-.Cm pmode ,
-.Cm hpoll ,
-.Cm ppoll ,
-.Cm offset ,
-.Cm delay ,
-.Cm dspersion ,
-.Cm reftime
-variables are described in the RFC-1305 specification, as
-are the timestamps
-.Cm org ,
-.Cm rec
-and
-.Cm xmt .
-Additional NTPv4 system variables include
-the following.
-.Bl -tag -width indent
-.It flash
-The flash code for the most recent packet received.
-The encoding and
-meaning of these codes is given later in this page.
-.It jitter
-The estimated time error of the peer clock measured as an exponential
-average of RMS time differences.
-.It unreach
-The value of the counter which records the number of poll intervals since
-the last valid packet was received.
-.El
-.Pp
-When the NTPv4 daemon is compiled with the OpenSSL software library, additional
-peer variables are displayed, including the following:
-.Bl -tag -width indent
-.It flags
-The current flag bits.
-This word is the server host status word with
-additional bits used by the Autokey state machine.
-See the source code for
-the bit encoding.
-.It hostname
-The server host name.
-.It initkey Ar key
-The initial key used by the key list generator in the Autokey protocol.
-.It initsequence Ar index
-The initial index used by the key list generator in the Autokey protocol.
-.It signature
-The server message digest/signature scheme name from the OpenSSL software
-library.
-.It timestamp Ar time
-The NTP timestamp when the last Autokey key list was generated and signed.
-.El
-.Ss Flash Codes
-The
-.Cm flash
-code is a valuable debugging aid displayed in the peer variables
-list.
-It shows the results of the original sanity checks defined in the NTP
-specification RFC-1305 and additional ones added in NTPv4.
-There are 12 tests
-designated
-.Sy TEST1
-through
-.Sy TEST12 .
-The tests are performed in a certain order
-designed to gain maximum diagnostic information while protecting against
-accidental or malicious errors.
-The
-.Sy flash
-variable is initialized to zero as
-each packet is received.
-If after each set of tests one or more bits are set,
-the packet is discarded.
-.Pp
-Tests
-.Sy TEST1
-through
-.Sy TEST3
-check the packet timestamps from which the offset and
-delay are calculated.
-If any bits are set, the packet is discarded; otherwise,
-the packet header variables are saved.
-.Sy TEST4
-and
-.Sy TEST5
-are associated with
-access control and cryptographic authentication.
-If any bits are set, the
-packet is discarded immediately with nothing changed.
-.Pp
-Tests
-.Sy TEST6
-through
-.Sy TEST8
-check the health of the server.
-If any bits are set,
-the packet is discarded; otherwise, the offset and delay relative to the server
-are calculated and saved.
-TEST9 checks the health of the association itself.
-If
-any bits are set, the packet is discarded; otherwise, the saved variables are
-passed to the clock filter and mitigation algorithms.
-.Pp
-Tests
-.Sy TEST10
-through
-.Sy TEST12
-check the authentication state using Autokey
-public-key cryptography, as described in the
-.Sx Authentication Options
-section of
-.Xr ntp.conf 5 .
-If
-any bits are set and the association has previously been marked reachable, the
-packet is discarded; otherwise, the originate and receive timestamps are saved,
-as required by the NTP protocol, and processing continues.
-.Pp
-The
-.Cm flash
-bits for each test are defined as follows.
-.Bl -tag -width indent
-.It 0x001
-.Pq TEST1
-Duplicate packet.
-The packet is at best a casual retransmission and at
-worst a malicious replay.
-.It 0x002
-.Pq TEST2
-Bogus packet.
-The packet is not a reply to a message previously sent.
-This
-can happen when the NTP daemon is restarted and before somebody else
-notices.
-.It 0x004
-.Pq TEST3
-Unsynchronized.
-One or more timestamp fields are invalid.
-This normally
-happens when the first packet from a peer is received.
-.It 0x008
-.Pq TEST4
-Access is denied.
-See the
-.Sx Access Control Support
-section of
-.Xr ntp.conf 5 .
-.It 0x010
-.Pq TEST5
-Cryptographic authentication fails.
-See the
-.Sx Authentication Options
-section of
-.Xr ntp.conf 5 .
-.It 0x020
-.Pq TEST6
-The server is unsynchronized.
-Wind up its clock first.
-.It 0x040
-.Pq TEST7
-The server stratum is at the maximum than 15.
-It is probably unsynchronized
-and its clock needs to be wound up.
-.It 0x080
-.Pq TEST8
-Either the root delay or dispersion is greater than one second, which is
-highly unlikely unless the peer is unsynchronized to Mars.
-.It 0x100
-.Pq TEST9
-Either the peer delay or dispersion is greater than one second, which is
-higly unlikely unless the peer is on Mars.
-.It 0x200
-.Pq TEST10
-The autokey protocol has detected an authentication failure.
-See the
-.Sx Authentication Options
-section of
-.Xr ntp.conf 5 .
-.It 0x400
-.Pq TEST11
-The autokey protocol has not verified the server or peer is proventic and
-has valid public key credentials.
-See the
-.Sx Authentication Options
-section of
-.Xr ntp.conf 5 .
-.It 0x800
-.Pq TEST12
-A protocol or configuration error has occurred in the public key algorithms
-or a possible intrusion event has been detected.
-See the
-.Sx Authentication Options
-section of
-.Xr ntp.conf 5 .
-.El
-.Sh SEE ALSO
-.Xr ntp.conf 5 ,
-.Xr ntpd 8 ,
-.Xr ntpdc 8
-.Sh BUGS
-The
-.Ic peers
-command is non-atomic and may occasionally result in
-spurious error messages about invalid associations occurring and
-terminating the command.
-The timeout time is a fixed constant,
-which means you wait a long time for timeouts since it assumes sort
-of a worst case.
-The program should improve the timeout estimate as
-it sends queries to a particular host, but does not.
diff --git a/usr.sbin/ntp/doc/ntptime.8 b/usr.sbin/ntp/doc/ntptime.8
deleted file mode 100644
index f130307..0000000
--- a/usr.sbin/ntp/doc/ntptime.8
+++ /dev/null
@@ -1,69 +0,0 @@
-.\"
-.\" $FreeBSD$
-.\"
-.Dd January 7, 2000
-.Dt NTPTIME 8
-.Os
-.Sh NAME
-.Nm ntptime
-.Nd read kernel time variables
-.Sh SYNOPSIS
-.Nm
-.Op Fl chr
-.Op Fl e Ar est_error
-.Op Fl f Ar frequency
-.Op Fl m Ar max_error
-.Op Fl o Ar offset
-.Op Fl s Ar status
-.Op Fl t Ar time_constant
-.Sh DESCRIPTION
-The
-.Nm
-utility is useful only with special kernels
-described in the
-.Qo
-A Kernel Model for Precision Timekeeping
-.Qc
-page
-(available as part of the HTML documentation
-provided in
-.Pa /usr/share/doc/ntp ) .
-It reads and displays time-related kernel variables
-using the
-.Fn gettime
-and
-.Xr adjtime 2
-system calls if available.
-A similar display can be obtained using the
-.Xr ntpdc 8
-program's
-.Ic kerninfo
-command.
-.Pp
-The following options are available:
-.Bl -tag -width indent
-.It Fl c
-Display the execution time of
-.Nm
-itself.
-.It Fl e Ar est_error
-Specify estimated error, in microseconds.
-.It Fl f Ar frequency
-Specify frequency offset, in parts per million.
-.It Fl h
-Display help information.
-.It Fl l
-Specify the leap bits as a code from 0 to 3.
-.It Fl m Ar max_error
-Specify max possible errors, in microseconds.
-.It Fl o Ar offset
-Specify clock offset, in microseconds.
-.It Fl r
-Display Unix and NTP times in raw format.
-.It Fl s Ar status
-.It Fl t Ar time_constant
-Specify time constant, an integer in the range 0-4.
-.El
-.Sh SEE ALSO
-.Xr adjtime 2 ,
-.Xr ntpdc 8
diff --git a/usr.sbin/ntp/doc/ntptrace.8 b/usr.sbin/ntp/doc/ntptrace.8
deleted file mode 100644
index 554a3c0..0000000
--- a/usr.sbin/ntp/doc/ntptrace.8
+++ /dev/null
@@ -1,76 +0,0 @@
-.\"
-.\" $FreeBSD$
-.\"
-.Dd January 6, 2000
-.Dt NTPTRACE 8
-.Os
-.Sh NAME
-.Nm ntptrace
-.Nd "trace a chain of NTP servers back to the primary source"
-.Sh SYNOPSIS
-.Nm
-.Op Fl vdn
-.Op Fl r Ar retries
-.Op Fl t Ar timeout
-.Op Ar server
-.Sh DESCRIPTION
-The
-.Nm
-utility determines where a given Network Time Protocol (NTP) server gets
-its time from, and follows the chain of NTP servers back to their
-master time source.
-If given no arguments, it starts with
-.Dq localhost .
-.Pp
-Here is an example of the output from
-.Nm :
-.Bd -literal
-% ntptrace
-localhost: stratum 4, offset 0.0019529, synch distance 0.144135
-server2ozo.com: stratum 2, offset 0.0124263, synch distance 0.115784
-usndh.edu: stratum 1, offset 0.0019298, synch distance 0.011993, refid 'WWVB'
-.Ed
-.Pp
-On each line, the fields are (left to right): the host name, the
-host stratum,
-the time offset between that host and the local host
-(as measured by
-.Nm ;
-this is why it is not always zero for
-.Dq localhost ) ,
-the host
-synchronization distance,
-and (only for stratum-1 servers) the reference clock ID.
-All times
-are given in seconds.
-Note that the stratum is the server hop count to the primary source,
-while the synchronization distance is the estimated error
-relative to the primary source.
-These terms are precisely defined in RFC 1305.
-.Pp
-The following options are available:
-.Bl -tag -width indent
-.It Fl d
-Turn on some debugging output.
-.It Fl n
-Turn off the printing of host names; instead, host IP addresses
-are given.
-This may be necessary if a nameserver is down.
-.It Fl r Ar retries
-Set the number of retransmission attempts for each host; the default is 5.
-.It Fl t Ar timeout
-Set the retransmission timeout (in seconds); the default is 2.
-.It Fl v
-Print verbose information about the NTP servers.
-.El
-.Sh SEE ALSO
-.Xr ntpd 8 ,
-.Xr ntpdc 8
-.Rs
-.%A D L Mills
-.%T Network Time Protocol (Version 3)
-.%O RFC1305
-.Re
-.Sh BUGS
-This program makes no attempt to improve accuracy by doing multiple
-samples.
OpenPOWER on IntegriCloud