diff options
Diffstat (limited to 'usr.sbin/ntp')
56 files changed, 11889 insertions, 0 deletions
diff --git a/usr.sbin/ntp/Makefile b/usr.sbin/ntp/Makefile new file mode 100644 index 0000000..ad5b523 --- /dev/null +++ b/usr.sbin/ntp/Makefile @@ -0,0 +1,18 @@ +# Makefile for ntpd. +# $FreeBSD$ + +SUBDIR= libopts libntp libntpevent libparse ntpd ntpdc ntpq ntpdate \ + ntptime ntp-keygen sntp +SUBDIR+= doc + +SUBDIR_DEPEND_ntpd= libntp libopts libparse +SUBDIR_DEPEND_ntpdate= libntp +SUBDIR_DEPEND_ntpdc= libntp libopts +SUBDIR_DEPEND_ntpq= libntp libopts +SUBDIR_DEPEND_ntptime= libntp +SUBDIR_DEPEND_ntp-keygen= libntp libopts +SUBDIR_DEPEND_sntp= libntp libntpevent libopts + +SUBDIR_PARALLEL= + +.include <bsd.subdir.mk> diff --git a/usr.sbin/ntp/Makefile.inc b/usr.sbin/ntp/Makefile.inc new file mode 100644 index 0000000..274ec39 --- /dev/null +++ b/usr.sbin/ntp/Makefile.inc @@ -0,0 +1,19 @@ +# $FreeBSD$ + +.include <src.opts.mk> + +DEFS_LOCAL= -DPARSE -DHAVE_CONFIG_H +NTPDEFS= -DSYS_FREEBSD +# CLOCKDEFS= +# -DLOCAL_CLOCK -DPST -DWWVB -DAS2201 -DGOES -DGPSTM -DOMEGA \ +# -DLEITCH -DTRAK -DACTS -DATOM -DDATUM -DHEATH -DMSFEES \ +# -DMX4200 -DNMEA -DBOEDER +CFLAGS+= ${NTPDEFS} ${DEFS_LOCAL} ${CLOCKDEFS} + +.if ${MK_OPENSSL} != "no" && !defined(RELEASE_CRUNCH) +CFLAGS+= -DOPENSSL -DUSE_OPENSSL_CRYPTO_RAND -DAUTOKEY +.endif + +WARNS?= 0 + +.include "../Makefile.inc" diff --git a/usr.sbin/ntp/config.h b/usr.sbin/ntp/config.h new file mode 100644 index 0000000..5a51e0a --- /dev/null +++ b/usr.sbin/ntp/config.h @@ -0,0 +1,1789 @@ +/* config.h. Generated from config.h.in by configure. */ +/* config.h.in. Generated from configure.ac by autoheader. */ +/* $FreeBSD$ */ + +/* Define if building universal (internal helper macro) */ +/* #undef AC_APPLE_UNIVERSAL_BUILD */ + +/* Is adjtime() accurate? */ +/* #undef ADJTIME_IS_ACCURATE */ + +/* Support NTP Autokey protocol? */ +/* #define AUTOKEY 1 */ + +/* why not HAVE_P_S? */ +/* #undef CALL_PTHREAD_SETCONCURRENCY */ + +/* ACTS modem service */ +#define CLOCK_ACTS 1 + +/* Arbiter 1088A/B GPS receiver */ +#define CLOCK_ARBITER 1 + +/* ARCRON support? */ +#define CLOCK_ARCRON_MSF 1 + +/* Austron 2200A/2201A GPS receiver? */ +#define CLOCK_AS2201 1 + +/* PPS interface? */ +#define CLOCK_ATOM 1 + +/* Datum/Bancomm bc635/VME interface? */ +/* #undef CLOCK_BANC */ + +/* Chronolog K-series WWVB receiver? */ +#define CLOCK_CHRONOLOG 1 + +/* CHU modem/decoder */ +#define CLOCK_CHU 1 + +/* Diems Computime Radio Clock? */ +/* #undef CLOCK_COMPUTIME */ + +/* Datum Programmable Time System? */ +#define CLOCK_DATUM 1 + +/* ELV/DCF7000 clock? */ +/* #undef CLOCK_DCF7000 */ + +/* Dumb generic hh:mm:ss local clock? */ +#define CLOCK_DUMBCLOCK 1 + +/* Forum Graphic GPS datating station driver? */ +#define CLOCK_FG 1 + +/* GPSD JSON receiver */ +#define CLOCK_GPSDJSON 1 + +/* TrueTime GPS receiver/VME interface? */ +/* #undef CLOCK_GPSVME */ + +/* Heath GC-1000 WWV/WWVH receiver? */ +#define CLOCK_HEATH 1 + +/* HOPF 6021 clock? */ +/* #undef CLOCK_HOPF6021 */ + +/* HOPF PCI clock device? */ +#define CLOCK_HOPF_PCI 1 + +/* HOPF serial clock device? */ +#define CLOCK_HOPF_SERIAL 1 + +/* HP 58503A GPS receiver? */ +#define CLOCK_HPGPS 1 + +/* IRIG audio decoder? */ +#define CLOCK_IRIG 1 + +/* JJY receiver? */ +#define CLOCK_JJY 1 + +/* Rockwell Jupiter GPS clock? */ +#define CLOCK_JUPITER 1 + +/* Leitch CSD 5300 Master Clock System Driver? */ +#define CLOCK_LEITCH 1 + +/* local clock reference? */ +#define CLOCK_LOCAL 1 + +/* Meinberg clocks */ +#define CLOCK_MEINBERG 1 + +/* Magnavox MX4200 GPS receiver */ +/* #undef CLOCK_MX4200 */ + +/* NeoClock4X */ +#define CLOCK_NEOCLOCK4X 1 + +/* NMEA GPS receiver */ +#define CLOCK_NMEA 1 + +/* Motorola UT Oncore GPS */ +#define CLOCK_ONCORE 1 + +/* Palisade clock */ +#define CLOCK_PALISADE 1 + +/* PARSE driver interface */ +#define CLOCK_PARSE 1 + +/* Conrad parallel port radio clock */ +#define CLOCK_PCF 1 + +/* PCL 720 clock support */ +/* #undef CLOCK_PPS720 */ + +/* PST/Traconex 1020 WWV/WWVH receiver */ +#define CLOCK_PST 1 + +/* DCF77 raw time code */ +#define CLOCK_RAWDCF 1 + +/* RCC 8000 clock */ +/* #undef CLOCK_RCC8000 */ + +/* RIPE NCC Trimble clock */ +/* #undef CLOCK_RIPENCC */ + +/* Schmid DCF77 clock */ +/* #undef CLOCK_SCHMID */ + +/* SEL240X protocol */ +/* #undef CLOCK_SEL240X */ + +/* clock thru shared memory */ +#define CLOCK_SHM 1 + +/* Spectracom 8170/Netclock/2 WWVB receiver */ +#define CLOCK_SPECTRACOM 1 + +/* KSI/Odetics TPRO/S GPS receiver/IRIG interface */ +/* #undef CLOCK_TPRO */ + +/* Trimble GPS receiver/TAIP protocol */ +/* #undef CLOCK_TRIMTAIP */ + +/* Trimble GPS receiver/TSIP protocol */ +/* #undef CLOCK_TRIMTSIP */ + +/* Kinemetrics/TrueTime receivers */ +#define CLOCK_TRUETIME 1 + +/* Spectracom TSYNC timing board */ +/* #undef CLOCK_TSYNCPCI */ + +/* TrueTime 560 IRIG-B decoder? */ +/* #undef CLOCK_TT560 */ + +/* Ultralink M320 WWVB receiver? */ +#define CLOCK_ULINK 1 + +/* VARITEXT clock */ +/* #undef CLOCK_VARITEXT */ + +/* WHARTON 400A Series clock */ +/* #undef CLOCK_WHARTON_400A */ + +/* WWV audio driver */ +#define CLOCK_WWV 1 + +/* Zyfer GPStarplus */ +#define CLOCK_ZYFER 1 + +/* Define to one of `_getb67', `GETB67', `getb67' for Cray-2 and Cray-YMP + systems. This function is required for `alloca.c' support on those systems. + */ +/* #undef CRAY_STACKSEG_END */ + +/* Define to 1 if using `alloca.c'. */ +/* #undef C_ALLOCA */ + +/* Enable debugging code? */ +#define DEBUG 1 + +/* Enable processing time debugging? */ +/* #undef DEBUG_TIMING */ + +/* Declaration style */ +/* #undef DECL_ADJTIME_0 */ + +/* Declaration style */ +/* #undef DECL_BCOPY_0 */ + +/* Declaration style */ +/* #undef DECL_BZERO_0 */ + +/* Declaration style */ +/* #undef DECL_CFSETISPEED_0 */ + +/* Declare errno? */ +/* #undef DECL_ERRNO */ + +/* Declaration style */ +/* #undef DECL_HSTRERROR_0 */ + +/* Declare h_errno? */ +#define DECL_H_ERRNO 1 + +/* Declaration style */ +/* #undef DECL_INET_NTOA_0 */ + +/* Declaration style */ +/* #undef DECL_IOCTL_0 */ + +/* Declaration style */ +/* #undef DECL_IPC_0 */ + +/* Declaration style */ +/* #undef DECL_MEMMOVE_0 */ + +/* Declaration style */ +/* #undef DECL_MKSTEMP_0 */ + +/* Declaration style */ +/* #undef DECL_MKTEMP_0 */ + +/* Declaration style */ +/* #undef DECL_NLIST_0 */ + +/* Declaration style */ +/* #undef DECL_PLOCK_0 */ + +/* Declaration style */ +/* #undef DECL_RENAME_0 */ + +/* Declaration style */ +/* #undef DECL_SELECT_0 */ + +/* Declaration style */ +/* #undef DECL_SETITIMER_0 */ + +/* Declaration style */ +/* #undef DECL_SETPRIORITY_0 */ + +/* Declaration style */ +/* #undef DECL_SETPRIORITY_1 */ + +/* Declaration style */ +/* #undef DECL_SIGVEC_0 */ + +/* Declaration style */ +/* #undef DECL_STDIO_0 */ + +/* Declaration style */ +/* #undef DECL_STIME_0 */ + +/* Declaration style */ +/* #undef DECL_STIME_1 */ + +/* Declaration style */ +/* #undef DECL_STRERROR_0 */ + +/* Declaration style */ +/* #undef DECL_STRTOL_0 */ + +/* Declare syscall()? */ +/* #undef DECL_SYSCALL */ + +/* Declaration style */ +/* #undef DECL_SYSLOG_0 */ + +/* Declaration style */ +/* #undef DECL_TIMEOFDAY_0 */ + +/* Declaration style */ +/* #undef DECL_TIME_0 */ + +/* Declaration style */ +/* #undef DECL_TOLOWER_0 */ + +/* Declaration style */ +/* #undef DECL_TOUPPER_0 */ + +/* What is the fallback value for HZ? */ +#define DEFAULT_HZ 100 + +/* Default number of megabytes for RLIMIT_MEMLOCK */ +#define DFLT_RLIMIT_MEMLOCK 32 + +/* Default number of 4k pages for RLIMIT_STACK */ +#define DFLT_RLIMIT_STACK 50 + +/* Directory separator character, usually / or \\ */ +#define DIR_SEP '/' + +/* use old autokey session key behavior? */ +/* #undef DISABLE_BUG1243_FIX */ + +/* synch TODR hourly? */ +/* #undef DOSYNCTODR */ + +/* The number of minutes in a DST adjustment */ +#define DSTMINUTES 60 + +/* number of args to el_init() */ +#define EL_INIT_ARGS 4 + +/* nls support in libopts */ +/* #undef ENABLE_NLS */ + +/* force ntpdate to step the clock if !defined(STEP_SLEW) ? */ +/* #undef FORCE_NTPDATE_STEP */ + +/* What is getsockname()'s socklen type? */ +#define GETSOCKNAME_SOCKLEN_TYPE socklen_t + +/* Do we have a routing socket (rt_msghdr or rtattr)? */ +#define HAS_ROUTING_SOCKET 1 + +/* via __adjtimex */ +/* #undef HAVE_ADJTIMEX */ + +/* Define to 1 if you have `alloca', as a function or macro. */ +#define HAVE_ALLOCA 1 + +/* Define to 1 if you have <alloca.h> and it should be used (not on Ultrix). + */ +/* #undef HAVE_ALLOCA_H */ + +/* Define to 1 if you have the `arc4random_buf' function. */ +#define HAVE_ARC4RANDOM_BUF 1 + +/* Define to 1 if you have the <arpa/nameser.h> header file. */ +#define HAVE_ARPA_NAMESER_H 1 + +/* Do we have audio support? */ +#define HAVE_AUDIO /**/ + +/* Define to 1 if you have the <bstring.h> header file. */ +/* #undef HAVE_BSTRING_H */ + +/* Define to 1 if you have the `canonicalize_file_name' function. */ +/* #undef HAVE_CANONICALIZE_FILE_NAME */ + +/* Define to 1 if you have the `chmod' function. */ +#define HAVE_CHMOD 1 + +/* Do we have the CIOGETEV ioctl (SunOS, Linux)? */ +/* #undef HAVE_CIOGETEV */ + +/* Define to 1 if you have the `clock_getres' function. */ +#define HAVE_CLOCK_GETRES 1 + +/* Define to 1 if you have the `clock_gettime' function. */ +#define HAVE_CLOCK_GETTIME 1 + +/* Define to 1 if you have the `clock_settime' function. */ +#define HAVE_CLOCK_SETTIME 1 + +/* Define to 1 if you have the <cthreads.h> header file. */ +/* #undef HAVE_CTHREADS_H */ + +/* Define to 1 if you have the `daemon' function. */ +#define HAVE_DAEMON 1 + +/* Define to 1 if you have the declaration of `strerror_r', and to 0 if you + don't. */ +#define HAVE_DECL_STRERROR_R 1 + +/* Define to 1 if you have the <dirent.h> header file, and it defines `DIR'. + */ +#define HAVE_DIRENT_H 1 + +/* Define to 1 if you have the <dlfcn.h> header file. */ +#define HAVE_DLFCN_H 1 + +/* Use Rendezvous/DNS-SD registration */ +/* #undef HAVE_DNSREGISTRATION */ + +/* Define to 1 if you don't have `vprintf' but do have `_doprnt.' */ +/* #undef HAVE_DOPRNT */ + +/* Can we drop root privileges? */ +/* #undef HAVE_DROPROOT */ + +/* Define to 1 if you have the <errno.h> header file. */ +#define HAVE_ERRNO_H 1 + +/* Define to 1 if you have the `fchmod' function. */ +#define HAVE_FCHMOD 1 + +/* Define to 1 if you have the <fcntl.h> header file. */ +#define HAVE_FCNTL_H 1 + +/* Define to 1 if you have the `finite' function. */ +/* #undef HAVE_FINITE */ + +/* Define to 1 if you have the `fnmatch' function. */ +#define HAVE_FNMATCH 1 + +/* Define to 1 if you have the <fnmatch.h> header file. */ +#define HAVE_FNMATCH_H 1 + +/* Define to 1 if you have the `fork' function. */ +#define HAVE_FORK 1 + +/* Define to 1 if you have the `fstat' function. */ +#define HAVE_FSTAT 1 + +/* Define to 1 if you have the `getbootfile' function. */ +#define HAVE_GETBOOTFILE 1 + +/* Define to 1 if you have the `getclock' function. */ +/* #undef HAVE_GETCLOCK */ + +/* Define to 1 if you have the `getdtablesize' function. */ +#define HAVE_GETDTABLESIZE 1 + +/* Define to 1 if you have the `getifaddrs' function. */ +#define HAVE_GETIFADDRS 1 + +/* Define to 1 if you have the `getpassphrase' function. */ +/* #undef HAVE_GETPASSPHRASE */ + +/* Define to 1 if you have the `getrusage' function. */ +#define HAVE_GETRUSAGE 1 + +/* Define to 1 if you have the `getuid' function. */ +#define HAVE_GETUID 1 + +/* if you have GNU Pth */ +/* #undef HAVE_GNU_PTH */ + +/* Define to 1 if you have the <histedit.h> header file. */ +#define HAVE_HISTEDIT_H 1 + +/* Define to 1 if you have the <history.h> header file. */ +/* #undef HAVE_HISTORY_H */ + +/* Obvious */ +#define HAVE_HZ_IN_STRUCT_CLOCKINFO 1 + +/* Define to 1 if you have the <ieeefp.h> header file. */ +#define HAVE_IEEEFP_H 1 + +/* have iflist_sysctl? */ +#define HAVE_IFLIST_SYSCTL 1 + +/* Define to 1 if you have the `if_nametoindex' function. */ +#define HAVE_IF_NAMETOINDEX 1 + +/* inline keyword or macro available */ +#define HAVE_INLINE 1 + +/* Define to 1 if the system has the type `int16_t'. */ +#define HAVE_INT16_T 1 + +/* Define to 1 if the system has the type `int32'. */ +/* #undef HAVE_INT32 */ + +/* int32 type in DNS headers, not others. */ +/* #undef HAVE_INT32_ONLY_WITH_DNS */ + +/* Define to 1 if the system has the type `int32_t'. */ +#define HAVE_INT32_T 1 + +/* Define to 1 if the system has the type `int8_t'. */ +#define HAVE_INT8_T 1 + +/* Define to 1 if the system has the type `intmax_t'. */ +/* #undef HAVE_INTMAX_T */ + +/* Define to 1 if the system has the type `intptr_t'. */ +#define HAVE_INTPTR_T 1 + +/* Define to 1 if you have the <inttypes.h> header file. */ +#define HAVE_INTTYPES_H 1 + +/* Define to 1 if you have the `isfinite' function. */ +#define HAVE_ISFINITE 1 + +/* Define to 1 if you have the <kvm.h> header file. */ +#define HAVE_KVM_H 1 + +/* Define to 1 if you have the `kvm_open' function. */ +/* #undef HAVE_KVM_OPEN */ + +/* Define to 1 if you have the `gen' library (-lgen). */ +/* #undef HAVE_LIBGEN */ + +/* Define to 1 if you have the <libgen.h> header file. */ +#define HAVE_LIBGEN_H 1 + +/* Define to 1 if you have the `intl' library (-lintl). */ +/* #undef HAVE_LIBINTL */ + +/* Define to 1 if you have the <libintl.h> header file. */ +/* #undef HAVE_LIBINTL_H */ + +/* Define to 1 if you have the <libscf.h> header file. */ +/* #undef HAVE_LIBSCF_H */ + +/* Define to 1 if you have the <limits.h> header file. */ +#define HAVE_LIMITS_H 1 + +/* using Linux pthread? */ +/* #undef HAVE_LINUXTHREADS */ + +/* Do we have Linux capabilities? */ +/* #undef HAVE_LINUX_CAPABILITIES */ + +/* Define to 1 if you have the <linux/if_addr.h> header file. */ +/* #undef HAVE_LINUX_IF_ADDR_H */ + +/* if you have LinuxThreads */ +/* #undef HAVE_LINUX_THREADS */ + +/* Define to 1 if you have the `localeconv' function. */ +/* #undef HAVE_LOCALECONV */ + +/* Define to 1 if you have the <locale.h> header file. */ +/* #undef HAVE_LOCALE_H */ + +/* Define to 1 if the system has the type `long double'. */ +/* #undef HAVE_LONG_DOUBLE */ + +/* Define to 1 if the system has the type `long long'. */ +#define HAVE_LONG_LONG 1 + +/* Define to 1 if the system has the type `long long int'. */ +/* #undef HAVE_LONG_LONG_INT */ + +/* if you have SunOS LWP package */ +/* #undef HAVE_LWP */ + +/* Define to 1 if you have the <lwp/lwp.h> header file. */ +/* #undef HAVE_LWP_LWP_H */ + +/* Define to 1 if you have the <machine/inline.h> header file. */ +/* #undef HAVE_MACHINE_INLINE_H */ + +/* Define to 1 if you have the <machine/soundcard.h> header file. */ +/* #undef HAVE_MACHINE_SOUNDCARD_H */ + +/* define if you have Mach Cthreads */ +/* #undef HAVE_MACH_CTHREADS */ + +/* Define to 1 if you have the <mach/cthreads.h> header file. */ +/* #undef HAVE_MACH_CTHREADS_H */ + +/* Define to 1 if you have the <math.h> header file. */ +#define HAVE_MATH_H 1 + +/* Define to 1 if you have the `MD5Init' function. */ +#define HAVE_MD5INIT 1 + +/* Define to 1 if you have the <md5.h> header file. */ +#define HAVE_MD5_H 1 + +/* Define to 1 if you have the `memlk' function. */ +/* #undef HAVE_MEMLK */ + +/* Define to 1 if you have the <memory.h> header file. */ +#define HAVE_MEMORY_H 1 + +/* Define to 1 if you have the `mkstemp' function. */ +#define HAVE_MKSTEMP 1 + +/* Define to 1 if you have the `mktime' function. */ +#define HAVE_MKTIME 1 + +/* Define to 1 if you have the `mlockall' function. */ +#define HAVE_MLOCKALL 1 + +/* Define to 1 if you have the `mmap' function. */ +#define HAVE_MMAP 1 + +/* Define to 1 if you have the `nanosleep' function. */ +#define HAVE_NANOSLEEP 1 + +/* Define to 1 if you have the <ndir.h> header file, and it defines `DIR'. */ +/* #undef HAVE_NDIR_H */ + +/* Define to 1 if you have the <netdb.h> header file. */ +#define HAVE_NETDB_H 1 + +/* Define to 1 if you have the <netinet/in.h> header file. */ +#define HAVE_NETINET_IN_H 1 + +/* Define to 1 if you have the <netinet/in_system.h> header file. */ +/* #undef HAVE_NETINET_IN_SYSTEM_H */ + +/* Define to 1 if you have the <netinet/in_systm.h> header file. */ +#define HAVE_NETINET_IN_SYSTM_H 1 + +/* Define to 1 if you have the <netinet/in_var.h> header file. */ +#define HAVE_NETINET_IN_VAR_H 1 + +/* Define to 1 if you have the <netinet/ip.h> header file. */ +#define HAVE_NETINET_IP_H 1 + +/* NetInfo support? */ +/* #undef HAVE_NETINFO */ + +/* Define to 1 if you have the <netinfo/ni.h> header file. */ +/* #undef HAVE_NETINFO_NI_H */ + +/* Define to 1 if you have the <net/if6.h> header file. */ +/* #undef HAVE_NET_IF6_H */ + +/* Define to 1 if you have the <net/if.h> header file. */ +#define HAVE_NET_IF_H 1 + +/* Define to 1 if you have the <net/route.h> header file. */ +#define HAVE_NET_ROUTE_H 1 + +/* Define to 1 if you have the `nice' function. */ +#define HAVE_NICE 1 + +/* Define to 1 if you have the <nlist.h> header file. */ +#define HAVE_NLIST_H 1 + +/* via __adjtimex */ +#define HAVE_NTP_ADJTIME 1 + +/* via __ntp_gettime */ +#define HAVE_NTP_GETTIME 1 + +/* Do we want support for Samba's signing daemon? */ +#define HAVE_NTP_SIGND 1 + +/* if you have NT Event Log */ +/* #undef HAVE_NT_EVENT_LOG */ + +/* if you have NT Service Manager */ +/* #undef HAVE_NT_SERVICE_MANAGER */ + +/* if you have NT Threads */ +/* #undef HAVE_NT_THREADS */ + +/* Define to 1 if the system has the type `pid_t'. */ +#define HAVE_PID_T 1 + +/* Define to 1 if you have the `plock' function. */ +/* #undef HAVE_PLOCK */ + +/* Define to 1 if you have the <poll.h> header file. */ +#define HAVE_POLL_H 1 + +/* Do we have the PPS API per the Draft RFC? */ +#define HAVE_PPSAPI 1 + +/* Define to 1 if you have the <priv.h> header file. */ +/* #undef HAVE_PRIV_H */ + +/* Define if you have POSIX threads libraries and header files. */ +/* #undef HAVE_PTHREAD */ + +/* define to pthreads API spec revision */ +#define HAVE_PTHREADS 10 + +/* Define to 1 if you have the `pthread_attr_getstacksize' function. */ +#define HAVE_PTHREAD_ATTR_GETSTACKSIZE 1 + +/* Define to 1 if you have the `pthread_attr_setstacksize' function. */ +#define HAVE_PTHREAD_ATTR_SETSTACKSIZE 1 + +/* define if you have pthread_detach function */ +#define HAVE_PTHREAD_DETACH 1 + +/* Define to 1 if you have the `pthread_getconcurrency' function. */ +#define HAVE_PTHREAD_GETCONCURRENCY 1 + +/* Define to 1 if you have the <pthread.h> header file. */ +#define HAVE_PTHREAD_H 1 + +/* Define to 1 if you have the `pthread_kill' function. */ +#define HAVE_PTHREAD_KILL 1 + +/* Define to 1 if you have the `pthread_kill_other_threads_np' function. */ +/* #undef HAVE_PTHREAD_KILL_OTHER_THREADS_NP */ + +/* define if you have pthread_rwlock_destroy function */ +#define HAVE_PTHREAD_RWLOCK_DESTROY 1 + +/* Define to 1 if you have the `pthread_setconcurrency' function. */ +#define HAVE_PTHREAD_SETCONCURRENCY 1 + +/* Define to 1 if you have the `pthread_yield' function. */ +#define HAVE_PTHREAD_YIELD 1 + +/* Define to 1 if you have the <pth.h> header file. */ +/* #undef HAVE_PTH_H */ + +/* Define to 1 if the system has the type `ptrdiff_t'. */ +#define HAVE_PTRDIFF_T 1 + +/* Define to 1 if you have the `pututline' function. */ +/* #undef HAVE_PUTUTLINE */ + +/* Define to 1 if you have the `pututxline' function. */ +#define HAVE_PUTUTXLINE 1 + +/* Define to 1 if you have the `RAND_bytes' function. */ +#define HAVE_RAND_BYTES 1 + +/* Define to 1 if you have the `RAND_poll' function. */ +#define HAVE_RAND_POLL 1 + +/* Define to 1 if you have the <readline.h> header file. */ +/* #undef HAVE_READLINE_H */ + +/* Define if your readline library has \`add_history' */ +#define HAVE_READLINE_HISTORY 1 + +/* Define to 1 if you have the <readline/history.h> header file. */ +#define HAVE_READLINE_HISTORY_H 1 + +/* Define to 1 if you have the <readline/readline.h> header file. */ +#define HAVE_READLINE_READLINE_H 1 + +/* Define to 1 if you have the `readlink' function. */ +#define HAVE_READLINK 1 + +/* Define to 1 if you have the `recvmsg' function. */ +#define HAVE_RECVMSG 1 + +/* Define to 1 if you have the <resolv.h> header file. */ +#define HAVE_RESOLV_H 1 + +/* Define to 1 if you have the `res_init' function. */ +#define HAVE_RES_INIT 1 + +/* Do we have Linux routing socket? */ +/* #undef HAVE_RTNETLINK */ + +/* Define to 1 if you have the `rtprio' function. */ +#define HAVE_RTPRIO 1 + +/* Define to 1 if you have the <runetype.h> header file. */ +#define HAVE_RUNETYPE_H 1 + +/* Obvious */ +#define HAVE_SA_SIGACTION_IN_STRUCT_SIGACTION 1 + +/* Define to 1 if you have the <sched.h> header file. */ +#define HAVE_SCHED_H 1 + +/* Define to 1 if you have the `sched_setscheduler' function. */ +#define HAVE_SCHED_SETSCHEDULER 1 + +/* Define to 1 if you have the `sched_yield' function. */ +#define HAVE_SCHED_YIELD 1 + +/* Define to 1 if you have the <semaphore.h> header file. */ +#define HAVE_SEMAPHORE_H 1 + +/* Define to 1 if you have the `sem_timedwait' function. */ +#define HAVE_SEM_TIMEDWAIT 1 + +/* Define to 1 if you have the <setjmp.h> header file. */ +#define HAVE_SETJMP_H 1 + +/* Define to 1 if you have the `setlinebuf' function. */ +#define HAVE_SETLINEBUF 1 + +/* Define to 1 if you have the `setpgid' function. */ +#define HAVE_SETPGID 1 + +/* define if setpgrp takes 0 arguments */ +/* #undef HAVE_SETPGRP_0 */ + +/* Define to 1 if you have the `setpriority' function. */ +#define HAVE_SETPRIORITY 1 + +/* Define to 1 if you have the `setrlimit' function. */ +#define HAVE_SETRLIMIT 1 + +/* Define to 1 if you have the `setsid' function. */ +#define HAVE_SETSID 1 + +/* Define to 1 if you have the `settimeofday' function. */ +#define HAVE_SETTIMEOFDAY 1 + +/* Define to 1 if you have the `setvbuf' function. */ +#define HAVE_SETVBUF 1 + +/* Define to 1 if you have the <sgtty.h> header file. */ +/* #undef HAVE_SGTTY_H */ + +/* Define to 1 if you have the `sigaction' function. */ +#define HAVE_SIGACTION 1 + +/* Can we use SIGIO for tcp and udp IO? */ +/* #undef HAVE_SIGNALED_IO */ + +/* Define to 1 if you have the `sigset' function. */ +#define HAVE_SIGSET 1 + +/* Define to 1 if you have the `sigvec' function. */ +#define HAVE_SIGVEC 1 + +/* sigwait() available? */ +#define HAVE_SIGWAIT 1 + +/* Define to 1 if the system has the type `size_t'. */ +#define HAVE_SIZE_T 1 + +/* Define if C99-compliant `snprintf' is available. */ +#define HAVE_SNPRINTF 1 + +/* Define to 1 if you have the `socketpair' function. */ +#define HAVE_SOCKETPAIR 1 + +/* Are Solaris privileges available? */ +/* #undef HAVE_SOLARIS_PRIVS */ + +/* Define to 1 if you have the <stdarg.h> header file. */ +#define HAVE_STDARG_H 1 + +/* Define to 1 if you have the <stdbool.h> header file. */ +#define HAVE_STDBOOL_H 1 + +/* Define to 1 if you have the <stddef.h> header file. */ +/* #undef HAVE_STDDEF_H */ + +/* Define to 1 if you have the <stdint.h> header file. */ +#define HAVE_STDINT_H 1 + +/* Define to 1 if you have the <stdlib.h> header file. */ +#define HAVE_STDLIB_H 1 + +/* Define to 1 if you have the `stime' function. */ +/* #undef HAVE_STIME */ + +/* Define to 1 if you have the `strchr' function. */ +#define HAVE_STRCHR 1 + +/* Define to 1 if you have the `strdup' function. */ +#define HAVE_STRDUP 1 + +/* Define to 1 if you have the `strerror' function. */ +#define HAVE_STRERROR 1 + +/* Define to 1 if you have the `strerror_r' function. */ +#define HAVE_STRERROR_R 1 + +/* Define to 1 if you have the <strings.h> header file. */ +#define HAVE_STRINGS_H 1 + +/* Define to 1 if you have the <string.h> header file. */ +#define HAVE_STRING_H 1 + +/* Define to 1 if you have the `strlcat' function. */ +#define HAVE_STRLCAT 1 + +/* Define to 1 if you have the `strlcpy' function. */ +#define HAVE_STRLCPY 1 + +/* Define to 1 if you have the <stropts.h> header file. */ +/* #undef HAVE_STROPTS_H */ + +/* Define to 1 if you have the `strrchr' function. */ +#define HAVE_STRRCHR 1 + +/* Define to 1 if you have the `strsignal' function. */ +#define HAVE_STRSIGNAL 1 + +/* Define to 1 if you have the `strtoll' function. */ +#define HAVE_STRTOLL 1 + +/* Define to 1 if `decimal_point' is a member of `struct lconv'. */ +/* #undef HAVE_STRUCT_LCONV_DECIMAL_POINT */ + +/* Define to 1 if `thousands_sep' is a member of `struct lconv'. */ +/* #undef HAVE_STRUCT_LCONV_THOUSANDS_SEP */ + +/* Do we have struct ntptimeval? */ +#define HAVE_STRUCT_NTPTIMEVAL 1 + +/* Define to 1 if `time.tv_nsec' is a member of `struct ntptimeval'. */ +#define HAVE_STRUCT_NTPTIMEVAL_TIME_TV_NSEC 1 + +/* Does a system header define struct ppsclockev? */ +/* #undef HAVE_STRUCT_PPSCLOCKEV */ + +/* Do we have struct snd_size? */ +#define HAVE_STRUCT_SND_SIZE 1 + +/* Does a system header define struct sockaddr_storage? */ +#define HAVE_STRUCT_SOCKADDR_STORAGE 1 + +/* struct timespec declared? */ +#define HAVE_STRUCT_TIMESPEC 1 + +/* Define to 1 if you have the <sun/audioio.h> header file. */ +/* #undef HAVE_SUN_AUDIOIO_H */ + +/* Define to 1 if you have the <synch.h> header file. */ +/* #undef HAVE_SYNCH_H */ + +/* Define to 1 if you have the `sysconf' function. */ +#define HAVE_SYSCONF 1 + +/* Define to 1 if you have the <sysexits.h> header file. */ +#define HAVE_SYSEXITS_H 1 + +/* */ +#define HAVE_SYSLOG_FACILITYNAMES 1 + +/* Define to 1 if you have the <sys/audioio.h> header file. */ +/* #undef HAVE_SYS_AUDIOIO_H */ + +/* Define to 1 if you have the <sys/capability.h> header file. */ +#define HAVE_SYS_CAPABILITY_H 1 + +/* Define to 1 if you have the <sys/clockctl.h> header file. */ +/* #undef HAVE_SYS_CLOCKCTL_H */ + +/* Define to 1 if you have the <sys/dir.h> header file, and it defines `DIR'. + */ +/* #undef HAVE_SYS_DIR_H */ + +/* Define to 1 if you have the <sys/file.h> header file. */ +#define HAVE_SYS_FILE_H 1 + +/* Define to 1 if you have the <sys/i8253.h> header file. */ +/* #undef HAVE_SYS_I8253_H */ + +/* Define to 1 if you have the <sys/ioctl.h> header file. */ +#define HAVE_SYS_IOCTL_H 1 + +/* Define to 1 if you have the <sys/ipc.h> header file. */ +#define HAVE_SYS_IPC_H 1 + +/* Define to 1 if you have the <sys/limits.h> header file. */ +/* #undef HAVE_SYS_LIMITS_H */ + +/* Define to 1 if you have the <sys/lock.h> header file. */ +#define HAVE_SYS_LOCK_H 1 + +/* Define to 1 if you have the <sys/mman.h> header file. */ +#define HAVE_SYS_MMAN_H 1 + +/* Define to 1 if you have the <sys/modem.h> header file. */ +/* #undef HAVE_SYS_MODEM_H */ + +/* Define to 1 if you have the <sys/ndir.h> header file, and it defines `DIR'. + */ +/* #undef HAVE_SYS_NDIR_H */ + +/* Define to 1 if you have the <sys/param.h> header file. */ +#define HAVE_SYS_PARAM_H 1 + +/* Define to 1 if you have the <sys/pcl720.h> header file. */ +/* #undef HAVE_SYS_PCL720_H */ + +/* Define to 1 if you have the <sys/poll.h> header file. */ +#define HAVE_SYS_POLL_H 1 + +/* Define to 1 if you have the <sys/ppsclock.h> header file. */ +/* #undef HAVE_SYS_PPSCLOCK_H */ + +/* Define to 1 if you have the <sys/ppstime.h> header file. */ +/* #undef HAVE_SYS_PPSTIME_H */ + +/* Define to 1 if you have the <sys/prctl.h> header file. */ +/* #undef HAVE_SYS_PRCTL_H */ + +/* Define to 1 if you have the <sys/procset.h> header file. */ +/* #undef HAVE_SYS_PROCSET_H */ + +/* Define to 1 if you have the <sys/proc.h> header file. */ +#define HAVE_SYS_PROC_H 1 + +/* Define to 1 if you have the <sys/resource.h> header file. */ +#define HAVE_SYS_RESOURCE_H 1 + +/* Define to 1 if you have the <sys/sched.h> header file. */ +/* #undef HAVE_SYS_SCHED_H */ + +/* Define to 1 if you have the <sys/select.h> header file. */ +#define HAVE_SYS_SELECT_H 1 + +/* Define to 1 if you have the <sys/shm.h> header file. */ +#define HAVE_SYS_SHM_H 1 + +/* Define to 1 if you have the <sys/signal.h> header file. */ +#define HAVE_SYS_SIGNAL_H 1 + +/* Define to 1 if you have the <sys/socket.h> header file. */ +#define HAVE_SYS_SOCKET_H 1 + +/* Define to 1 if you have the <sys/sockio.h> header file. */ +#define HAVE_SYS_SOCKIO_H 1 + +/* Define to 1 if you have the <sys/soundcard.h> header file. */ +#define HAVE_SYS_SOUNDCARD_H 1 + +/* Define to 1 if you have the <sys/stat.h> header file. */ +#define HAVE_SYS_STAT_H 1 + +/* Define to 1 if you have the <sys/stream.h> header file. */ +/* #undef HAVE_SYS_STREAM_H */ + +/* Define to 1 if you have the <sys/stropts.h> header file. */ +/* #undef HAVE_SYS_STROPTS_H */ + +/* Define to 1 if you have the <sys/sysctl.h> header file. */ +#define HAVE_SYS_SYSCTL_H 1 + +/* Define to 1 if you have the <sys/syssgi.h> header file. */ +/* #undef HAVE_SYS_SYSSGI_H */ + +/* Define to 1 if you have the <sys/systune.h> header file. */ +/* #undef HAVE_SYS_SYSTUNE_H */ + +/* Define to 1 if you have the <sys/termios.h> header file. */ +#define HAVE_SYS_TERMIOS_H 1 + +/* Define to 1 if you have the <sys/timepps.h> header file. */ +#define HAVE_SYS_TIMEPPS_H 1 + +/* Define to 1 if you have the <sys/timers.h> header file. */ +#define HAVE_SYS_TIMERS_H 1 + +/* Define to 1 if you have the <sys/timex.h> header file. */ +#define HAVE_SYS_TIMEX_H 1 + +/* Define to 1 if you have the <sys/time.h> header file. */ +#define HAVE_SYS_TIME_H 1 + +/* Define to 1 if you have the <sys/tpro.h> header file. */ +/* #undef HAVE_SYS_TPRO_H */ + +/* Define to 1 if you have the <sys/types.h> header file. */ +#define HAVE_SYS_TYPES_H 1 + +/* Use sys/uio.h for struct iovec help */ +/* #undef HAVE_SYS_UIO_H */ + +/* Define to 1 if you have the <sys/un.h> header file. */ +#define HAVE_SYS_UN_H 1 + +/* Define to 1 if you have the <sys/var.h> header file. */ +/* #undef HAVE_SYS_VAR_H */ + +/* Define to 1 if you have the <sys/wait.h> header file. */ +#define HAVE_SYS_WAIT_H 1 + +/* Define to 1 if the system has the type `s_char'. */ +/* #undef HAVE_S_CHAR */ + +/* Define to 1 if you have the <termios.h> header file. */ +#define HAVE_TERMIOS_H 1 + +/* Define to 1 if you have the <termio.h> header file. */ +/* #undef HAVE_TERMIO_H */ + +/* if you have Solaris LWP (thr) package */ +/* #undef HAVE_THR */ + +/* Define to 1 if you have the <thread.h> header file. */ +/* #undef HAVE_THREAD_H */ + +/* Define to 1 if you have the `thr_getconcurrency' function. */ +/* #undef HAVE_THR_GETCONCURRENCY */ + +/* Define to 1 if you have the `thr_setconcurrency' function. */ +/* #undef HAVE_THR_SETCONCURRENCY */ + +/* Define to 1 if you have the `thr_yield' function. */ +/* #undef HAVE_THR_YIELD */ + +/* Obvious */ +#define HAVE_TICKADJ_IN_STRUCT_CLOCKINFO 1 + +/* Define to 1 if you have the `timegm' function. */ +#define HAVE_TIMEGM 1 + +/* Define to 1 if you have the <timepps.h> header file. */ +/* #undef HAVE_TIMEPPS_H */ + +/* Define to 1 if you have the `timer_create' function. */ +/* #undef HAVE_TIMER_CREATE */ + +/* Define to 1 if you have the <timex.h> header file. */ +/* #undef HAVE_TIMEX_H */ + +/* Define to 1 if you have the <time.h> header file. */ +#define HAVE_TIME_H 1 + +/* Do we have the TIOCGPPSEV ioctl (Solaris)? */ +/* #undef HAVE_TIOCGPPSEV */ + +/* Do we have the TIOCSPPS ioctl (Solaris)? */ +/* #undef HAVE_TIOCSPPS */ + +/* Do we have the TIO serial stuff? */ +/* #undef HAVE_TIO_SERIAL_STUFF */ + +/* Define to 1 if the system has the type `uint16_t'. */ +#define HAVE_UINT16_T 1 + +/* Define to 1 if the system has the type `uint32_t'. */ +#define HAVE_UINT32_T 1 + +/* Define to 1 if the system has the type `uint8_t'. */ +#define HAVE_UINT8_T 1 + +/* Define to 1 if the system has the type `uintmax_t'. */ +/* #undef HAVE_UINTMAX_T */ + +/* Define to 1 if the system has the type `uintptr_t'. */ +#define HAVE_UINTPTR_T 1 + +/* Define to 1 if the system has the type `uint_t'. */ +/* #undef HAVE_UINT_T */ + +/* Define to 1 if you have the `umask' function. */ +#define HAVE_UMASK 1 + +/* Define to 1 if you have the `uname' function. */ +#define HAVE_UNAME 1 + +/* Define to 1 if you have the <unistd.h> header file. */ +#define HAVE_UNISTD_H 1 + +/* deviant sigwait? */ +/* #undef HAVE_UNIXWARE_SIGWAIT */ + +/* Define to 1 if the system has the type `unsigned long long int'. */ +/* #undef HAVE_UNSIGNED_LONG_LONG_INT */ + +/* Define to 1 if you have the `updwtmp' function. */ +/* #undef HAVE_UPDWTMP */ + +/* Define to 1 if you have the `updwtmpx' function. */ +/* #undef HAVE_UPDWTMPX */ + +/* Define to 1 if you have the <utime.h> header file. */ +#define HAVE_UTIME_H 1 + +/* Define to 1 if you have the <utmpx.h> header file. */ +#define HAVE_UTMPX_H 1 + +/* Define to 1 if you have the <utmp.h> header file. */ +/* #undef HAVE_UTMP_H */ + +/* Define to 1 if the system has the type `u_int32'. */ +/* #undef HAVE_U_INT32 */ + +/* u_int32 type in DNS headers, not others. */ +/* #undef HAVE_U_INT32_ONLY_WITH_DNS */ + +/* Define to 1 if you have the <values.h> header file. */ +/* #undef HAVE_VALUES_H */ + +/* Define to 1 if you have the <varargs.h> header file. */ +/* #undef HAVE_VARARGS_H */ + +/* Define to 1 if you have the `vfork' function. */ +#define HAVE_VFORK 1 + +/* Define to 1 if you have the <vfork.h> header file. */ +/* #undef HAVE_VFORK_H */ + +/* Define to 1 if you have the `vprintf' function. */ +#define HAVE_VPRINTF 1 + +/* Define if C99-compliant `vsnprintf' is available. */ +#define HAVE_VSNPRINTF 1 + +/* Define to 1 if you have the <wchar.h> header file. */ +#define HAVE_WCHAR_H 1 + +/* Define to 1 if the system has the type `wchar_t'. */ +#define HAVE_WCHAR_T 1 + +/* Define to 1 if the system has the type `wint_t'. */ +#define HAVE_WINT_T 1 + +/* Define to 1 if `fork' works. */ +#define HAVE_WORKING_FORK 1 + +/* Define to 1 if `vfork' works. */ +#define HAVE_WORKING_VFORK 1 + +/* define if select implicitly yields */ +#define HAVE_YIELDING_SELECT 1 + +/* Define to 1 if you have the `_exit' function. */ +#define HAVE__EXIT 1 + +/* Define to 1 if you have the </sys/sync/queue.h> header file. */ +/* #undef HAVE__SYS_SYNC_QUEUE_H */ + +/* Define to 1 if you have the </sys/sync/sema.h> header file. */ +/* #undef HAVE__SYS_SYNC_SEMA_H */ + +/* Define to 1 if you have the `__adjtimex' function. */ +/* #undef HAVE___ADJTIMEX */ + +/* defined if C compiler supports __attribute__((...)) */ +#define HAVE___ATTRIBUTE__ /**/ + + + /* define away __attribute__() if unsupported */ + #ifndef HAVE___ATTRIBUTE__ + # define __attribute__(x) /* empty */ + #endif + #define ISC_PLATFORM_NORETURN_PRE + #define ISC_PLATFORM_NORETURN_POST __attribute__((__noreturn__)) + + + +/* Define to 1 if you have the `__ntp_gettime' function. */ +/* #undef HAVE___NTP_GETTIME */ + +/* Define to 1 if you have the `__res_init' function. */ +/* #undef HAVE___RES_INIT */ + +/* Does struct sockaddr_storage have __ss_family? */ +/* #undef HAVE___SS_FAMILY_IN_SS */ + + + /* Handle sockaddr_storage.__ss_family */ + #ifdef HAVE___SS_FAMILY_IN_SS + # define ss_family __ss_family + #endif /* HAVE___SS_FAMILY_IN_SS */ + + + +/* Define to provide `rpl_snprintf' function. */ +/* #undef HW_WANT_RPL_SNPRINTF */ + +/* Define to provide `rpl_vsnprintf' function. */ +/* #undef HW_WANT_RPL_VSNPRINTF */ + +/* Retry queries on _any_ DNS error? */ +/* #undef IGNORE_DNS_ERRORS */ + +/* Should we use the IRIG sawtooth filter? */ +/* #undef IRIG_SUCKS */ + +/* Enclose PTHREAD_ONCE_INIT in extra braces? */ +/* #undef ISC_PLATFORM_BRACEPTHREADONCEINIT */ + +/* Do we need to fix in6isaddr? */ +/* #undef ISC_PLATFORM_FIXIN6ISADDR */ + +/* ISC: do we have if_nametoindex()? */ +#define ISC_PLATFORM_HAVEIFNAMETOINDEX 1 + +/* have struct if_laddrconf? */ +/* #undef ISC_PLATFORM_HAVEIF_LADDRCONF */ + +/* have struct if_laddrreq? */ +/* #undef ISC_PLATFORM_HAVEIF_LADDRREQ */ + +/* have struct in6_pktinfo? */ +#define ISC_PLATFORM_HAVEIN6PKTINFO 1 + +/* have IPv6? */ +#define ISC_PLATFORM_HAVEIPV6 1 + +/* struct sockaddr has sa_len? */ +#define ISC_PLATFORM_HAVESALEN 1 + +/* sin6_scope_id? */ +#define ISC_PLATFORM_HAVESCOPEID 1 + +/* missing in6addr_any? */ +/* #undef ISC_PLATFORM_NEEDIN6ADDRANY */ + +/* Do we need netinet6/in6.h? */ +/* #undef ISC_PLATFORM_NEEDNETINET6IN6H */ + +/* ISC: provide inet_ntop() */ +/* #undef ISC_PLATFORM_NEEDNTOP */ + +/* Declare in_port_t? */ +/* #undef ISC_PLATFORM_NEEDPORTT */ + +/* ISC: provide inet_pton() */ +/* #undef ISC_PLATFORM_NEEDPTON */ + +/* enable libisc thread support? */ +#define ISC_PLATFORM_USETHREADS 1 + +/* Does the kernel have an FLL bug? */ +/* #undef KERNEL_FLL_BUG */ + +/* Does the kernel support precision time discipline? */ +#define KERNEL_PLL 1 + +/* Define to use libseccomp system call filtering. */ +/* #undef KERN_SECCOMP */ + +/* What is (probably) the name of DOSYNCTODR in the kernel? */ +#define K_DOSYNCTODR_NAME "_dosynctodr" + +/* What is (probably) the name of NOPRINTF in the kernel? */ +#define K_NOPRINTF_NAME "_noprintf" + +/* What is the name of TICKADJ in the kernel? */ +#define K_TICKADJ_NAME "_tickadj" + +/* What is the name of TICK in the kernel? */ +#define K_TICK_NAME "_tick" + +/* define to 1 if library is thread safe */ +#define LDAP_API_FEATURE_X_OPENLDAP_THREAD_SAFE 1 + +/* Define to any value to include libseccomp sandboxing. */ +/* #undef LIBSECCOMP */ + +/* Should we align with the NIST lockclock scheme? */ +/* #undef LOCKCLOCK */ + +/* Define to the sub-directory in which libtool stores uninstalled libraries. + */ +#define LT_OBJDIR ".libs/" + +/* Does the target support multicast IP? */ +#define MCAST 1 + +/* Should we recommend a minimum value for tickadj? */ +/* #undef MIN_REC_TICKADJ */ + +/* Do we need HPUX adjtime() library support? */ +/* #undef NEED_HPUX_ADJTIME */ + +/* Do we want the HPUX FindConfig()? */ +/* #undef NEED_HPUX_FINDCONFIG */ + +/* We need to provide netsnmp_daemonize() */ +/* #undef NEED_NETSNMP_DAEMONIZE */ + +/* pthread_init() required? */ +/* #undef NEED_PTHREAD_INIT */ + +/* use PTHREAD_SCOPE_SYSTEM? */ +/* #undef NEED_PTHREAD_SCOPE_SYSTEM */ + +/* Do we need the qnx adjtime call? */ +/* #undef NEED_QNX_ADJTIME */ + +/* Do we need extra room for SO_RCVBUF? (HPUX < 8) */ +/* #undef NEED_RCVBUF_SLOP */ + +/* Do we need an s_char typedef? */ +#define NEED_S_CHAR_TYPEDEF 1 + +/* Might nlist() values require an extra level of indirection (AIX)? */ +/* #undef NLIST_EXTRA_INDIRECTION */ + +/* does struct nlist use a name union? */ +/* #undef NLIST_NAME_UNION */ + +/* nlist stuff */ +#define NLIST_STRUCT 1 + +/* Should we NOT read /dev/kmem? */ +#define NOKMEM 1 + +/* Define to 1 if your C compiler doesn't accept -c and -o together. */ +/* #undef NO_MINUS_C_MINUS_O */ + +/* Should we avoid #warning on option name collisions? */ +/* #undef NO_OPTION_NAME_WARNINGS */ + +/* Is there a problem using PARENB and IGNPAR? */ +/* #undef NO_PARENB_IGNPAR */ + +/* define if you have (or want) no threads */ +/* #undef NO_THREADS */ + +/* Default location of crypto key info */ +#define NTP_KEYSDIR "/etc/ntp" + +/* Path to sign daemon rendezvous socket */ +#define NTP_SIGND_PATH "/var/run/ntp_signd" + +/* Do we have ntp_{adj,get}time in libc? */ +#define NTP_SYSCALLS_LIBC 1 + +/* Do we have ntp_{adj,get}time in the kernel? */ +/* #undef NTP_SYSCALLS_STD */ + +/* Do we have support for SHMEM_STATUS? */ +#define ONCORE_SHMEM_STATUS 1 + +/* Use OpenSSL? */ +/* #define OPENSSL */ + +/* Should we open the broadcast socket? */ +#define OPEN_BCAST_SOCKET 1 + +/* need to recreate sockets on changed routing? */ +/* #undef OS_MISSES_SPECIFIC_ROUTE_UPDATES */ + +/* wildcard socket needs REUSEADDR to bind interface addresses */ +/* #undef OS_NEEDS_REUSEADDR_FOR_IFADDRBIND */ + +/* Do we need to override the system's idea of HZ? */ +#define OVERRIDE_HZ 1 + +/* Name of package */ +#define PACKAGE "ntp" + +/* Define to the address where bug reports for this package should be sent. */ +#define PACKAGE_BUGREPORT "http://bugs.ntp.org./" + +/* Define to the full name of this package. */ +#define PACKAGE_NAME "ntp" + +/* Define to the full name and version of this package. */ +#define PACKAGE_STRING "ntp 4.2.8p4" + +/* Define to the one symbol short name of this package. */ +#define PACKAGE_TARNAME "ntp" + +/* Define to the home page for this package. */ +#define PACKAGE_URL "http://www.ntp.org./" + +/* Define to the version of this package. */ +#define PACKAGE_VERSION "4.2.8p4" + +/* data dir */ +#define PERLLIBDIR "/usr/local/share/ntp/lib" + +/* define to a working POSIX compliant shell */ +#define POSIX_SHELL "/bin/bash" + +/* PARSE kernel PLL PPS support */ +/* #undef PPS_SYNC */ + +/* Preset a value for 'tick'? */ +#define PRESET_TICK 1000000L/hz + +/* Preset a value for 'tickadj'? */ +#define PRESET_TICKADJ 500/hz + +/* Should we not IGNPAR (Linux)? */ +/* #undef RAWDCF_NO_IGNPAR */ + +/* enable thread safety */ +#define REENTRANT 1 + +/* Basic refclock support? */ +#define REFCLOCK 1 + +/* Do we want the ReliantUNIX clock hacks? */ +/* #undef RELIANTUNIX_CLOCK */ + +/* define if sched_yield yields the entire process */ +/* #undef REPLACE_BROKEN_YIELD */ + +/* Define as the return type of signal handlers (`int' or `void'). */ +#define RETSIGTYPE void + +/* saveconfig mechanism */ +#define SAVECONFIG 1 + +/* Do we want the SCO clock hacks? */ +/* #undef SCO5_CLOCK */ + +/* The size of `char*', as computed by sizeof. */ +#ifdef __LP64__ +#define SIZEOF_CHARP 8 +#else +#define SIZEOF_CHARP 4 +#endif + +/* The size of `int', as computed by sizeof. */ +#define SIZEOF_INT 4 + +/* The size of `long', as computed by sizeof. */ +#ifdef __LP64__ +#define SIZEOF_LONG 8 +#else +#define SIZEOF_LONG 4 +#endif + +/* The size of `long long', as computed by sizeof. */ +#define SIZEOF_LONG_LONG 8 + +/* The size of `pthread_t', as computed by sizeof. */ +#define SIZEOF_PTHREAD_T 8 + +/* The size of `short', as computed by sizeof. */ +#define SIZEOF_SHORT 2 + +/* The size of `signed char', as computed by sizeof. */ +#define SIZEOF_SIGNED_CHAR 1 + +/* The size of `time_t', as computed by sizeof. */ +#if defined(__i386__) || defined(__powerpc__) +#define SIZEOF_TIME_T 4 +#else +#define SIZEOF_TIME_T 8 +#endif + +/* Does SIOCGIFCONF return size in the buffer? */ +/* #undef SIZE_RETURNED_IN_BUFFER */ + +/* Slew always? */ +/* #undef SLEWALWAYS */ + +/* If using the C implementation of alloca, define if you know the + direction of stack growth for your system; otherwise it will be + automatically deduced at runtime. + STACK_DIRECTION > 0 => grows toward higher addresses + STACK_DIRECTION < 0 => grows toward lower addresses + STACK_DIRECTION = 0 => direction of growth unknown */ +/* #undef STACK_DIRECTION */ + +/* Define to 1 if you have the ANSI C header files. */ +#define STDC_HEADERS 1 + +/* Step, then slew the clock? */ +/* #undef STEP_SLEW */ + +/* Define to 1 if strerror_r returns char *. */ +/* #undef STRERROR_R_CHAR_P */ + +/* canonical system (cpu-vendor-os) of where we should run */ +#if defined(__alpha__) +#define STR_SYSTEM "alpha-undermydesk-freebsd" +#elif defined(__sparc64__) +#define STR_SYSTEM "sparc64-undermydesk-freebsd" +#elif defined(__amd64__) +#define STR_SYSTEM "amd64-undermydesk-freebsd" +#elif defined(__powerpc64__) +#define STR_SYSTEM "powerpc64-undermydesk-freebsd" +#elif defined(__powerpc__) +#define STR_SYSTEM "powerpc-undermydesk-freebsd" +#elif defined(__mips64) +#define STR_SYSTEM "mips64-undermydesk-freebsd" +#elif defined(__mips__) +#define STR_SYSTEM "mips-undermydesk-freebsd" +#elif defined(__aarch64__) +#define STR_SYSTEM "arm64-undermydesk-freebsd" +#elif defined(__arm__) +#define STR_SYSTEM "arm-undermydesk-freebsd" +#elif defined(__sparc64__) +#define STR_SYSTEM "sparc64-undermydesk-freebsd" +#elif defined(__sparc__) +#define STR_SYSTEM "sparc-undermydesk-freebsd" +#elif defined(__ia64__) +#define STR_SYSTEM "ia64-undermydesk-freebsd" +#else +#define STR_SYSTEM "i386-undermydesk-freebsd" +#endif + +/* Does Xettimeofday take 1 arg? */ +/* #undef SYSV_TIMEOFDAY */ + +/* Do we need to #define _SVID3 when we #include <termios.h>? */ +/* #undef TERMIOS_NEEDS__SVID3 */ + +/* enable thread safety */ +#define THREADSAFE 1 + +/* enable thread safety */ +#define THREAD_SAFE 1 + +/* Is K_TICKADJ_NAME in nanoseconds? */ +/* #undef TICKADJ_NANO */ + +/* Is K_TICK_NAME in nanoseconds? */ +/* #undef TICK_NANO */ + +/* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */ +#define TIME_WITH_SYS_TIME 1 + +/* Define to 1 if your <sys/time.h> declares `struct tm'. */ +/* #undef TM_IN_SYS_TIME */ + +/* Provide a typedef for uintptr_t? */ +#ifndef HAVE_UINTPTR_T +typedef unsigned int uintptr_t; +#define HAVE_UINTPTR_T 1 +#endif + +/* What type to use for setsockopt */ +#define TYPEOF_IP_MULTICAST_LOOP u_char + +/* Do we set process groups with -pid? */ +/* #undef UDP_BACKWARDS_SETOWN */ + +/* Must we have a CTTY for fsetown? */ +#define USE_FSETOWNCTTY 1 + +/* Use OpenSSL's crypto random functions */ +/* #define USE_OPENSSL_CRYPTO_RAND 1 */ + +/* OK to use snprintb()? */ +/* #undef USE_SNPRINTB */ + +/* Can we use SIGPOLL for tty IO? */ +/* #undef USE_TTY_SIGPOLL */ + +/* Can we use SIGPOLL for UDP? */ +/* #undef USE_UDP_SIGPOLL */ + +/* Version number of package */ +#define VERSION "4.2.8p4" + +/* vsnprintf expands "%m" to strerror(errno) */ +/* #undef VSNPRINTF_PERCENT_M */ + +/* configure --enable-ipv6 */ +#define WANT_IPV6 1 + +/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most + significant byte first (like Motorola and SPARC, unlike Intel). */ +#if defined(__ARMEB__) || defined(__MIPSEB__) || defined(__powerpc__) || \ + defined(__powerpc64__) || defined(__sparc64__) +#define WORDS_BIGENDIAN 1 +#endif + +/* routine worker child proc uses to exit. */ +#define WORKER_CHILD_EXIT exit + +/* Define to 1 if on MINIX. */ +/* #undef _MINIX */ + +/* Define to 2 if the system does not provide POSIX.1 features except with + this defined. */ +/* #undef _POSIX_1_SOURCE */ + +/* Define to 1 if you need to in order for `stat' and other things to work. */ +/* #undef _POSIX_SOURCE */ + +/* enable thread safety */ +#define _REENTRANT 1 + +/* enable thread safety */ +#define _SGI_MP_SOURCE 1 + +/* enable thread safety */ +#define _THREADSAFE 1 + +/* enable thread safety */ +#define _THREAD_SAFE 1 + +/* Define to 500 only on HP-UX. */ +/* #undef _XOPEN_SOURCE */ + +/* Are we _special_? */ +/* #undef __APPLE_USE_RFC_3542 */ + +/* Define to 1 if type `char' is unsigned and you are not using gcc. */ +#ifndef __CHAR_UNSIGNED__ +/* # undef __CHAR_UNSIGNED__ */ +#endif + +/* Enable extensions on AIX 3, Interix. */ +#ifndef _ALL_SOURCE +# define _ALL_SOURCE 1 +#endif +/* Enable GNU extensions on systems that have them. */ +#ifndef _GNU_SOURCE +# define _GNU_SOURCE 1 +#endif +/* Enable threading extensions on Solaris. */ +#ifndef _POSIX_PTHREAD_SEMANTICS +# define _POSIX_PTHREAD_SEMANTICS 1 +#endif +/* Enable extensions on HP NonStop. */ +#ifndef _TANDEM_SOURCE +# define _TANDEM_SOURCE 1 +#endif +/* Enable general extensions on Solaris. */ +#ifndef __EXTENSIONS__ +# define __EXTENSIONS__ 1 +#endif + + +/* deviant */ +/* #undef adjtimex */ + +/* Define to empty if `const' does not conform to ANSI C. */ +/* #undef const */ + +/* Define to `int' if <sys/types.h> doesn't define. */ +/* #undef gid_t */ + +/* Define to `__inline__' or `__inline' if that's what the C compiler + calls it, or to nothing if 'inline' is not supported under any name. */ +#ifndef __cplusplus +/* #undef inline */ +#endif + +/* Define to the widest signed integer type if <stdint.h> and <inttypes.h> do + not define. */ +/* #undef intmax_t */ + +/* deviant */ +/* #undef ntp_adjtime */ + +/* deviant */ +/* #undef ntp_gettime */ + +/* Define to `long int' if <sys/types.h> does not define. */ +/* #undef off_t */ + +/* Define to `int' if <sys/types.h> does not define. */ +/* #undef pid_t */ + +/* Define to `unsigned int' if <sys/types.h> does not define. */ +/* #undef size_t */ + + + #if !defined(_KERNEL) && !defined(PARSESTREAM) + /* + * stdio.h must be included after _GNU_SOURCE is defined + * but before #define snprintf rpl_snprintf + */ + # include <stdio.h> + #endif + + +/* Define to rpl_snprintf if the replacement function should be used. */ +/* #undef snprintf */ + +/* Define to `int' if <sys/types.h> doesn't define. */ +/* #undef uid_t */ + +/* Define to the widest unsigned integer type if <stdint.h> and <inttypes.h> + do not define. */ +/* #undef uintmax_t */ + +/* Define to the type of an unsigned integer type wide enough to hold a + pointer, if such a type exists, and if the system does not define it. */ +/* #undef uintptr_t */ + +/* Define as `fork' if `vfork' does not work. */ +/* #undef vfork */ + +/* Define to empty if the keyword `volatile' does not work. Warning: valid + code using `volatile' can become incorrect without. Disable with care. */ +/* #undef volatile */ + +/* Define to rpl_vsnprintf if the replacement function should be used. */ +/* #undef vsnprintf */ + + +#ifndef MPINFOU_PREDECLARED +# define MPINFOU_PREDECLARED +typedef union mpinfou { + struct pdk_mpinfo *pdkptr; + struct mpinfo *pikptr; +} mpinfou_t; +#endif + + + + #if !defined(_KERNEL) && !defined(PARSESTREAM) + # if defined(HW_WANT_RPL_VSNPRINTF) + # if defined(__cplusplus) + extern "C" { + # endif + # include <stdarg.h> + int rpl_vsnprintf(char *, size_t, const char *, va_list); + # if defined(__cplusplus) + } + # endif + # endif + # if defined(HW_WANT_RPL_SNPRINTF) + # if defined(__cplusplus) + extern "C" { + # endif + int rpl_snprintf(char *, size_t, const char *, ...); + # if defined(__cplusplus) + } + # endif + # endif + #endif /* !defined(_KERNEL) && !defined(PARSESTREAM) */ + +/* + * FreeBSD specific: Explicitly specify date/time for reproducible build. + */ +#define MKREPRO_DATE "Oct 22 2015" +#define MKREPRO_TIME "17:58:31" diff --git a/usr.sbin/ntp/doc/Makefile b/usr.sbin/ntp/doc/Makefile new file mode 100644 index 0000000..283d6ab --- /dev/null +++ b/usr.sbin/ntp/doc/Makefile @@ -0,0 +1,34 @@ +# $FreeBSD$ + +.include <src.opts.mk> + +SUBDIR= drivers hints icons pic scripts + +FILESDIR= ${SHAREDIR}/doc/ntp + +.if ${MK_HTML} != "no" +FILES= access.html accopt.html assoc.html audio.html authentic.html \ + authopt.html autokey.html bugs.html build.html clock.html \ + clockopt.html cluster.html comdex.html config.html confopt.html \ + copyright.html debug.html decode.html discipline.html discover.html \ + extern.html filter.html hints.html history.html howto.html \ + huffpuff.html index.html kern.html kernpps.html keygen.html leap.html \ + miscopt.html monopt.html msyslog.html ntp-keygen.html ntp-wait.html \ + ntp.conf.html ntp.keys.html ntp_conf.html ntpd.html ntpdate.html \ + ntpdc.html ntpdsim.html ntpdsim_new.html ntpq.html ntpsnmpd.html \ + ntptime.html ntptrace.html orphan.html parsedata.html \ + parsenew.html poll.html pps.html prefer.html quick.html rate.html \ + rdebug.html refclock.html release.html select.html sitemap.html \ + sntp.html stats.html tickadj.html warp.html xleave.html +.endif + +MAN= ntp.conf.5 ntp.keys.5 +MAN+= ntp-keygen.8 ntpd.8 ntpdate.8 ntpdc.8 ntpq.8 ntptime.8 sntp.8 + +.PATH: ${.CURDIR}/../../../contrib/ntp/html \ + ${.CURDIR}/../../../contrib/ntp/util \ + ${.CURDIR}/../../../contrib/ntp/util \ + ${.CURDIR}/../../../contrib/ntp/ntpd \ + ${.CURDIR}/../../../contrib/ntp/ntpsnmpd + +.include <bsd.prog.mk> diff --git a/usr.sbin/ntp/doc/Makefile.depend b/usr.sbin/ntp/doc/Makefile.depend new file mode 100644 index 0000000..f80275d --- /dev/null +++ b/usr.sbin/ntp/doc/Makefile.depend @@ -0,0 +1,11 @@ +# $FreeBSD$ +# Autogenerated - do NOT edit! + +DIRDEPS = \ + + +.include <dirdeps.mk> + +.if ${DEP_RELDIR} == ${_DEP_RELDIR} +# local dependencies - needed for -jN in clean tree +.endif diff --git a/usr.sbin/ntp/doc/drivers/Makefile b/usr.sbin/ntp/doc/drivers/Makefile new file mode 100644 index 0000000..7ae3cd2 --- /dev/null +++ b/usr.sbin/ntp/doc/drivers/Makefile @@ -0,0 +1,21 @@ +# $FreeBSD$ + +.include <src.opts.mk> + +SUBDIR= icons scripts +FILESDIR= ${SHAREDIR}/doc/ntp/drivers + +.if ${MK_HTML} != "no" +FILES= driver1.html driver10.html driver11.html driver12.html driver16.html \ + driver18.html driver19.html driver20.html driver22.html driver26.html \ + driver27.html driver28.html driver29.html driver3.html driver30.html \ + driver31.html driver32.html driver33.html driver34.html driver35.html \ + driver36.html driver37.html driver38.html driver39.html driver4.html \ + driver40.html driver42.html driver43.html driver44.html driver45.html \ + driver46.html driver5.html driver6.html driver7.html driver8.html \ + driver9.html mx4200data.html oncore-shmem.html tf582_4.html +.endif + +.PATH: ${.CURDIR}/../../../../contrib/ntp/html/drivers + +.include <bsd.prog.mk> diff --git a/usr.sbin/ntp/doc/drivers/Makefile.depend b/usr.sbin/ntp/doc/drivers/Makefile.depend new file mode 100644 index 0000000..f80275d --- /dev/null +++ b/usr.sbin/ntp/doc/drivers/Makefile.depend @@ -0,0 +1,11 @@ +# $FreeBSD$ +# Autogenerated - do NOT edit! + +DIRDEPS = \ + + +.include <dirdeps.mk> + +.if ${DEP_RELDIR} == ${_DEP_RELDIR} +# local dependencies - needed for -jN in clean tree +.endif diff --git a/usr.sbin/ntp/doc/drivers/icons/Makefile b/usr.sbin/ntp/doc/drivers/icons/Makefile new file mode 100644 index 0000000..e76e1fa --- /dev/null +++ b/usr.sbin/ntp/doc/drivers/icons/Makefile @@ -0,0 +1,13 @@ +# $FreeBSD$ + +.include <src.opts.mk> + +FILESDIR= ${SHAREDIR}/doc/ntp/drivers/icons + +.if ${MK_HTML} != "no" +FILES= home.gif mail2.gif +.endif + +.PATH: ${.CURDIR}/../../../../../contrib/ntp/html/drivers/icons + +.include <bsd.prog.mk> diff --git a/usr.sbin/ntp/doc/drivers/icons/Makefile.depend b/usr.sbin/ntp/doc/drivers/icons/Makefile.depend new file mode 100644 index 0000000..f80275d --- /dev/null +++ b/usr.sbin/ntp/doc/drivers/icons/Makefile.depend @@ -0,0 +1,11 @@ +# $FreeBSD$ +# Autogenerated - do NOT edit! + +DIRDEPS = \ + + +.include <dirdeps.mk> + +.if ${DEP_RELDIR} == ${_DEP_RELDIR} +# local dependencies - needed for -jN in clean tree +.endif diff --git a/usr.sbin/ntp/doc/drivers/scripts/Makefile b/usr.sbin/ntp/doc/drivers/scripts/Makefile new file mode 100644 index 0000000..44ff1a6 --- /dev/null +++ b/usr.sbin/ntp/doc/drivers/scripts/Makefile @@ -0,0 +1,13 @@ +# $FreeBSD$ + +.include <src.opts.mk> + +FILESDIR= ${SHAREDIR}/doc/ntp/drivers/scripts + +.if ${MK_HTML} != "no" +FILES= footer.txt style.css +.endif + +.PATH: ${.CURDIR}/../../../../../contrib/ntp/html/drivers/scripts + +.include <bsd.prog.mk> diff --git a/usr.sbin/ntp/doc/drivers/scripts/Makefile.depend b/usr.sbin/ntp/doc/drivers/scripts/Makefile.depend new file mode 100644 index 0000000..f80275d --- /dev/null +++ b/usr.sbin/ntp/doc/drivers/scripts/Makefile.depend @@ -0,0 +1,11 @@ +# $FreeBSD$ +# Autogenerated - do NOT edit! + +DIRDEPS = \ + + +.include <dirdeps.mk> + +.if ${DEP_RELDIR} == ${_DEP_RELDIR} +# local dependencies - needed for -jN in clean tree +.endif diff --git a/usr.sbin/ntp/doc/hints/Makefile b/usr.sbin/ntp/doc/hints/Makefile new file mode 100644 index 0000000..fdbcea0 --- /dev/null +++ b/usr.sbin/ntp/doc/hints/Makefile @@ -0,0 +1,17 @@ +# $FreeBSD$ + +.include <src.opts.mk> + +FILESDIR= ${SHAREDIR}/doc/ntp/hints + +.if ${MK_HTML} != "no" +FILES= a-ux aix bsdi changes decosf1 decosf2 freebsd hpux linux mpeix \ + notes-xntp-v3 parse refclocks rs6000 sco.html sgi \ + solaris-dosynctodr.html solaris.html solaris.xtra.4023118 \ + solaris.xtra.4095849 solaris.xtra.S99ntpd solaris.xtra.patchfreq \ + sun4 svr4-dell svr4_package todo vxworks.html winnt.html +.endif + +.PATH: ${.CURDIR}/../../../../contrib/ntp/html/hints + +.include <bsd.prog.mk> diff --git a/usr.sbin/ntp/doc/hints/Makefile.depend b/usr.sbin/ntp/doc/hints/Makefile.depend new file mode 100644 index 0000000..f80275d --- /dev/null +++ b/usr.sbin/ntp/doc/hints/Makefile.depend @@ -0,0 +1,11 @@ +# $FreeBSD$ +# Autogenerated - do NOT edit! + +DIRDEPS = \ + + +.include <dirdeps.mk> + +.if ${DEP_RELDIR} == ${_DEP_RELDIR} +# local dependencies - needed for -jN in clean tree +.endif diff --git a/usr.sbin/ntp/doc/icons/Makefile b/usr.sbin/ntp/doc/icons/Makefile new file mode 100644 index 0000000..410a380 --- /dev/null +++ b/usr.sbin/ntp/doc/icons/Makefile @@ -0,0 +1,13 @@ +# $FreeBSD$ + +.include <src.opts.mk> + +FILESDIR= ${SHAREDIR}/doc/ntp/icons + +.if ${MK_HTML} != "no" +FILES= home.gif mail2.gif sitemap.png +.endif + +.PATH: ${.CURDIR}/../../../../contrib/ntp/html/icons + +.include <bsd.prog.mk> diff --git a/usr.sbin/ntp/doc/icons/Makefile.depend b/usr.sbin/ntp/doc/icons/Makefile.depend new file mode 100644 index 0000000..f80275d --- /dev/null +++ b/usr.sbin/ntp/doc/icons/Makefile.depend @@ -0,0 +1,11 @@ +# $FreeBSD$ +# Autogenerated - do NOT edit! + +DIRDEPS = \ + + +.include <dirdeps.mk> + +.if ${DEP_RELDIR} == ${_DEP_RELDIR} +# local dependencies - needed for -jN in clean tree +.endif diff --git a/usr.sbin/ntp/doc/ntp-keygen.8 b/usr.sbin/ntp/doc/ntp-keygen.8 new file mode 100644 index 0000000..197adbf --- /dev/null +++ b/usr.sbin/ntp/doc/ntp-keygen.8 @@ -0,0 +1,1073 @@ +.Dd October 21 2015 +.Dt NTP_KEYGEN 8 User Commands +.Os +.\" EDIT THIS FILE WITH CAUTION (ntp-keygen-opts.mdoc) +.\" +.\" $FreeBSD$ +.\" +.\" It has been AutoGen-ed October 21, 2015 at 12:40:10 PM by AutoGen 5.18.5 +.\" From the definitions ntp-keygen-opts.def +.\" and the template file agmdoc-cmd.tpl +.Sh NAME +.Nm ntp-keygen +.Nd Create a NTP host key +.Sh SYNOPSIS +.Nm +.\" Mixture of short (flag) options and long options +.Op Fl flags +.Op Fl flag Op Ar value +.Op Fl \-option\-name Ns Oo Oo Ns "=| " Oc Ns Ar value Oc +.Pp +All arguments must be options. +.Pp +.Sh DESCRIPTION +This program generates cryptographic data files used by the NTPv4 +authentication and identification schemes. +It generates MD5 key files used in symmetric key cryptography. +In addition, if the OpenSSL software library has been installed, +it generates keys, certificate and identity files used in public key +cryptography. +These files are used for cookie encryption, +digital signature and challenge/response identification algorithms +compatible with the Internet standard security infrastructure. +.Pp +All files are in PEM\-encoded printable ASCII format, +so they can be embedded as MIME attachments in mail to other sites +and certificate authorities. +By default, files are not encrypted. +.Pp +When used to generate message digest keys, the program produces a file +containing ten pseudo\-random printable ASCII strings suitable for the +MD5 message digest algorithm included in the distribution. +If the OpenSSL library is installed, it produces an additional ten +hex\-encoded random bit strings suitable for the SHA1 and other message +digest algorithms. +The message digest keys file must be distributed and stored +using secure means beyond the scope of NTP itself. +Besides the keys used for ordinary NTP associations, additional keys +can be defined as passwords for the +.Xr ntpq 8 +and +.Xr ntpdc 8 +utility programs. +.Pp +The remaining generated files are compatible with other OpenSSL +applications and other Public Key Infrastructure (PKI) resources. +Certificates generated by this program are compatible with extant +industry practice, although some users might find the interpretation of +X509v3 extension fields somewhat liberal. +However, the identity keys are probably not compatible with anything +other than Autokey. +.Pp +Some files used by this program are encrypted using a private password. +The +.Fl p +option specifies the password for local encrypted files and the +.Fl q +option the password for encrypted files sent to remote sites. +If no password is specified, the host name returned by the Unix +.Fn gethostname +function, normally the DNS name of the host is used. +.Pp +The +.Ar pw +option of the +.Ar crypto +configuration command specifies the read +password for previously encrypted local files. +This must match the local password used by this program. +If not specified, the host name is used. +Thus, if files are generated by this program without password, +they can be read back by +.Ar ntpd +without password but only on the same host. +.Pp +Normally, encrypted files for each host are generated by that host and +used only by that host, although exceptions exist as noted later on +this page. +The symmetric keys file, normally called +.Ar ntp.keys , +is usually installed in +.Pa /etc . +Other files and links are usually installed in +.Pa /usr/local/etc , +which is normally in a shared filesystem in +NFS\-mounted networks and cannot be changed by shared clients. +The location of the keys directory can be changed by the +.Ar keysdir +configuration command in such cases. +Normally, this is in +.Pa /etc . +.Pp +This program directs commentary and error messages to the standard +error stream +.Ar stderr +and remote files to the standard output stream +.Ar stdout +where they can be piped to other applications or redirected to files. +The names used for generated files and links all begin with the +string +.Ar ntpkey +and include the file type, generating host and filestamp, +as described in the +.Dq Cryptographic Data Files +section below. +.Ss Running the Program +To test and gain experience with Autokey concepts, log in as root and +change to the keys directory, usually +.Pa /usr/local/etc +When run for the first time, or if all files with names beginning with +.Ar ntpkey +have been removed, use the +.Nm +command without arguments to generate a +default RSA host key and matching RSA\-MD5 certificate with expiration +date one year hence. +If run again without options, the program uses the +existing keys and parameters and generates only a new certificate with +new expiration date one year hence. +.Pp +Run the command on as many hosts as necessary. +Designate one of them as the trusted host (TH) using +.Nm +with the +.Fl T +option and configure it to synchronize from reliable Internet servers. +Then configure the other hosts to synchronize to the TH directly or +indirectly. +A certificate trail is created when Autokey asks the immediately +ascendant host towards the TH to sign its certificate, which is then +provided to the immediately descendant host on request. +All group hosts should have acyclic certificate trails ending on the TH. +.Pp +The host key is used to encrypt the cookie when required and so must be +RSA type. +By default, the host key is also the sign key used to encrypt +signatures. +A different sign key can be assigned using the +.Fl S +option and this can be either RSA or DSA type. +By default, the signature +message digest type is MD5, but any combination of sign key type and +message digest type supported by the OpenSSL library can be specified +using the +.Fl c +option. +The rules say cryptographic media should be generated with proventic +filestamps, which means the host should already be synchronized before +this program is run. +This of course creates a chicken\-and\-egg problem +when the host is started for the first time. +Accordingly, the host time +should be set by some other means, such as eyeball\-and\-wristwatch, at +least so that the certificate lifetime is within the current year. +After that and when the host is synchronized to a proventic source, the +certificate should be re\-generated. +.Pp +Additional information on trusted groups and identity schemes is on the +.Dq Autokey Public\-Key Authentication +page. +.Pp +The +.Xr ntpd 8 +configuration command +.Ic crypto pw Ar password +specifies the read password for previously encrypted files. +The daemon expires on the spot if the password is missing +or incorrect. +For convenience, if a file has been previously encrypted, +the default read password is the name of the host running +the program. +If the previous write password is specified as the host name, +these files can be read by that host with no explicit password. +.Pp +File names begin with the prefix +.Cm ntpkey_ +and end with the postfix +.Ar _hostname.filestamp , +where +.Ar hostname +is the owner name, usually the string returned +by the Unix gethostname() routine, and +.Ar filestamp +is the NTP seconds when the file was generated, in decimal digits. +This both guarantees uniqueness and simplifies maintenance +procedures, since all files can be quickly removed +by a +.Ic rm ntpkey\&* +command or all files generated +at a specific time can be removed by a +.Ic rm +.Ar \&*filestamp +command. +To further reduce the risk of misconfiguration, +the first two lines of a file contain the file name +and generation date and time as comments. +.Pp +All files are installed by default in the keys directory +.Pa /usr/local/etc , +which is normally in a shared filesystem +in NFS\-mounted networks. +The actual location of the keys directory +and each file can be overridden by configuration commands, +but this is not recommended. +Normally, the files for each host are generated by that host +and used only by that host, although exceptions exist +as noted later on this page. +.Pp +Normally, files containing private values, +including the host key, sign key and identification parameters, +are permitted root read/write\-only; +while others containing public values are permitted world readable. +Alternatively, files containing private values can be encrypted +and these files permitted world readable, +which simplifies maintenance in shared file systems. +Since uniqueness is insured by the hostname and +file name extensions, the files for a NFS server and +dependent clients can all be installed in the same shared directory. +.Pp +The recommended practice is to keep the file name extensions +when installing a file and to install a soft link +from the generic names specified elsewhere on this page +to the generated files. +This allows new file generations to be activated simply +by changing the link. +If a link is present, ntpd follows it to the file name +to extract the filestamp. +If a link is not present, +.Xr ntpd 8 +extracts the filestamp from the file itself. +This allows clients to verify that the file and generation times +are always current. +The +.Nm +program uses the same timestamp extension for all files generated +at one time, so each generation is distinct and can be readily +recognized in monitoring data. +.Ss Running the program +The safest way to run the +.Nm +program is logged in directly as root. +The recommended procedure is change to the keys directory, +usually +.Pa /usr/local/etc , +then run the program. +When run for the first time, +or if all +.Cm ntpkey +files have been removed, +the program generates a RSA host key file and matching RSA\-MD5 certificate file, +which is all that is necessary in many cases. +The program also generates soft links from the generic names +to the respective files. +If run again, the program uses the same host key file, +but generates a new certificate file and link. +.Pp +The host key is used to encrypt the cookie when required and so must be RSA type. +By default, the host key is also the sign key used to encrypt signatures. +When necessary, a different sign key can be specified and this can be +either RSA or DSA type. +By default, the message digest type is MD5, but any combination +of sign key type and message digest type supported by the OpenSSL library +can be specified, including those using the MD2, MD5, SHA, SHA1, MDC2 +and RIPE160 message digest algorithms. +However, the scheme specified in the certificate must be compatible +with the sign key. +Certificates using any digest algorithm are compatible with RSA sign keys; +however, only SHA and SHA1 certificates are compatible with DSA sign keys. +.Pp +Private/public key files and certificates are compatible with +other OpenSSL applications and very likely other libraries as well. +Certificates or certificate requests derived from them should be compatible +with extant industry practice, although some users might find +the interpretation of X509v3 extension fields somewhat liberal. +However, the identification parameter files, although encoded +as the other files, are probably not compatible with anything other than Autokey. +.Pp +Running the program as other than root and using the Unix +.Ic su +command +to assume root may not work properly, since by default the OpenSSL library +looks for the random seed file +.Cm .rnd +in the user home directory. +However, there should be only one +.Cm .rnd , +most conveniently +in the root directory, so it is convenient to define the +.Cm $RANDFILE +environment variable used by the OpenSSL library as the path to +.Cm /.rnd . +.Pp +Installing the keys as root might not work in NFS\-mounted +shared file systems, as NFS clients may not be able to write +to the shared keys directory, even as root. +In this case, NFS clients can specify the files in another +directory such as +.Pa /etc +using the +.Ic keysdir +command. +There is no need for one client to read the keys and certificates +of other clients or servers, as these data are obtained automatically +by the Autokey protocol. +.Pp +Ordinarily, cryptographic files are generated by the host that uses them, +but it is possible for a trusted agent (TA) to generate these files +for other hosts; however, in such cases files should always be encrypted. +The subject name and trusted name default to the hostname +of the host generating the files, but can be changed by command line options. +It is convenient to designate the owner name and trusted name +as the subject and issuer fields, respectively, of the certificate. +The owner name is also used for the host and sign key files, +while the trusted name is used for the identity files. +.Pp +All files are installed by default in the keys directory +.Pa /usr/local/etc , +which is normally in a shared filesystem +in NFS\-mounted networks. +The actual location of the keys directory +and each file can be overridden by configuration commands, +but this is not recommended. +Normally, the files for each host are generated by that host +and used only by that host, although exceptions exist +as noted later on this page. +.Pp +Normally, files containing private values, +including the host key, sign key and identification parameters, +are permitted root read/write\-only; +while others containing public values are permitted world readable. +Alternatively, files containing private values can be encrypted +and these files permitted world readable, +which simplifies maintenance in shared file systems. +Since uniqueness is insured by the hostname and +file name extensions, the files for a NFS server and +dependent clients can all be installed in the same shared directory. +.Pp +The recommended practice is to keep the file name extensions +when installing a file and to install a soft link +from the generic names specified elsewhere on this page +to the generated files. +This allows new file generations to be activated simply +by changing the link. +If a link is present, ntpd follows it to the file name +to extract the filestamp. +If a link is not present, +.Xr ntpd 8 +extracts the filestamp from the file itself. +This allows clients to verify that the file and generation times +are always current. +The +.Nm +program uses the same timestamp extension for all files generated +at one time, so each generation is distinct and can be readily +recognized in monitoring data. +.Ss Running the program +The safest way to run the +.Nm +program is logged in directly as root. +The recommended procedure is change to the keys directory, +usually +.Pa /usr/local/etc , +then run the program. +When run for the first time, +or if all +.Cm ntpkey +files have been removed, +the program generates a RSA host key file and matching RSA\-MD5 certificate file, +which is all that is necessary in many cases. +The program also generates soft links from the generic names +to the respective files. +If run again, the program uses the same host key file, +but generates a new certificate file and link. +.Pp +The host key is used to encrypt the cookie when required and so must be RSA type. +By default, the host key is also the sign key used to encrypt signatures. +When necessary, a different sign key can be specified and this can be +either RSA or DSA type. +By default, the message digest type is MD5, but any combination +of sign key type and message digest type supported by the OpenSSL library +can be specified, including those using the MD2, MD5, SHA, SHA1, MDC2 +and RIPE160 message digest algorithms. +However, the scheme specified in the certificate must be compatible +with the sign key. +Certificates using any digest algorithm are compatible with RSA sign keys; +however, only SHA and SHA1 certificates are compatible with DSA sign keys. +.Pp +Private/public key files and certificates are compatible with +other OpenSSL applications and very likely other libraries as well. +Certificates or certificate requests derived from them should be compatible +with extant industry practice, although some users might find +the interpretation of X509v3 extension fields somewhat liberal. +However, the identification parameter files, although encoded +as the other files, are probably not compatible with anything other than Autokey. +.Pp +Running the program as other than root and using the Unix +.Ic su +command +to assume root may not work properly, since by default the OpenSSL library +looks for the random seed file +.Cm .rnd +in the user home directory. +However, there should be only one +.Cm .rnd , +most conveniently +in the root directory, so it is convenient to define the +.Cm $RANDFILE +environment variable used by the OpenSSL library as the path to +.Cm /.rnd . +.Pp +Installing the keys as root might not work in NFS\-mounted +shared file systems, as NFS clients may not be able to write +to the shared keys directory, even as root. +In this case, NFS clients can specify the files in another +directory such as +.Pa /etc +using the +.Ic keysdir +command. +There is no need for one client to read the keys and certificates +of other clients or servers, as these data are obtained automatically +by the Autokey protocol. +.Pp +Ordinarily, cryptographic files are generated by the host that uses them, +but it is possible for a trusted agent (TA) to generate these files +for other hosts; however, in such cases files should always be encrypted. +The subject name and trusted name default to the hostname +of the host generating the files, but can be changed by command line options. +It is convenient to designate the owner name and trusted name +as the subject and issuer fields, respectively, of the certificate. +The owner name is also used for the host and sign key files, +while the trusted name is used for the identity files. +seconds. +seconds. +s Trusted Hosts and Groups +Each cryptographic configuration involves selection of a signature scheme +and identification scheme, called a cryptotype, +as explained in the +.Sx Authentication Options +section of +.Xr ntp.conf 5 . +The default cryptotype uses RSA encryption, MD5 message digest +and TC identification. +First, configure a NTP subnet including one or more low\-stratum +trusted hosts from which all other hosts derive synchronization +directly or indirectly. +Trusted hosts have trusted certificates; +all other hosts have nontrusted certificates. +These hosts will automatically and dynamically build authoritative +certificate trails to one or more trusted hosts. +A trusted group is the set of all hosts that have, directly or indirectly, +a certificate trail ending at a trusted host. +The trail is defined by static configuration file entries +or dynamic means described on the +.Sx Automatic NTP Configuration Options +section of +.Xr ntp.conf 5 . +.Pp +On each trusted host as root, change to the keys directory. +To insure a fresh fileset, remove all +.Cm ntpkey +files. +Then run +.Nm +.Fl T +to generate keys and a trusted certificate. +On all other hosts do the same, but leave off the +.Fl T +flag to generate keys and nontrusted certificates. +When complete, start the NTP daemons beginning at the lowest stratum +and working up the tree. +It may take some time for Autokey to instantiate the certificate trails +throughout the subnet, but setting up the environment is completely automatic. +.Pp +If it is necessary to use a different sign key or different digest/signature +scheme than the default, run +.Nm +with the +.Fl S Ar type +option, where +.Ar type +is either +.Cm RSA +or +.Cm DSA . +The most often need to do this is when a DSA\-signed certificate is used. +If it is necessary to use a different certificate scheme than the default, +run +.Nm +with the +.Fl c Ar scheme +option and selected +.Ar scheme +as needed. +f +.Nm +is run again without these options, it generates a new certificate +using the same scheme and sign key. +.Pp +After setting up the environment it is advisable to update certificates +from time to time, if only to extend the validity interval. +Simply run +.Nm +with the same flags as before to generate new certificates +using existing keys. +However, if the host or sign key is changed, +.Xr ntpd 8 +should be restarted. +When +.Xr ntpd 8 +is restarted, it loads any new files and restarts the protocol. +Other dependent hosts will continue as usual until signatures are refreshed, +at which time the protocol is restarted. +.Ss Identity Schemes +As mentioned on the Autonomous Authentication page, +the default TC identity scheme is vulnerable to a middleman attack. +However, there are more secure identity schemes available, +including PC, IFF, GQ and MV described on the +.Qq Identification Schemes +page +(maybe available at +.Li http://www.eecis.udel.edu/%7emills/keygen.html ) . +These schemes are based on a TA, one or more trusted hosts +and some number of nontrusted hosts. +Trusted hosts prove identity using values provided by the TA, +while the remaining hosts prove identity using values provided +by a trusted host and certificate trails that end on that host. +The name of a trusted host is also the name of its sugroup +and also the subject and issuer name on its trusted certificate. +The TA is not necessarily a trusted host in this sense, but often is. +.Pp +In some schemes there are separate keys for servers and clients. +A server can also be a client of another server, +but a client can never be a server for another client. +In general, trusted hosts and nontrusted hosts that operate +as both server and client have parameter files that contain +both server and client keys. +Hosts that operate +only as clients have key files that contain only client keys. +.Pp +The PC scheme supports only one trusted host in the group. +On trusted host alice run +.Nm +.Fl P +.Fl p Ar password +to generate the host key file +.Pa ntpkey_RSAkey_ Ns Ar alice.filestamp +and trusted private certificate file +.Pa ntpkey_RSA\-MD5_cert_ Ns Ar alice.filestamp . +Copy both files to all group hosts; +they replace the files which would be generated in other schemes. +On each host bob install a soft link from the generic name +.Pa ntpkey_host_ Ns Ar bob +to the host key file and soft link +.Pa ntpkey_cert_ Ns Ar bob +to the private certificate file. +Note the generic links are on bob, but point to files generated +by trusted host alice. +In this scheme it is not possible to refresh +either the keys or certificates without copying them +to all other hosts in the group. +.Pp +For the IFF scheme proceed as in the TC scheme to generate keys +and certificates for all group hosts, then for every trusted host in the group, +generate the IFF parameter file. +On trusted host alice run +.Nm +.Fl T +.Fl I +.Fl p Ar password +to produce her parameter file +.Pa ntpkey_IFFpar_ Ns Ar alice.filestamp , +which includes both server and client keys. +Copy this file to all group hosts that operate as both servers +and clients and install a soft link from the generic +.Pa ntpkey_iff_ Ns Ar alice +to this file. +If there are no hosts restricted to operate only as clients, +there is nothing further to do. +As the IFF scheme is independent +of keys and certificates, these files can be refreshed as needed. +.Pp +If a rogue client has the parameter file, it could masquerade +as a legitimate server and present a middleman threat. +To eliminate this threat, the client keys can be extracted +from the parameter file and distributed to all restricted clients. +After generating the parameter file, on alice run +.Nm +.Fl e +and pipe the output to a file or mail program. +Copy or mail this file to all restricted clients. +On these clients install a soft link from the generic +.Pa ntpkey_iff_ Ns Ar alice +to this file. +To further protect the integrity of the keys, +each file can be encrypted with a secret password. +.Pp +For the GQ scheme proceed as in the TC scheme to generate keys +and certificates for all group hosts, then for every trusted host +in the group, generate the IFF parameter file. +On trusted host alice run +.Nm +.Fl T +.Fl G +.Fl p Ar password +to produce her parameter file +.Pa ntpkey_GQpar_ Ns Ar alice.filestamp , +which includes both server and client keys. +Copy this file to all group hosts and install a soft link +from the generic +.Pa ntpkey_gq_ Ns Ar alice +to this file. +In addition, on each host bob install a soft link +from generic +.Pa ntpkey_gq_ Ns Ar bob +to this file. +As the GQ scheme updates the GQ parameters file and certificate +at the same time, keys and certificates can be regenerated as needed. +.Pp +For the MV scheme, proceed as in the TC scheme to generate keys +and certificates for all group hosts. +For illustration assume trish is the TA, alice one of several trusted hosts +and bob one of her clients. +On TA trish run +.Nm +.Fl V Ar n +.Fl p Ar password , +where +.Ar n +is the number of revokable keys (typically 5) to produce +the parameter file +.Pa ntpkeys_MVpar_ Ns Ar trish.filestamp +and client key files +.Pa ntpkeys_MVkeyd_ Ns Ar trish.filestamp +where +.Ar d +is the key number (0 \&< +.Ar d +\&< +.Ar n ) . +Copy the parameter file to alice and install a soft link +from the generic +.Pa ntpkey_mv_ Ns Ar alice +to this file. +Copy one of the client key files to alice for later distribution +to her clients. +It doesn't matter which client key file goes to alice, +since they all work the same way. +Alice copies the client key file to all of her cliens. +On client bob install a soft link from generic +.Pa ntpkey_mvkey_ Ns Ar bob +to the client key file. +As the MV scheme is independent of keys and certificates, +these files can be refreshed as needed. +.Ss Command Line Options +.Bl -tag -width indent +.It Fl c Ar scheme +Select certificate message digest/signature encryption scheme. +The +.Ar scheme +can be one of the following: +. Cm RSA\-MD2 , RSA\-MD5 , RSA\-SHA , RSA\-SHA1 , RSA\-MDC2 , RSA\-RIPEMD160 , DSA\-SHA , +or +.Cm DSA\-SHA1 . +Note that RSA schemes must be used with a RSA sign key and DSA +schemes must be used with a DSA sign key. +The default without this option is +.Cm RSA\-MD5 . +.It Fl d +Enable debugging. +This option displays the cryptographic data produced in eye\-friendly billboards. +.It Fl e +Write the IFF client keys to the standard output. +This is intended for automatic key distribution by mail. +.It Fl G +Generate parameters and keys for the GQ identification scheme, +obsoleting any that may exist. +.It Fl g +Generate keys for the GQ identification scheme +using the existing GQ parameters. +If the GQ parameters do not yet exist, create them first. +.It Fl H +Generate new host keys, obsoleting any that may exist. +.It Fl I +Generate parameters for the IFF identification scheme, +obsoleting any that may exist. +.It Fl i Ar name +Set the suject name to +.Ar name . +This is used as the subject field in certificates +and in the file name for host and sign keys. +.It Fl M +Generate MD5 keys, obsoleting any that may exist. +.It Fl P +Generate a private certificate. +By default, the program generates public certificates. +.It Fl p Ar password +Encrypt generated files containing private data with +.Ar password +and the DES\-CBC algorithm. +.It Fl q +Set the password for reading files to password. +.It Fl S Oo Cm RSA | DSA Oc +Generate a new sign key of the designated type, +obsoleting any that may exist. +By default, the program uses the host key as the sign key. +.It Fl s Ar name +Set the issuer name to +.Ar name . +This is used for the issuer field in certificates +and in the file name for identity files. +.It Fl T +Generate a trusted certificate. +By default, the program generates a non\-trusted certificate. +.It Fl V Ar nkeys +Generate parameters and keys for the Mu\-Varadharajan (MV) identification scheme. +.El +.Ss Random Seed File +All cryptographically sound key generation schemes must have means +to randomize the entropy seed used to initialize +the internal pseudo\-random number generator used +by the library routines. +The OpenSSL library uses a designated random seed file for this purpose. +The file must be available when starting the NTP daemon and +.Nm +program. +If a site supports OpenSSL or its companion OpenSSH, +it is very likely that means to do this are already available. +.Pp +It is important to understand that entropy must be evolved +for each generation, for otherwise the random number sequence +would be predictable. +Various means dependent on external events, such as keystroke intervals, +can be used to do this and some systems have built\-in entropy sources. +Suitable means are described in the OpenSSL software documentation, +but are outside the scope of this page. +.Pp +The entropy seed used by the OpenSSL library is contained in a file, +usually called +.Cm .rnd , +which must be available when starting the NTP daemon +or the +.Nm +program. +The NTP daemon will first look for the file +using the path specified by the +.Ic randfile +subcommand of the +.Ic crypto +configuration command. +If not specified in this way, or when starting the +.Nm +program, +the OpenSSL library will look for the file using the path specified +by the +.Ev RANDFILE +environment variable in the user home directory, +whether root or some other user. +If the +.Ev RANDFILE +environment variable is not present, +the library will look for the +.Cm .rnd +file in the user home directory. +If the file is not available or cannot be written, +the daemon exits with a message to the system log and the program +exits with a suitable error message. +.Ss Cryptographic Data Files +All other file formats begin with two lines. +The first contains the file name, including the generated host name +and filestamp. +The second contains the datestamp in conventional Unix date format. +Lines beginning with # are considered comments and ignored by the +.Nm +program and +.Xr ntpd 8 +daemon. +Cryptographic values are encoded first using ASN.1 rules, +then encrypted if necessary, and finally written PEM\-encoded +printable ASCII format preceded and followed by MIME content identifier lines. +.Pp +The format of the symmetric keys file is somewhat different +than the other files in the interest of backward compatibility. +Since DES\-CBC is deprecated in NTPv4, the only key format of interest +is MD5 alphanumeric strings. +Following hte heard the keys are +entered one per line in the format +.D1 Ar keyno type key +where +.Ar keyno +is a positive integer in the range 1\-65,535, +.Ar type +is the string MD5 defining the key format and +.Ar key +is the key itself, +which is a printable ASCII string 16 characters or less in length. +Each character is chosen from the 93 printable characters +in the range 0x21 through 0x7f excluding space and the +.Ql # +character. +.Pp +Note that the keys used by the +.Xr ntpq 8 +and +.Xr ntpdc 8 +programs +are checked against passwords requested by the programs +and entered by hand, so it is generally appropriate to specify these keys +in human readable ASCII format. +.Pp +The +.Nm +program generates a MD5 symmetric keys file +.Pa ntpkey_MD5key_ Ns Ar hostname.filestamp . +Since the file contains private shared keys, +it should be visible only to root and distributed by secure means +to other subnet hosts. +The NTP daemon loads the file +.Pa ntp.keys , +so +.Nm +installs a soft link from this name to the generated file. +Subsequently, similar soft links must be installed by manual +or automated means on the other subnet hosts. +While this file is not used with the Autokey Version 2 protocol, +it is needed to authenticate some remote configuration commands +used by the +.Xr ntpq 8 +and +.Xr ntpdc 8 +utilities. +.Sh "OPTIONS" +.Bl -tag +.It Fl b Ar imbits , Fl \-imbits Ns = Ns Ar imbits +identity modulus bits. +This option takes an integer number as its argument. +The value of +.Ar imbits +is constrained to being: +.in +4 +.nf +.na +in the range 256 through 2048 +.fi +.in -4 +.sp +The number of bits in the identity modulus. The default is 256. +.It Fl c Ar scheme , Fl \-certificate Ns = Ns Ar scheme +certificate scheme. +.sp +scheme is one of +RSA\-MD2, RSA\-MD5, RSA\-SHA, RSA\-SHA1, RSA\-MDC2, RSA\-RIPEMD160, +DSA\-SHA, or DSA\-SHA1. +.sp +Select the certificate message digest/signature encryption scheme. +Note that RSA schemes must be used with a RSA sign key and DSA +schemes must be used with a DSA sign key. The default without +this option is RSA\-MD5. +.It Fl C Ar cipher , Fl \-cipher Ns = Ns Ar cipher +privatekey cipher. +.sp +Select the cipher which is used to encrypt the files containing +private keys. The default is three\-key triple DES in CBC mode, +equivalent to "@code{\-C des\-ede3\-cbc". The openssl tool lists ciphers +available in "\fBopenssl \-h\fP" output. +.It Fl d , Fl \-debug\-level +Increase debug verbosity level. +This option may appear an unlimited number of times. +.sp +.It Fl D Ar number , Fl \-set\-debug\-level Ns = Ns Ar number +Set the debug verbosity level. +This option may appear an unlimited number of times. +This option takes an integer number as its argument. +.sp +.It Fl e , Fl \-id\-key +Write IFF or GQ identity keys. +.sp +Write the IFF or GQ client keys to the standard output. This is +intended for automatic key distribution by mail. +.It Fl G , Fl \-gq\-params +Generate GQ parameters and keys. +.sp +Generate parameters and keys for the GQ identification scheme, +obsoleting any that may exist. +.It Fl H , Fl \-host\-key +generate RSA host key. +.sp +Generate new host keys, obsoleting any that may exist. +.It Fl I , Fl \-iffkey +generate IFF parameters. +.sp +Generate parameters for the IFF identification scheme, obsoleting +any that may exist. +.It Fl i Ar group , Fl \-ident Ns = Ns Ar group +set Autokey group name. +.sp +Set the optional Autokey group name to name. This is used in +the file name of IFF, GQ, and MV client parameters files. In +that role, the default is the host name if this option is not +provided. The group name, if specified using \fB\-i/\-\-ident\fP or +using \fB\-s/\-\-subject\-name\fP following an '\fB@\fP' character, +is also a part of the self\-signed host certificate's subject and +issuer names in the form \fBhost@group\fP and should match the +\'\fBcrypto ident\fP' or '\fBserver ident\fP' configuration in +\fBntpd\fP's configuration file. +.It Fl l Ar lifetime , Fl \-lifetime Ns = Ns Ar lifetime +set certificate lifetime. +This option takes an integer number as its argument. +.sp +Set the certificate expiration to lifetime days from now. +.It Fl M , Fl \-md5key +generate MD5 keys. +.sp +Generate MD5 keys, obsoleting any that may exist. +.It Fl m Ar modulus , Fl \-modulus Ns = Ns Ar modulus +modulus. +This option takes an integer number as its argument. +The value of +.Ar modulus +is constrained to being: +.in +4 +.nf +.na +in the range 256 through 2048 +.fi +.in -4 +.sp +The number of bits in the prime modulus. The default is 512. +.It Fl P , Fl \-pvt\-cert +generate PC private certificate. +.sp +Generate a private certificate. By default, the program generates +public certificates. +.It Fl p Ar passwd , Fl \-password Ns = Ns Ar passwd +local private password. +.sp +Local files containing private data are encrypted with the +DES\-CBC algorithm and the specified password. The same password +must be specified to the local ntpd via the "crypto pw password" +configuration command. The default password is the local +hostname. +.It Fl q Ar passwd , Fl \-export\-passwd Ns = Ns Ar passwd +export IFF or GQ group keys with password. +.sp +Export IFF or GQ identity group keys to the standard output, +encrypted with the DES\-CBC algorithm and the specified password. +The same password must be specified to the remote ntpd via the +"crypto pw password" configuration command. See also the option +-\-id\-key (\-e) for unencrypted exports. +.It Fl S Ar sign , Fl \-sign\-key Ns = Ns Ar sign +generate sign key (RSA or DSA). +.sp +Generate a new sign key of the designated type, obsoleting any +that may exist. By default, the program uses the host key as the +sign key. +.It Fl s Ar host@group , Fl \-subject\-name Ns = Ns Ar host@group +set host and optionally group name. +.sp +Set the Autokey host name, and optionally, group name specified +following an '\fB@\fP' character. The host name is used in the file +name of generated host and signing certificates, without the +group name. The host name, and if provided, group name are used +in \fBhost@group\fP form for the host certificate's subject and issuer +fields. Specifying '\fB\-s @group\fP' is allowed, and results in +leaving the host name unchanged while appending \fB@group\fP to the +subject and issuer fields, as with \fB\-i group\fP. The group name, or +if not provided, the host name are also used in the file names +of IFF, GQ, and MV client parameter files. +.It Fl T , Fl \-trusted\-cert +trusted certificate (TC scheme). +.sp +Generate a trusted certificate. By default, the program generates +a non\-trusted certificate. +.It Fl V Ar num , Fl \-mv\-params Ns = Ns Ar num +generate <num> MV parameters. +This option takes an integer number as its argument. +.sp +Generate parameters and keys for the Mu\-Varadharajan (MV) +identification scheme. +.It Fl v Ar num , Fl \-mv\-keys Ns = Ns Ar num +update <num> MV keys. +This option takes an integer number as its argument. +.sp +This option has not been fully documented. +.It Fl \&? , Fl \-help +Display usage information and exit. +.It Fl \&! , Fl \-more\-help +Pass the extended usage information through a pager. +.It Fl > Oo Ar cfgfile Oc , Fl \-save\-opts Oo Ns = Ns Ar cfgfile Oc +Save the option state to \fIcfgfile\fP. The default is the \fIlast\fP +configuration file listed in the \fBOPTION PRESETS\fP section, below. +The command will exit after updating the config file. +.It Fl < Ar cfgfile , Fl \-load\-opts Ns = Ns Ar cfgfile , Fl \-no\-load\-opts +Load options from \fIcfgfile\fP. +The \fIno\-load\-opts\fP form will disable the loading +of earlier config/rc/ini files. \fI\-\-no\-load\-opts\fP is handled early, +out of order. +.It Fl \-version Op Brq Ar v|c|n +Output version of program and exit. The default mode is `v', a simple +version. The `c' mode will print copyright information and `n' will +print the full copyright notice. +.El +.Sh "OPTION PRESETS" +Any option that is not marked as \fInot presettable\fP may be preset +by loading values from configuration ("RC" or ".INI") file(s) and values from +environment variables named: +.nf + \fBNTP_KEYGEN_<option\-name>\fP or \fBNTP_KEYGEN\fP +.fi +.ad +The environmental presets take precedence (are processed later than) +the configuration files. +The \fIhomerc\fP files are "\fI$HOME\fP", and "\fI.\fP". +If any of these are directories, then the file \fI.ntprc\fP +is searched for within those directories. +.Sh USAGE +The +.Fl p Ar password +option specifies the write password and +.Fl q Ar password +option the read password for previously encrypted files. +The +.Nm +program prompts for the password if it reads an encrypted file +and the password is missing or incorrect. +If an encrypted file is read successfully and +no write password is specified, the read password is used +as the write password by default. +.Sh "ENVIRONMENT" +See \fBOPTION PRESETS\fP for configuration environment variables. +.Sh "FILES" +See \fBOPTION PRESETS\fP for configuration files. +.Sh "EXIT STATUS" +One of the following exit values will be returned: +.Bl -tag +.It 0 " (EXIT_SUCCESS)" +Successful program execution. +.It 1 " (EXIT_FAILURE)" +The operation failed or the command syntax was not valid. +.It 66 " (EX_NOINPUT)" +A specified configuration file could not be loaded. +.It 70 " (EX_SOFTWARE)" +libopts had an internal operational error. Please report +it to autogen\-users@lists.sourceforge.net. Thank you. +.El +.Sh "AUTHORS" +The University of Delaware and Network Time Foundation +.Sh "COPYRIGHT" +Copyright (C) 1992\-2015 The University of Delaware and Network Time Foundation all rights reserved. +This program is released under the terms of the NTP license, <http://ntp.org/license>. +.Sh BUGS +It can take quite a while to generate some cryptographic values, +from one to several minutes with modern architectures +such as UltraSPARC and up to tens of minutes to an hour +with older architectures such as SPARC IPC. +.Pp +Please report bugs to http://bugs.ntp.org . +.Pp +Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org +.Sh NOTES +Portions of this document came from FreeBSD. +.Pp +This manual page was \fIAutoGen\fP\-erated from the \fBntp\-keygen\fP +option definitions. diff --git a/usr.sbin/ntp/doc/ntp.conf.5 b/usr.sbin/ntp/doc/ntp.conf.5 new file mode 100644 index 0000000..c7af12d --- /dev/null +++ b/usr.sbin/ntp/doc/ntp.conf.5 @@ -0,0 +1,2858 @@ +.Dd October 21 2015 +.Dt NTP_CONF 5 File Formats +.Os +.\" EDIT THIS FILE WITH CAUTION (ntp.mdoc) +.\" +.\" $FreeBSD$ +.\" +.\" It has been AutoGen-ed October 21, 2015 at 12:38:24 PM by AutoGen 5.18.5 +.\" From the definitions ntp.conf.def +.\" and the template file agmdoc-cmd.tpl +.Sh NAME +.Nm ntp.conf +.Nd Network Time Protocol (NTP) daemon configuration file format +.Sh SYNOPSIS +.Nm +.Op Fl \-option\-name +.Op Fl \-option\-name Ar value +.Pp +All arguments must be options. +.Pp +.Sh DESCRIPTION +The +.Nm +configuration file is read at initial startup by the +.Xr ntpd 8 +daemon in order to specify the synchronization sources, +modes and other related information. +Usually, it is installed in the +.Pa /etc +directory, +but could be installed elsewhere +(see the daemon's +.Fl c +command line option). +.Pp +The file format is similar to other +.Ux +configuration files. +Comments begin with a +.Ql # +character and extend to the end of the line; +blank lines are ignored. +Configuration commands consist of an initial keyword +followed by a list of arguments, +some of which may be optional, separated by whitespace. +Commands may not be continued over multiple lines. +Arguments may be host names, +host addresses written in numeric, dotted\-quad form, +integers, floating point numbers (when specifying times in seconds) +and text strings. +.Pp +The rest of this page describes the configuration and control options. +The +.Qq Notes on Configuring NTP and Setting up an NTP Subnet +page +(available as part of the HTML documentation +provided in +.Pa /usr/share/doc/ntp ) +contains an extended discussion of these options. +In addition to the discussion of general +.Sx Configuration Options , +there are sections describing the following supported functionality +and the options used to control it: +.Bl -bullet -offset indent +.It +.Sx Authentication Support +.It +.Sx Monitoring Support +.It +.Sx Access Control Support +.It +.Sx Automatic NTP Configuration Options +.It +.Sx Reference Clock Support +.It +.Sx Miscellaneous Options +.El +.Pp +Following these is a section describing +.Sx Miscellaneous Options . +While there is a rich set of options available, +the only required option is one or more +.Ic pool , +.Ic server , +.Ic peer , +.Ic broadcast +or +.Ic manycastclient +commands. +.Sh Configuration Support +Following is a description of the configuration commands in +NTPv4. +These commands have the same basic functions as in NTPv3 and +in some cases new functions and new arguments. +There are two +classes of commands, configuration commands that configure a +persistent association with a remote server or peer or reference +clock, and auxiliary commands that specify environmental variables +that control various related operations. +.Ss Configuration Commands +The various modes are determined by the command keyword and the +type of the required IP address. +Addresses are classed by type as +(s) a remote server or peer (IPv4 class A, B and C), (b) the +broadcast address of a local interface, (m) a multicast address (IPv4 +class D), or (r) a reference clock address (127.127.x.x). +Note that +only those options applicable to each command are listed below. +Use +of options not listed may not be caught as an error, but may result +in some weird and even destructive behavior. +.Pp +If the Basic Socket Interface Extensions for IPv6 (RFC\-2553) +is detected, support for the IPv6 address family is generated +in addition to the default support of the IPv4 address family. +In a few cases, including the reslist billboard generated +by ntpdc, IPv6 addresses are automatically generated. +IPv6 addresses can be identified by the presence of colons +.Dq \&: +in the address field. +IPv6 addresses can be used almost everywhere where +IPv4 addresses can be used, +with the exception of reference clock addresses, +which are always IPv4. +.Pp +Note that in contexts where a host name is expected, a +.Fl 4 +qualifier preceding +the host name forces DNS resolution to the IPv4 namespace, +while a +.Fl 6 +qualifier forces DNS resolution to the IPv6 namespace. +See IPv6 references for the +equivalent classes for that address family. +.Bl -tag -width indent +.It Xo Ic pool Ar address +.Op Cm burst +.Op Cm iburst +.Op Cm version Ar version +.Op Cm prefer +.Op Cm minpoll Ar minpoll +.Op Cm maxpoll Ar maxpoll +.Xc +.It Xo Ic server Ar address +.Op Cm key Ar key \&| Cm autokey +.Op Cm burst +.Op Cm iburst +.Op Cm version Ar version +.Op Cm prefer +.Op Cm minpoll Ar minpoll +.Op Cm maxpoll Ar maxpoll +.Xc +.It Xo Ic peer Ar address +.Op Cm key Ar key \&| Cm autokey +.Op Cm version Ar version +.Op Cm prefer +.Op Cm minpoll Ar minpoll +.Op Cm maxpoll Ar maxpoll +.Xc +.It Xo Ic broadcast Ar address +.Op Cm key Ar key \&| Cm autokey +.Op Cm version Ar version +.Op Cm prefer +.Op Cm minpoll Ar minpoll +.Op Cm ttl Ar ttl +.Xc +.It Xo Ic manycastclient Ar address +.Op Cm key Ar key \&| Cm autokey +.Op Cm version Ar version +.Op Cm prefer +.Op Cm minpoll Ar minpoll +.Op Cm maxpoll Ar maxpoll +.Op Cm ttl Ar ttl +.Xc +.El +.Pp +These five commands specify the time server name or address to +be used and the mode in which to operate. +The +.Ar address +can be +either a DNS name or an IP address in dotted\-quad notation. +Additional information on association behavior can be found in the +.Qq Association Management +page +(available as part of the HTML documentation +provided in +.Pa /usr/share/doc/ntp ) . +.Bl -tag -width indent +.It Ic pool +For type s addresses, this command mobilizes a persistent +client mode association with a number of remote servers. +In this mode the local clock can synchronized to the +remote server, but the remote server can never be synchronized to +the local clock. +.It Ic server +For type s and r addresses, this command mobilizes a persistent +client mode association with the specified remote server or local +radio clock. +In this mode the local clock can synchronized to the +remote server, but the remote server can never be synchronized to +the local clock. +This command should +.Em not +be used for type +b or m addresses. +.It Ic peer +For type s addresses (only), this command mobilizes a +persistent symmetric\-active mode association with the specified +remote peer. +In this mode the local clock can be synchronized to +the remote peer or the remote peer can be synchronized to the local +clock. +This is useful in a network of servers where, depending on +various failure scenarios, either the local or remote peer may be +the better source of time. +This command should NOT be used for type +b, m or r addresses. +.It Ic broadcast +For type b and m addresses (only), this +command mobilizes a persistent broadcast mode association. +Multiple +commands can be used to specify multiple local broadcast interfaces +(subnets) and/or multiple multicast groups. +Note that local +broadcast messages go only to the interface associated with the +subnet specified, but multicast messages go to all interfaces. +In broadcast mode the local server sends periodic broadcast +messages to a client population at the +.Ar address +specified, which is usually the broadcast address on (one of) the +local network(s) or a multicast address assigned to NTP. +The IANA +has assigned the multicast group address IPv4 224.0.1.1 and +IPv6 ff05::101 (site local) exclusively to +NTP, but other nonconflicting addresses can be used to contain the +messages within administrative boundaries. +Ordinarily, this +specification applies only to the local server operating as a +sender; for operation as a broadcast client, see the +.Ic broadcastclient +or +.Ic multicastclient +commands +below. +.It Ic manycastclient +For type m addresses (only), this command mobilizes a +manycast client mode association for the multicast address +specified. +In this case a specific address must be supplied which +matches the address used on the +.Ic manycastserver +command for +the designated manycast servers. +The NTP multicast address +224.0.1.1 assigned by the IANA should NOT be used, unless specific +means are taken to avoid spraying large areas of the Internet with +these messages and causing a possibly massive implosion of replies +at the sender. +The +.Ic manycastserver +command specifies that the local server +is to operate in client mode with the remote servers that are +discovered as the result of broadcast/multicast messages. +The +client broadcasts a request message to the group address associated +with the specified +.Ar address +and specifically enabled +servers respond to these messages. +The client selects the servers +providing the best time and continues as with the +.Ic server +command. +The remaining servers are discarded as if never +heard. +.El +.Pp +Options: +.Bl -tag -width indent +.It Cm autokey +All packets sent to and received from the server or peer are to +include authentication fields encrypted using the autokey scheme +described in +.Sx Authentication Options . +.It Cm burst +when the server is reachable, send a burst of eight packets +instead of the usual one. +The packet spacing is normally 2 s; +however, the spacing between the first and second packets +can be changed with the calldelay command to allow +additional time for a modem or ISDN call to complete. +This is designed to improve timekeeping quality +with the +.Ic server +command and s addresses. +.It Cm iburst +When the server is unreachable, send a burst of eight packets +instead of the usual one. +The packet spacing is normally 2 s; +however, the spacing between the first two packets can be +changed with the calldelay command to allow +additional time for a modem or ISDN call to complete. +This is designed to speed the initial synchronization +acquisition with the +.Ic server +command and s addresses and when +.Xr ntpd 8 +is started with the +.Fl q +option. +.It Cm key Ar key +All packets sent to and received from the server or peer are to +include authentication fields encrypted using the specified +.Ar key +identifier with values from 1 to 65534, inclusive. +The +default is to include no encryption field. +.It Cm minpoll Ar minpoll +.It Cm maxpoll Ar maxpoll +These options specify the minimum and maximum poll intervals +for NTP messages, as a power of 2 in seconds +The maximum poll +interval defaults to 10 (1,024 s), but can be increased by the +.Cm maxpoll +option to an upper limit of 17 (36.4 h). +The +minimum poll interval defaults to 6 (64 s), but can be decreased by +the +.Cm minpoll +option to a lower limit of 4 (16 s). +.It Cm noselect +Marks the server as unused, except for display purposes. +The server is discarded by the selection algroithm. +.It Cm prefer +Marks the server as preferred. +All other things being equal, +this host will be chosen for synchronization among a set of +correctly operating hosts. +See the +.Qq Mitigation Rules and the prefer Keyword +page +(available as part of the HTML documentation +provided in +.Pa /usr/share/doc/ntp ) +for further information. +.It Cm ttl Ar ttl +This option is used only with broadcast server and manycast +client modes. +It specifies the time\-to\-live +.Ar ttl +to +use on broadcast server and multicast server and the maximum +.Ar ttl +for the expanding ring search with manycast +client packets. +Selection of the proper value, which defaults to +127, is something of a black art and should be coordinated with the +network administrator. +.It Cm version Ar version +Specifies the version number to be used for outgoing NTP +packets. +Versions 1\-4 are the choices, with version 4 the +default. +.El +.Ss Auxiliary Commands +.Bl -tag -width indent +.It Ic broadcastclient +This command enables reception of broadcast server messages to +any local interface (type b) address. +Upon receiving a message for +the first time, the broadcast client measures the nominal server +propagation delay using a brief client/server exchange with the +server, then enters the broadcast client mode, in which it +synchronizes to succeeding broadcast messages. +Note that, in order +to avoid accidental or malicious disruption in this mode, both the +server and client should operate using symmetric\-key or public\-key +authentication as described in +.Sx Authentication Options . +.It Ic manycastserver Ar address ... +This command enables reception of manycast client messages to +the multicast group address(es) (type m) specified. +At least one +address is required, but the NTP multicast address 224.0.1.1 +assigned by the IANA should NOT be used, unless specific means are +taken to limit the span of the reply and avoid a possibly massive +implosion at the original sender. +Note that, in order to avoid +accidental or malicious disruption in this mode, both the server +and client should operate using symmetric\-key or public\-key +authentication as described in +.Sx Authentication Options . +.It Ic multicastclient Ar address ... +This command enables reception of multicast server messages to +the multicast group address(es) (type m) specified. +Upon receiving +a message for the first time, the multicast client measures the +nominal server propagation delay using a brief client/server +exchange with the server, then enters the broadcast client mode, in +which it synchronizes to succeeding multicast messages. +Note that, +in order to avoid accidental or malicious disruption in this mode, +both the server and client should operate using symmetric\-key or +public\-key authentication as described in +.Sx Authentication Options . +.It Ic mdnstries Ar number +If we are participating in mDNS, +after we have synched for the first time +we attempt to register with the mDNS system. +If that registration attempt fails, +we try again at one minute intervals for up to +.Ic mdnstries +times. +After all, +.Ic ntpd +may be starting before mDNS. +The default value for +.Ic mdnstries +is 5. +.El +.Sh Authentication Support +Authentication support allows the NTP client to verify that the +server is in fact known and trusted and not an intruder intending +accidentally or on purpose to masquerade as that server. +The NTPv3 +specification RFC\-1305 defines a scheme which provides +cryptographic authentication of received NTP packets. +Originally, +this was done using the Data Encryption Standard (DES) algorithm +operating in Cipher Block Chaining (CBC) mode, commonly called +DES\-CBC. +Subsequently, this was replaced by the RSA Message Digest +5 (MD5) algorithm using a private key, commonly called keyed\-MD5. +Either algorithm computes a message digest, or one\-way hash, which +can be used to verify the server has the correct private key and +key identifier. +.Pp +NTPv4 retains the NTPv3 scheme, properly described as symmetric key +cryptography and, in addition, provides a new Autokey scheme +based on public key cryptography. +Public key cryptography is generally considered more secure +than symmetric key cryptography, since the security is based +on a private value which is generated by each server and +never revealed. +With Autokey all key distribution and +management functions involve only public values, which +considerably simplifies key distribution and storage. +Public key management is based on X.509 certificates, +which can be provided by commercial services or +produced by utility programs in the OpenSSL software library +or the NTPv4 distribution. +.Pp +While the algorithms for symmetric key cryptography are +included in the NTPv4 distribution, public key cryptography +requires the OpenSSL software library to be installed +before building the NTP distribution. +Directions for doing that +are on the Building and Installing the Distribution page. +.Pp +Authentication is configured separately for each association +using the +.Cm key +or +.Cm autokey +subcommand on the +.Ic peer , +.Ic server , +.Ic broadcast +and +.Ic manycastclient +configuration commands as described in +.Sx Configuration Options +page. +The authentication +options described below specify the locations of the key files, +if other than default, which symmetric keys are trusted +and the interval between various operations, if other than default. +.Pp +Authentication is always enabled, +although ineffective if not configured as +described below. +If a NTP packet arrives +including a message authentication +code (MAC), it is accepted only if it +passes all cryptographic checks. +The +checks require correct key ID, key value +and message digest. +If the packet has +been modified in any way or replayed +by an intruder, it will fail one or more +of these checks and be discarded. +Furthermore, the Autokey scheme requires a +preliminary protocol exchange to obtain +the server certificate, verify its +credentials and initialize the protocol +.Pp +The +.Cm auth +flag controls whether new associations or +remote configuration commands require cryptographic authentication. +This flag can be set or reset by the +.Ic enable +and +.Ic disable +commands and also by remote +configuration commands sent by a +.Xr ntpdc 8 +program running in +another machine. +If this flag is enabled, which is the default +case, new broadcast client and symmetric passive associations and +remote configuration commands must be cryptographically +authenticated using either symmetric key or public key cryptography. +If this +flag is disabled, these operations are effective +even if not cryptographic +authenticated. +It should be understood +that operating with the +.Ic auth +flag disabled invites a significant vulnerability +where a rogue hacker can +masquerade as a falseticker and seriously +disrupt system timekeeping. +It is +important to note that this flag has no purpose +other than to allow or disallow +a new association in response to new broadcast +and symmetric active messages +and remote configuration commands and, in particular, +the flag has no effect on +the authentication process itself. +.Pp +An attractive alternative where multicast support is available +is manycast mode, in which clients periodically troll +for servers as described in the +.Sx Automatic NTP Configuration Options +page. +Either symmetric key or public key +cryptographic authentication can be used in this mode. +The principle advantage +of manycast mode is that potential servers need not be +configured in advance, +since the client finds them during regular operation, +and the configuration +files for all clients can be identical. +.Pp +The security model and protocol schemes for +both symmetric key and public key +cryptography are summarized below; +further details are in the briefings, papers +and reports at the NTP project page linked from +.Li http://www.ntp.org/ . +.Ss Symmetric\-Key Cryptography +The original RFC\-1305 specification allows any one of possibly +65,534 keys, each distinguished by a 32\-bit key identifier, to +authenticate an association. +The servers and clients involved must +agree on the key and key identifier to +authenticate NTP packets. +Keys and +related information are specified in a key +file, usually called +.Pa ntp.keys , +which must be distributed and stored using +secure means beyond the scope of the NTP protocol itself. +Besides the keys used +for ordinary NTP associations, +additional keys can be used as passwords for the +.Xr ntpq 8 +and +.Xr ntpdc 8 +utility programs. +.Pp +When +.Xr ntpd 8 +is first started, it reads the key file specified in the +.Ic keys +configuration command and installs the keys +in the key cache. +However, +individual keys must be activated with the +.Ic trusted +command before use. +This +allows, for instance, the installation of possibly +several batches of keys and +then activating or deactivating each batch +remotely using +.Xr ntpdc 8 . +This also provides a revocation capability that can be used +if a key becomes compromised. +The +.Ic requestkey +command selects the key used as the password for the +.Xr ntpdc 8 +utility, while the +.Ic controlkey +command selects the key used as the password for the +.Xr ntpq 8 +utility. +.Ss Public Key Cryptography +NTPv4 supports the original NTPv3 symmetric key scheme +described in RFC\-1305 and in addition the Autokey protocol, +which is based on public key cryptography. +The Autokey Version 2 protocol described on the Autokey Protocol +page verifies packet integrity using MD5 message digests +and verifies the source with digital signatures and any of several +digest/signature schemes. +Optional identity schemes described on the Identity Schemes +page and based on cryptographic challenge/response algorithms +are also available. +Using all of these schemes provides strong security against +replay with or without modification, spoofing, masquerade +and most forms of clogging attacks. +.\" .Pp +.\" The cryptographic means necessary for all Autokey operations +.\" is provided by the OpenSSL software library. +.\" This library is available from http://www.openssl.org/ +.\" and can be installed using the procedures outlined +.\" in the Building and Installing the Distribution page. +.\" Once installed, +.\" the configure and build +.\" process automatically detects the library and links +.\" the library routines required. +.Pp +The Autokey protocol has several modes of operation +corresponding to the various NTP modes supported. +Most modes use a special cookie which can be +computed independently by the client and server, +but encrypted in transmission. +All modes use in addition a variant of the S\-KEY scheme, +in which a pseudo\-random key list is generated and used +in reverse order. +These schemes are described along with an executive summary, +current status, briefing slides and reading list on the +.Sx Autonomous Authentication +page. +.Pp +The specific cryptographic environment used by Autokey servers +and clients is determined by a set of files +and soft links generated by the +.Xr ntp\-keygen 1ntpkeygenmdoc +program. +This includes a required host key file, +required certificate file and optional sign key file, +leapsecond file and identity scheme files. +The +digest/signature scheme is specified in the X.509 certificate +along with the matching sign key. +There are several schemes +available in the OpenSSL software library, each identified +by a specific string such as +.Cm md5WithRSAEncryption , +which stands for the MD5 message digest with RSA +encryption scheme. +The current NTP distribution supports +all the schemes in the OpenSSL library, including +those based on RSA and DSA digital signatures. +.Pp +NTP secure groups can be used to define cryptographic compartments +and security hierarchies. +It is important that every host +in the group be able to construct a certificate trail to one +or more trusted hosts in the same group. +Each group +host runs the Autokey protocol to obtain the certificates +for all hosts along the trail to one or more trusted hosts. +This requires the configuration file in all hosts to be +engineered so that, even under anticipated failure conditions, +the NTP subnet will form such that every group host can find +a trail to at least one trusted host. +.Ss Naming and Addressing +It is important to note that Autokey does not use DNS to +resolve addresses, since DNS can't be completely trusted +until the name servers have synchronized clocks. +The cryptographic name used by Autokey to bind the host identity +credentials and cryptographic values must be independent +of interface, network and any other naming convention. +The name appears in the host certificate in either or both +the subject and issuer fields, so protection against +DNS compromise is essential. +.Pp +By convention, the name of an Autokey host is the name returned +by the Unix +.Xr gethostname 2 +system call or equivalent in other systems. +By the system design +model, there are no provisions to allow alternate names or aliases. +However, this is not to say that DNS aliases, different names +for each interface, etc., are constrained in any way. +.Pp +It is also important to note that Autokey verifies authenticity +using the host name, network address and public keys, +all of which are bound together by the protocol specifically +to deflect masquerade attacks. +For this reason Autokey +includes the source and destinatino IP addresses in message digest +computations and so the same addresses must be available +at both the server and client. +For this reason operation +with network address translation schemes is not possible. +This reflects the intended robust security model where government +and corporate NTP servers are operated outside firewall perimeters. +.Ss Operation +A specific combination of authentication scheme (none, +symmetric key, public key) and identity scheme is called +a cryptotype, although not all combinations are compatible. +There may be management configurations where the clients, +servers and peers may not all support the same cryptotypes. +A secure NTPv4 subnet can be configured in many ways while +keeping in mind the principles explained above and +in this section. +Note however that some cryptotype +combinations may successfully interoperate with each other, +but may not represent good security practice. +.Pp +The cryptotype of an association is determined at the time +of mobilization, either at configuration time or some time +later when a message of appropriate cryptotype arrives. +When mobilized by a +.Ic server +or +.Ic peer +configuration command and no +.Ic key +or +.Ic autokey +subcommands are present, the association is not +authenticated; if the +.Ic key +subcommand is present, the association is authenticated +using the symmetric key ID specified; if the +.Ic autokey +subcommand is present, the association is authenticated +using Autokey. +.Pp +When multiple identity schemes are supported in the Autokey +protocol, the first message exchange determines which one is used. +The client request message contains bits corresponding +to which schemes it has available. +The server response message +contains bits corresponding to which schemes it has available. +Both server and client match the received bits with their own +and select a common scheme. +.Pp +Following the principle that time is a public value, +a server responds to any client packet that matches +its cryptotype capabilities. +Thus, a server receiving +an unauthenticated packet will respond with an unauthenticated +packet, while the same server receiving a packet of a cryptotype +it supports will respond with packets of that cryptotype. +However, unconfigured broadcast or manycast client +associations or symmetric passive associations will not be +mobilized unless the server supports a cryptotype compatible +with the first packet received. +By default, unauthenticated associations will not be mobilized +unless overridden in a decidedly dangerous way. +.Pp +Some examples may help to reduce confusion. +Client Alice has no specific cryptotype selected. +Server Bob has both a symmetric key file and minimal Autokey files. +Alice's unauthenticated messages arrive at Bob, who replies with +unauthenticated messages. +Cathy has a copy of Bob's symmetric +key file and has selected key ID 4 in messages to Bob. +Bob verifies the message with his key ID 4. +If it's the +same key and the message is verified, Bob sends Cathy a reply +authenticated with that key. +If verification fails, +Bob sends Cathy a thing called a crypto\-NAK, which tells her +something broke. +She can see the evidence using the +.Xr ntpq 8 +program. +.Pp +Denise has rolled her own host key and certificate. +She also uses one of the identity schemes as Bob. +She sends the first Autokey message to Bob and they +both dance the protocol authentication and identity steps. +If all comes out okay, Denise and Bob continue as described above. +.Pp +It should be clear from the above that Bob can support +all the girls at the same time, as long as he has compatible +authentication and identity credentials. +Now, Bob can act just like the girls in his own choice of servers; +he can run multiple configured associations with multiple different +servers (or the same server, although that might not be useful). +But, wise security policy might preclude some cryptotype +combinations; for instance, running an identity scheme +with one server and no authentication with another might not be wise. +.Ss Key Management +The cryptographic values used by the Autokey protocol are +incorporated as a set of files generated by the +.Xr ntp\-keygen 1ntpkeygenmdoc +utility program, including symmetric key, host key and +public certificate files, as well as sign key, identity parameters +and leapseconds files. +Alternatively, host and sign keys and +certificate files can be generated by the OpenSSL utilities +and certificates can be imported from public certificate +authorities. +Note that symmetric keys are necessary for the +.Xr ntpq 8 +and +.Xr ntpdc 8 +utility programs. +The remaining files are necessary only for the +Autokey protocol. +.Pp +Certificates imported from OpenSSL or public certificate +authorities have certian limitations. +The certificate should be in ASN.1 syntax, X.509 Version 3 +format and encoded in PEM, which is the same format +used by OpenSSL. +The overall length of the certificate encoded +in ASN.1 must not exceed 1024 bytes. +The subject distinguished +name field (CN) is the fully qualified name of the host +on which it is used; the remaining subject fields are ignored. +The certificate extension fields must not contain either +a subject key identifier or a issuer key identifier field; +however, an extended key usage field for a trusted host must +contain the value +.Cm trustRoot ; . +Other extension fields are ignored. +.Ss Authentication Commands +.Bl -tag -width indent +.It Ic autokey Op Ar logsec +Specifies the interval between regenerations of the session key +list used with the Autokey protocol. +Note that the size of the key +list for each association depends on this interval and the current +poll interval. +The default value is 12 (4096 s or about 1.1 hours). +For poll intervals above the specified interval, a session key list +with a single entry will be regenerated for every message +sent. +.It Ic controlkey Ar key +Specifies the key identifier to use with the +.Xr ntpq 8 +utility, which uses the standard +protocol defined in RFC\-1305. +The +.Ar key +argument is +the key identifier for a trusted key, where the value can be in the +range 1 to 65,534, inclusive. +.It Xo Ic crypto +.Op Cm cert Ar file +.Op Cm leap Ar file +.Op Cm randfile Ar file +.Op Cm host Ar file +.Op Cm sign Ar file +.Op Cm gq Ar file +.Op Cm gqpar Ar file +.Op Cm iffpar Ar file +.Op Cm mvpar Ar file +.Op Cm pw Ar password +.Xc +This command requires the OpenSSL library. +It activates public key +cryptography, selects the message digest and signature +encryption scheme and loads the required private and public +values described above. +If one or more files are left unspecified, +the default names are used as described above. +Unless the complete path and name of the file are specified, the +location of a file is relative to the keys directory specified +in the +.Ic keysdir +command or default +.Pa /usr/local/etc . +Following are the subcommands: +.Bl -tag -width indent +.It Cm cert Ar file +Specifies the location of the required host public certificate file. +This overrides the link +.Pa ntpkey_cert_ Ns Ar hostname +in the keys directory. +.It Cm gqpar Ar file +Specifies the location of the optional GQ parameters file. +This +overrides the link +.Pa ntpkey_gq_ Ns Ar hostname +in the keys directory. +.It Cm host Ar file +Specifies the location of the required host key file. +This overrides +the link +.Pa ntpkey_key_ Ns Ar hostname +in the keys directory. +.It Cm iffpar Ar file +Specifies the location of the optional IFF parameters file.This +overrides the link +.Pa ntpkey_iff_ Ns Ar hostname +in the keys directory. +.It Cm leap Ar file +Specifies the location of the optional leapsecond file. +This overrides the link +.Pa ntpkey_leap +in the keys directory. +.It Cm mvpar Ar file +Specifies the location of the optional MV parameters file. +This +overrides the link +.Pa ntpkey_mv_ Ns Ar hostname +in the keys directory. +.It Cm pw Ar password +Specifies the password to decrypt files containing private keys and +identity parameters. +This is required only if these files have been +encrypted. +.It Cm randfile Ar file +Specifies the location of the random seed file used by the OpenSSL +library. +The defaults are described in the main text above. +.It Cm sign Ar file +Specifies the location of the optional sign key file. +This overrides +the link +.Pa ntpkey_sign_ Ns Ar hostname +in the keys directory. +If this file is +not found, the host key is also the sign key. +.El +.It Ic keys Ar keyfile +Specifies the complete path and location of the MD5 key file +containing the keys and key identifiers used by +.Xr ntpd 8 , +.Xr ntpq 8 +and +.Xr ntpdc 8 +when operating with symmetric key cryptography. +This is the same operation as the +.Fl k +command line option. +.It Ic keysdir Ar path +This command specifies the default directory path for +cryptographic keys, parameters and certificates. +The default is +.Pa /usr/local/etc/ . +.It Ic requestkey Ar key +Specifies the key identifier to use with the +.Xr ntpdc 8 +utility program, which uses a +proprietary protocol specific to this implementation of +.Xr ntpd 8 . +The +.Ar key +argument is a key identifier +for the trusted key, where the value can be in the range 1 to +65,534, inclusive. +.It Ic revoke Ar logsec +Specifies the interval between re\-randomization of certain +cryptographic values used by the Autokey scheme, as a power of 2 in +seconds. +These values need to be updated frequently in order to +deflect brute\-force attacks on the algorithms of the scheme; +however, updating some values is a relatively expensive operation. +The default interval is 16 (65,536 s or about 18 hours). +For poll +intervals above the specified interval, the values will be updated +for every message sent. +.It Ic trustedkey Ar key ... +Specifies the key identifiers which are trusted for the +purposes of authenticating peers with symmetric key cryptography, +as well as keys used by the +.Xr ntpq 8 +and +.Xr ntpdc 8 +programs. +The authentication procedures require that both the local +and remote servers share the same key and key identifier for this +purpose, although different keys can be used with different +servers. +The +.Ar key +arguments are 32\-bit unsigned +integers with values from 1 to 65,534. +.El +.Ss Error Codes +The following error codes are reported via the NTP control +and monitoring protocol trap mechanism. +.Bl -tag -width indent +.It 101 +.Pq bad field format or length +The packet has invalid version, length or format. +.It 102 +.Pq bad timestamp +The packet timestamp is the same or older than the most recent received. +This could be due to a replay or a server clock time step. +.It 103 +.Pq bad filestamp +The packet filestamp is the same or older than the most recent received. +This could be due to a replay or a key file generation error. +.It 104 +.Pq bad or missing public key +The public key is missing, has incorrect format or is an unsupported type. +.It 105 +.Pq unsupported digest type +The server requires an unsupported digest/signature scheme. +.It 106 +.Pq mismatched digest types +Not used. +.It 107 +.Pq bad signature length +The signature length does not match the current public key. +.It 108 +.Pq signature not verified +The message fails the signature check. +It could be bogus or signed by a +different private key. +.It 109 +.Pq certificate not verified +The certificate is invalid or signed with the wrong key. +.It 110 +.Pq certificate not verified +The certificate is not yet valid or has expired or the signature could not +be verified. +.It 111 +.Pq bad or missing cookie +The cookie is missing, corrupted or bogus. +.It 112 +.Pq bad or missing leapseconds table +The leapseconds table is missing, corrupted or bogus. +.It 113 +.Pq bad or missing certificate +The certificate is missing, corrupted or bogus. +.It 114 +.Pq bad or missing identity +The identity key is missing, corrupt or bogus. +.El +.Sh Monitoring Support +.Xr ntpd 8 +includes a comprehensive monitoring facility suitable +for continuous, long term recording of server and client +timekeeping performance. +See the +.Ic statistics +command below +for a listing and example of each type of statistics currently +supported. +Statistic files are managed using file generation sets +and scripts in the +.Pa ./scripts +directory of this distribution. +Using +these facilities and +.Ux +.Xr cron 8 +jobs, the data can be +automatically summarized and archived for retrospective analysis. +.Ss Monitoring Commands +.Bl -tag -width indent +.It Ic statistics Ar name ... +Enables writing of statistics records. +Currently, eight kinds of +.Ar name +statistics are supported. +.Bl -tag -width indent +.It Cm clockstats +Enables recording of clock driver statistics information. +Each update +received from a clock driver appends a line of the following form to +the file generation set named +.Cm clockstats : +.Bd -literal +49213 525.624 127.127.4.1 93 226 00:08:29.606 D +.Ed +.Pp +The first two fields show the date (Modified Julian Day) and time +(seconds and fraction past UTC midnight). +The next field shows the +clock address in dotted\-quad notation. +The final field shows the last +timecode received from the clock in decoded ASCII format, where +meaningful. +In some clock drivers a good deal of additional information +can be gathered and displayed as well. +See information specific to each +clock for further details. +.It Cm cryptostats +This option requires the OpenSSL cryptographic software library. +It +enables recording of cryptographic public key protocol information. +Each message received by the protocol module appends a line of the +following form to the file generation set named +.Cm cryptostats : +.Bd -literal +49213 525.624 127.127.4.1 message +.Ed +.Pp +The first two fields show the date (Modified Julian Day) and time +(seconds and fraction past UTC midnight). +The next field shows the peer +address in dotted\-quad notation, The final message field includes the +message type and certain ancillary information. +See the +.Sx Authentication Options +section for further information. +.It Cm loopstats +Enables recording of loop filter statistics information. +Each +update of the local clock outputs a line of the following form to +the file generation set named +.Cm loopstats : +.Bd -literal +50935 75440.031 0.000006019 13.778190 0.000351733 0.0133806 +.Ed +.Pp +The first two fields show the date (Modified Julian Day) and +time (seconds and fraction past UTC midnight). +The next five fields +show time offset (seconds), frequency offset (parts per million \- +PPM), RMS jitter (seconds), Allan deviation (PPM) and clock +discipline time constant. +.It Cm peerstats +Enables recording of peer statistics information. +This includes +statistics records of all peers of a NTP server and of special +signals, where present and configured. +Each valid update appends a +line of the following form to the current element of a file +generation set named +.Cm peerstats : +.Bd -literal +48773 10847.650 127.127.4.1 9714 \-0.001605376 0.000000000 0.001424877 0.000958674 +.Ed +.Pp +The first two fields show the date (Modified Julian Day) and +time (seconds and fraction past UTC midnight). +The next two fields +show the peer address in dotted\-quad notation and status, +respectively. +The status field is encoded in hex in the format +described in Appendix A of the NTP specification RFC 1305. +The final four fields show the offset, +delay, dispersion and RMS jitter, all in seconds. +.It Cm rawstats +Enables recording of raw\-timestamp statistics information. +This +includes statistics records of all peers of a NTP server and of +special signals, where present and configured. +Each NTP message +received from a peer or clock driver appends a line of the +following form to the file generation set named +.Cm rawstats : +.Bd -literal +50928 2132.543 128.4.1.1 128.4.1.20 3102453281.584327000 3102453281.58622800031 02453332.540806000 3102453332.541458000 +.Ed +.Pp +The first two fields show the date (Modified Julian Day) and +time (seconds and fraction past UTC midnight). +The next two fields +show the remote peer or clock address followed by the local address +in dotted\-quad notation. +The final four fields show the originate, +receive, transmit and final NTP timestamps in order. +The timestamp +values are as received and before processing by the various data +smoothing and mitigation algorithms. +.It Cm sysstats +Enables recording of ntpd statistics counters on a periodic basis. +Each +hour a line of the following form is appended to the file generation +set named +.Cm sysstats : +.Bd -literal +50928 2132.543 36000 81965 0 9546 56 71793 512 540 10 147 +.Ed +.Pp +The first two fields show the date (Modified Julian Day) and time +(seconds and fraction past UTC midnight). +The remaining ten fields show +the statistics counter values accumulated since the last generated +line. +.Bl -tag -width indent +.It Time since restart Cm 36000 +Time in hours since the system was last rebooted. +.It Packets received Cm 81965 +Total number of packets received. +.It Packets processed Cm 0 +Number of packets received in response to previous packets sent +.It Current version Cm 9546 +Number of packets matching the current NTP version. +.It Previous version Cm 56 +Number of packets matching the previous NTP version. +.It Bad version Cm 71793 +Number of packets matching neither NTP version. +.It Access denied Cm 512 +Number of packets denied access for any reason. +.It Bad length or format Cm 540 +Number of packets with invalid length, format or port number. +.It Bad authentication Cm 10 +Number of packets not verified as authentic. +.It Rate exceeded Cm 147 +Number of packets discarded due to rate limitation. +.El +.It Cm statsdir Ar directory_path +Indicates the full path of a directory where statistics files +should be created (see below). +This keyword allows +the (otherwise constant) +.Cm filegen +filename prefix to be modified for file generation sets, which +is useful for handling statistics logs. +.It Cm filegen Ar name Xo +.Op Cm file Ar filename +.Op Cm type Ar typename +.Op Cm link | nolink +.Op Cm enable | disable +.Xc +Configures setting of generation file set name. +Generation +file sets provide a means for handling files that are +continuously growing during the lifetime of a server. +Server statistics are a typical example for such files. +Generation file sets provide access to a set of files used +to store the actual data. +At any time at most one element +of the set is being written to. +The type given specifies +when and how data will be directed to a new element of the set. +This way, information stored in elements of a file set +that are currently unused are available for administrational +operations without the risk of disturbing the operation of ntpd. +(Most important: they can be removed to free space for new data +produced.) +.Pp +Note that this command can be sent from the +.Xr ntpdc 8 +program running at a remote location. +.Bl -tag -width indent +.It Cm name +This is the type of the statistics records, as shown in the +.Cm statistics +command. +.It Cm file Ar filename +This is the file name for the statistics records. +Filenames of set +members are built from three concatenated elements +.Ar Cm prefix , +.Ar Cm filename +and +.Ar Cm suffix : +.Bl -tag -width indent +.It Cm prefix +This is a constant filename path. +It is not subject to +modifications via the +.Ar filegen +option. +It is defined by the +server, usually specified as a compile\-time constant. +It may, +however, be configurable for individual file generation sets +via other commands. +For example, the prefix used with +.Ar loopstats +and +.Ar peerstats +generation can be configured using the +.Ar statsdir +option explained above. +.It Cm filename +This string is directly concatenated to the prefix mentioned +above (no intervening +.Ql / ) . +This can be modified using +the file argument to the +.Ar filegen +statement. +No +.Pa .. +elements are +allowed in this component to prevent filenames referring to +parts outside the filesystem hierarchy denoted by +.Ar prefix . +.It Cm suffix +This part is reflects individual elements of a file set. +It is +generated according to the type of a file set. +.El +.It Cm type Ar typename +A file generation set is characterized by its type. +The following +types are supported: +.Bl -tag -width indent +.It Cm none +The file set is actually a single plain file. +.It Cm pid +One element of file set is used per incarnation of a ntpd +server. +This type does not perform any changes to file set +members during runtime, however it provides an easy way of +separating files belonging to different +.Xr ntpd 8 +server incarnations. +The set member filename is built by appending a +.Ql \&. +to concatenated +.Ar prefix +and +.Ar filename +strings, and +appending the decimal representation of the process ID of the +.Xr ntpd 8 +server process. +.It Cm day +One file generation set element is created per day. +A day is +defined as the period between 00:00 and 24:00 UTC. +The file set +member suffix consists of a +.Ql \&. +and a day specification in +the form +.Cm YYYYMMdd . +.Cm YYYY +is a 4\-digit year number (e.g., 1992). +.Cm MM +is a two digit month number. +.Cm dd +is a two digit day number. +Thus, all information written at 10 December 1992 would end up +in a file named +.Ar prefix +.Ar filename Ns .19921210 . +.It Cm week +Any file set member contains data related to a certain week of +a year. +The term week is defined by computing day\-of\-year +modulo 7. +Elements of such a file generation set are +distinguished by appending the following suffix to the file set +filename base: A dot, a 4\-digit year number, the letter +.Cm W , +and a 2\-digit week number. +For example, information from January, +10th 1992 would end up in a file with suffix +.No . Ns Ar 1992W1 . +.It Cm month +One generation file set element is generated per month. +The +file name suffix consists of a dot, a 4\-digit year number, and +a 2\-digit month. +.It Cm year +One generation file element is generated per year. +The filename +suffix consists of a dot and a 4 digit year number. +.It Cm age +This type of file generation sets changes to a new element of +the file set every 24 hours of server operation. +The filename +suffix consists of a dot, the letter +.Cm a , +and an 8\-digit number. +This number is taken to be the number of seconds the server is +running at the start of the corresponding 24\-hour period. +Information is only written to a file generation by specifying +.Cm enable ; +output is prevented by specifying +.Cm disable . +.El +.It Cm link | nolink +It is convenient to be able to access the current element of a file +generation set by a fixed name. +This feature is enabled by +specifying +.Cm link +and disabled using +.Cm nolink . +If link is specified, a +hard link from the current file set element to a file without +suffix is created. +When there is already a file with this name and +the number of links of this file is one, it is renamed appending a +dot, the letter +.Cm C , +and the pid of the ntpd server process. +When the +number of links is greater than one, the file is unlinked. +This +allows the current file to be accessed by a constant name. +.It Cm enable \&| Cm disable +Enables or disables the recording function. +.El +.El +.El +.Sh Access Control Support +The +.Xr ntpd 8 +daemon implements a general purpose address/mask based restriction +list. +The list contains address/match entries sorted first +by increasing address values and and then by increasing mask values. +A match occurs when the bitwise AND of the mask and the packet +source address is equal to the bitwise AND of the mask and +address in the list. +The list is searched in order with the +last match found defining the restriction flags associated +with the entry. +Additional information and examples can be found in the +.Qq Notes on Configuring NTP and Setting up a NTP Subnet +page +(available as part of the HTML documentation +provided in +.Pa /usr/share/doc/ntp ) . +.Pp +The restriction facility was implemented in conformance +with the access policies for the original NSFnet backbone +time servers. +Later the facility was expanded to deflect +cryptographic and clogging attacks. +While this facility may +be useful for keeping unwanted or broken or malicious clients +from congesting innocent servers, it should not be considered +an alternative to the NTP authentication facilities. +Source address based restrictions are easily circumvented +by a determined cracker. +.Pp +Clients can be denied service because they are explicitly +included in the restrict list created by the restrict command +or implicitly as the result of cryptographic or rate limit +violations. +Cryptographic violations include certificate +or identity verification failure; rate limit violations generally +result from defective NTP implementations that send packets +at abusive rates. +Some violations cause denied service +only for the offending packet, others cause denied service +for a timed period and others cause the denied service for +an indefinate period. +When a client or network is denied access +for an indefinate period, the only way at present to remove +the restrictions is by restarting the server. +.Ss The Kiss\-of\-Death Packet +Ordinarily, packets denied service are simply dropped with no +further action except incrementing statistics counters. +Sometimes a +more proactive response is needed, such as a server message that +explicitly requests the client to stop sending and leave a message +for the system operator. +A special packet format has been created +for this purpose called the "kiss\-of\-death" (KoD) packet. +KoD packets have the leap bits set unsynchronized and stratum set +to zero and the reference identifier field set to a four\-byte +ASCII code. +If the +.Cm noserve +or +.Cm notrust +flag of the matching restrict list entry is set, +the code is "DENY"; if the +.Cm limited +flag is set and the rate limit +is exceeded, the code is "RATE". +Finally, if a cryptographic violation occurs, the code is "CRYP". +.Pp +A client receiving a KoD performs a set of sanity checks to +minimize security exposure, then updates the stratum and +reference identifier peer variables, sets the access +denied (TEST4) bit in the peer flash variable and sends +a message to the log. +As long as the TEST4 bit is set, +the client will send no further packets to the server. +The only way at present to recover from this condition is +to restart the protocol at both the client and server. +This +happens automatically at the client when the association times out. +It will happen at the server only if the server operator cooperates. +.Ss Access Control Commands +.Bl -tag -width indent +.It Xo Ic discard +.Op Cm average Ar avg +.Op Cm minimum Ar min +.Op Cm monitor Ar prob +.Xc +Set the parameters of the +.Cm limited +facility which protects the server from +client abuse. +The +.Cm average +subcommand specifies the minimum average packet +spacing, while the +.Cm minimum +subcommand specifies the minimum packet spacing. +Packets that violate these minima are discarded +and a kiss\-o'\-death packet returned if enabled. +The default +minimum average and minimum are 5 and 2, respectively. +The monitor subcommand specifies the probability of discard +for packets that overflow the rate\-control window. +.It Xo Ic restrict address +.Op Cm mask Ar mask +.Op Ar flag ... +.Xc +The +.Ar address +argument expressed in +dotted\-quad form is the address of a host or network. +Alternatively, the +.Ar address +argument can be a valid host DNS name. +The +.Ar mask +argument expressed in dotted\-quad form defaults to +.Cm 255.255.255.255 , +meaning that the +.Ar address +is treated as the address of an individual host. +A default entry (address +.Cm 0.0.0.0 , +mask +.Cm 0.0.0.0 ) +is always included and is always the first entry in the list. +Note that text string +.Cm default , +with no mask option, may +be used to indicate the default entry. +In the current implementation, +.Cm flag +always +restricts access, i.e., an entry with no flags indicates that free +access to the server is to be given. +The flags are not orthogonal, +in that more restrictive flags will often make less restrictive +ones redundant. +The flags can generally be classed into two +categories, those which restrict time service and those which +restrict informational queries and attempts to do run\-time +reconfiguration of the server. +One or more of the following flags +may be specified: +.Bl -tag -width indent +.It Cm ignore +Deny packets of all kinds, including +.Xr ntpq 8 +and +.Xr ntpdc 8 +queries. +.It Cm kod +If this flag is set when an access violation occurs, a kiss\-o'\-death +(KoD) packet is sent. +KoD packets are rate limited to no more than one +per second. +If another KoD packet occurs within one second after the +last one, the packet is dropped. +.It Cm limited +Deny service if the packet spacing violates the lower limits specified +in the discard command. +A history of clients is kept using the +monitoring capability of +.Xr ntpd 8 . +Thus, monitoring is always active as +long as there is a restriction entry with the +.Cm limited +flag. +.It Cm lowpriotrap +Declare traps set by matching hosts to be low priority. +The +number of traps a server can maintain is limited (the current limit +is 3). +Traps are usually assigned on a first come, first served +basis, with later trap requestors being denied service. +This flag +modifies the assignment algorithm by allowing low priority traps to +be overridden by later requests for normal priority traps. +.It Cm nomodify +Deny +.Xr ntpq 8 +and +.Xr ntpdc 8 +queries which attempt to modify the state of the +server (i.e., run time reconfiguration). +Queries which return +information are permitted. +.It Cm noquery +Deny +.Xr ntpq 8 +and +.Xr ntpdc 8 +queries. +Time service is not affected. +.It Cm nopeer +Deny packets which would result in mobilizing a new association. +This +includes broadcast and symmetric active packets when a configured +association does not exist. +It also includes +.Cm pool +associations, so if you want to use servers from a +.Cm pool +directive and also want to use +.Cm nopeer +by default, you'll want a +.Cm "restrict source ..." line as well that does +.It not +include the +.Cm nopeer +directive. +.It Cm noserve +Deny all packets except +.Xr ntpq 8 +and +.Xr ntpdc 8 +queries. +.It Cm notrap +Decline to provide mode 6 control message trap service to matching +hosts. +The trap service is a subsystem of the ntpdq control message +protocol which is intended for use by remote event logging programs. +.It Cm notrust +Deny service unless the packet is cryptographically authenticated. +.It Cm ntpport +This is actually a match algorithm modifier, rather than a +restriction flag. +Its presence causes the restriction entry to be +matched only if the source port in the packet is the standard NTP +UDP port (123). +Both +.Cm ntpport +and +.Cm non\-ntpport +may +be specified. +The +.Cm ntpport +is considered more specific and +is sorted later in the list. +.It Cm version +Deny packets that do not match the current NTP version. +.El +.Pp +Default restriction list entries with the flags ignore, interface, +ntpport, for each of the local host's interface addresses are +inserted into the table at startup to prevent the server +from attempting to synchronize to its own time. +A default entry is also always present, though if it is +otherwise unconfigured; no flags are associated +with the default entry (i.e., everything besides your own +NTP server is unrestricted). +.El +.Sh Automatic NTP Configuration Options +.Ss Manycasting +Manycasting is a automatic discovery and configuration paradigm +new to NTPv4. +It is intended as a means for a multicast client +to troll the nearby network neighborhood to find cooperating +manycast servers, validate them using cryptographic means +and evaluate their time values with respect to other servers +that might be lurking in the vicinity. +The intended result is that each manycast client mobilizes +client associations with some number of the "best" +of the nearby manycast servers, yet automatically reconfigures +to sustain this number of servers should one or another fail. +.Pp +Note that the manycasting paradigm does not coincide +with the anycast paradigm described in RFC\-1546, +which is designed to find a single server from a clique +of servers providing the same service. +The manycast paradigm is designed to find a plurality +of redundant servers satisfying defined optimality criteria. +.Pp +Manycasting can be used with either symmetric key +or public key cryptography. +The public key infrastructure (PKI) +offers the best protection against compromised keys +and is generally considered stronger, at least with relatively +large key sizes. +It is implemented using the Autokey protocol and +the OpenSSL cryptographic library available from +.Li http://www.openssl.org/ . +The library can also be used with other NTPv4 modes +as well and is highly recommended, especially for broadcast modes. +.Pp +A persistent manycast client association is configured +using the manycastclient command, which is similar to the +server command but with a multicast (IPv4 class +.Cm D +or IPv6 prefix +.Cm FF ) +group address. +The IANA has designated IPv4 address 224.1.1.1 +and IPv6 address FF05::101 (site local) for NTP. +When more servers are needed, it broadcasts manycast +client messages to this address at the minimum feasible rate +and minimum feasible time\-to\-live (TTL) hops, depending +on how many servers have already been found. +There can be as many manycast client associations +as different group address, each one serving as a template +for a future ephemeral unicast client/server association. +.Pp +Manycast servers configured with the +.Ic manycastserver +command listen on the specified group address for manycast +client messages. +Note the distinction between manycast client, +which actively broadcasts messages, and manycast server, +which passively responds to them. +If a manycast server is +in scope of the current TTL and is itself synchronized +to a valid source and operating at a stratum level equal +to or lower than the manycast client, it replies to the +manycast client message with an ordinary unicast server message. +.Pp +The manycast client receiving this message mobilizes +an ephemeral client/server association according to the +matching manycast client template, but only if cryptographically +authenticated and the server stratum is less than or equal +to the client stratum. +Authentication is explicitly required +and either symmetric key or public key (Autokey) can be used. +Then, the client polls the server at its unicast address +in burst mode in order to reliably set the host clock +and validate the source. +This normally results +in a volley of eight client/server at 2\-s intervals +during which both the synchronization and cryptographic +protocols run concurrently. +Following the volley, +the client runs the NTP intersection and clustering +algorithms, which act to discard all but the "best" +associations according to stratum and synchronization +distance. +The surviving associations then continue +in ordinary client/server mode. +.Pp +The manycast client polling strategy is designed to reduce +as much as possible the volume of manycast client messages +and the effects of implosion due to near\-simultaneous +arrival of manycast server messages. +The strategy is determined by the +.Ic manycastclient , +.Ic tos +and +.Ic ttl +configuration commands. +The manycast poll interval is +normally eight times the system poll interval, +which starts out at the +.Cm minpoll +value specified in the +.Ic manycastclient , +command and, under normal circumstances, increments to the +.Cm maxpolll +value specified in this command. +Initially, the TTL is +set at the minimum hops specified by the ttl command. +At each retransmission the TTL is increased until reaching +the maximum hops specified by this command or a sufficient +number client associations have been found. +Further retransmissions use the same TTL. +.Pp +The quality and reliability of the suite of associations +discovered by the manycast client is determined by the NTP +mitigation algorithms and the +.Cm minclock +and +.Cm minsane +values specified in the +.Ic tos +configuration command. +At least +.Cm minsane +candidate servers must be available and the mitigation +algorithms produce at least +.Cm minclock +survivors in order to synchronize the clock. +Byzantine agreement principles require at least four +candidates in order to correctly discard a single falseticker. +For legacy purposes, +.Cm minsane +defaults to 1 and +.Cm minclock +defaults to 3. +For manycast service +.Cm minsane +should be explicitly set to 4, assuming at least that +number of servers are available. +.Pp +If at least +.Cm minclock +servers are found, the manycast poll interval is immediately +set to eight times +.Cm maxpoll . +If less than +.Cm minclock +servers are found when the TTL has reached the maximum hops, +the manycast poll interval is doubled. +For each transmission +after that, the poll interval is doubled again until +reaching the maximum of eight times +.Cm maxpoll . +Further transmissions use the same poll interval and +TTL values. +Note that while all this is going on, +each client/server association found is operating normally +it the system poll interval. +.Pp +Administratively scoped multicast boundaries are normally +specified by the network router configuration and, +in the case of IPv6, the link/site scope prefix. +By default, the increment for TTL hops is 32 starting +from 31; however, the +.Ic ttl +configuration command can be +used to modify the values to match the scope rules. +.Pp +It is often useful to narrow the range of acceptable +servers which can be found by manycast client associations. +Because manycast servers respond only when the client +stratum is equal to or greater than the server stratum, +primary (stratum 1) servers fill find only primary servers +in TTL range, which is probably the most common objective. +However, unless configured otherwise, all manycast clients +in TTL range will eventually find all primary servers +in TTL range, which is probably not the most common +objective in large networks. +The +.Ic tos +command can be used to modify this behavior. +Servers with stratum below +.Cm floor +or above +.Cm ceiling +specified in the +.Ic tos +command are strongly discouraged during the selection +process; however, these servers may be temporally +accepted if the number of servers within TTL range is +less than +.Cm minclock . +.Pp +The above actions occur for each manycast client message, +which repeats at the designated poll interval. +However, once the ephemeral client association is mobilized, +subsequent manycast server replies are discarded, +since that would result in a duplicate association. +If during a poll interval the number of client associations +falls below +.Cm minclock , +all manycast client prototype associations are reset +to the initial poll interval and TTL hops and operation +resumes from the beginning. +It is important to avoid +frequent manycast client messages, since each one requires +all manycast servers in TTL range to respond. +The result could well be an implosion, either minor or major, +depending on the number of servers in range. +The recommended value for +.Cm maxpoll +is 12 (4,096 s). +.Pp +It is possible and frequently useful to configure a host +as both manycast client and manycast server. +A number of hosts configured this way and sharing a common +group address will automatically organize themselves +in an optimum configuration based on stratum and +synchronization distance. +For example, consider an NTP +subnet of two primary servers and a hundred or more +dependent clients. +With two exceptions, all servers +and clients have identical configuration files including both +.Ic multicastclient +and +.Ic multicastserver +commands using, for instance, multicast group address +239.1.1.1. +The only exception is that each primary server +configuration file must include commands for the primary +reference source such as a GPS receiver. +.Pp +The remaining configuration files for all secondary +servers and clients have the same contents, except for the +.Ic tos +command, which is specific for each stratum level. +For stratum 1 and stratum 2 servers, that command is +not necessary. +For stratum 3 and above servers the +.Cm floor +value is set to the intended stratum number. +Thus, all stratum 3 configuration files are identical, +all stratum 4 files are identical and so forth. +.Pp +Once operations have stabilized in this scenario, +the primary servers will find the primary reference source +and each other, since they both operate at the same +stratum (1), but not with any secondary server or client, +since these operate at a higher stratum. +The secondary +servers will find the servers at the same stratum level. +If one of the primary servers loses its GPS receiver, +it will continue to operate as a client and other clients +will time out the corresponding association and +re\-associate accordingly. +.Pp +Some administrators prefer to avoid running +.Xr ntpd 8 +continuously and run either +.Xr sntp 8 +or +.Xr ntpd 8 +.Fl q +as a cron job. +In either case the servers must be +configured in advance and the program fails if none are +available when the cron job runs. +A really slick +application of manycast is with +.Xr ntpd 8 +.Fl q . +The program wakes up, scans the local landscape looking +for the usual suspects, selects the best from among +the rascals, sets the clock and then departs. +Servers do not have to be configured in advance and +all clients throughout the network can have the same +configuration file. +.Ss Manycast Interactions with Autokey +Each time a manycast client sends a client mode packet +to a multicast group address, all manycast servers +in scope generate a reply including the host name +and status word. +The manycast clients then run +the Autokey protocol, which collects and verifies +all certificates involved. +Following the burst interval +all but three survivors are cast off, +but the certificates remain in the local cache. +It often happens that several complete signing trails +from the client to the primary servers are collected in this way. +.Pp +About once an hour or less often if the poll interval +exceeds this, the client regenerates the Autokey key list. +This is in general transparent in client/server mode. +However, about once per day the server private value +used to generate cookies is refreshed along with all +manycast client associations. +In this case all +cryptographic values including certificates is refreshed. +If a new certificate has been generated since +the last refresh epoch, it will automatically revoke +all prior certificates that happen to be in the +certificate cache. +At the same time, the manycast +scheme starts all over from the beginning and +the expanding ring shrinks to the minimum and increments +from there while collecting all servers in scope. +.Ss Manycast Options +.Bl -tag -width indent +.It Xo Ic tos +.Oo +.Cm ceiling Ar ceiling | +.Cm cohort { 0 | 1 } | +.Cm floor Ar floor | +.Cm minclock Ar minclock | +.Cm minsane Ar minsane +.Oc +.Xc +This command affects the clock selection and clustering +algorithms. +It can be used to select the quality and +quantity of peers used to synchronize the system clock +and is most useful in manycast mode. +The variables operate +as follows: +.Bl -tag -width indent +.It Cm ceiling Ar ceiling +Peers with strata above +.Cm ceiling +will be discarded if there are at least +.Cm minclock +peers remaining. +This value defaults to 15, but can be changed +to any number from 1 to 15. +.It Cm cohort Bro 0 | 1 Brc +This is a binary flag which enables (0) or disables (1) +manycast server replies to manycast clients with the same +stratum level. +This is useful to reduce implosions where +large numbers of clients with the same stratum level +are present. +The default is to enable these replies. +.It Cm floor Ar floor +Peers with strata below +.Cm floor +will be discarded if there are at least +.Cm minclock +peers remaining. +This value defaults to 1, but can be changed +to any number from 1 to 15. +.It Cm minclock Ar minclock +The clustering algorithm repeatedly casts out outlier +associations until no more than +.Cm minclock +associations remain. +This value defaults to 3, +but can be changed to any number from 1 to the number of +configured sources. +.It Cm minsane Ar minsane +This is the minimum number of candidates available +to the clock selection algorithm in order to produce +one or more truechimers for the clustering algorithm. +If fewer than this number are available, the clock is +undisciplined and allowed to run free. +The default is 1 +for legacy purposes. +However, according to principles of +Byzantine agreement, +.Cm minsane +should be at least 4 in order to detect and discard +a single falseticker. +.El +.It Cm ttl Ar hop ... +This command specifies a list of TTL values in increasing +order, up to 8 values can be specified. +In manycast mode these values are used in turn +in an expanding\-ring search. +The default is eight +multiples of 32 starting at 31. +.El +.Sh Reference Clock Support +The NTP Version 4 daemon supports some three dozen different radio, +satellite and modem reference clocks plus a special pseudo\-clock +used for backup or when no other clock source is available. +Detailed descriptions of individual device drivers and options can +be found in the +.Qq Reference Clock Drivers +page +(available as part of the HTML documentation +provided in +.Pa /usr/share/doc/ntp ) . +Additional information can be found in the pages linked +there, including the +.Qq Debugging Hints for Reference Clock Drivers +and +.Qq How To Write a Reference Clock Driver +pages +(available as part of the HTML documentation +provided in +.Pa /usr/share/doc/ntp ) . +In addition, support for a PPS +signal is available as described in the +.Qq Pulse\-per\-second (PPS) Signal Interfacing +page +(available as part of the HTML documentation +provided in +.Pa /usr/share/doc/ntp ) . +Many +drivers support special line discipline/streams modules which can +significantly improve the accuracy using the driver. +These are +described in the +.Qq Line Disciplines and Streams Drivers +page +(available as part of the HTML documentation +provided in +.Pa /usr/share/doc/ntp ) . +.Pp +A reference clock will generally (though not always) be a radio +timecode receiver which is synchronized to a source of standard +time such as the services offered by the NRC in Canada and NIST and +USNO in the US. +The interface between the computer and the timecode +receiver is device dependent, but is usually a serial port. +A +device driver specific to each reference clock must be selected and +compiled in the distribution; however, most common radio, satellite +and modem clocks are included by default. +Note that an attempt to +configure a reference clock when the driver has not been compiled +or the hardware port has not been appropriately configured results +in a scalding remark to the system log file, but is otherwise non +hazardous. +.Pp +For the purposes of configuration, +.Xr ntpd 8 +treats +reference clocks in a manner analogous to normal NTP peers as much +as possible. +Reference clocks are identified by a syntactically +correct but invalid IP address, in order to distinguish them from +normal NTP peers. +Reference clock addresses are of the form +.Sm off +.Li 127.127. Ar t . Ar u , +.Sm on +where +.Ar t +is an integer +denoting the clock type and +.Ar u +indicates the unit +number in the range 0\-3. +While it may seem overkill, it is in fact +sometimes useful to configure multiple reference clocks of the same +type, in which case the unit numbers must be unique. +.Pp +The +.Ic server +command is used to configure a reference +clock, where the +.Ar address +argument in that command +is the clock address. +The +.Cm key , +.Cm version +and +.Cm ttl +options are not used for reference clock support. +The +.Cm mode +option is added for reference clock support, as +described below. +The +.Cm prefer +option can be useful to +persuade the server to cherish a reference clock with somewhat more +enthusiasm than other reference clocks or peers. +Further +information on this option can be found in the +.Qq Mitigation Rules and the prefer Keyword +(available as part of the HTML documentation +provided in +.Pa /usr/share/doc/ntp ) +page. +The +.Cm minpoll +and +.Cm maxpoll +options have +meaning only for selected clock drivers. +See the individual clock +driver document pages for additional information. +.Pp +The +.Ic fudge +command is used to provide additional +information for individual clock drivers and normally follows +immediately after the +.Ic server +command. +The +.Ar address +argument specifies the clock address. +The +.Cm refid +and +.Cm stratum +options can be used to +override the defaults for the device. +There are two optional +device\-dependent time offsets and four flags that can be included +in the +.Ic fudge +command as well. +.Pp +The stratum number of a reference clock is by default zero. +Since the +.Xr ntpd 8 +daemon adds one to the stratum of each +peer, a primary server ordinarily displays an external stratum of +one. +In order to provide engineered backups, it is often useful to +specify the reference clock stratum as greater than zero. +The +.Cm stratum +option is used for this purpose. +Also, in cases +involving both a reference clock and a pulse\-per\-second (PPS) +discipline signal, it is useful to specify the reference clock +identifier as other than the default, depending on the driver. +The +.Cm refid +option is used for this purpose. +Except where noted, +these options apply to all clock drivers. +.Ss Reference Clock Commands +.Bl -tag -width indent +.It Xo Ic server +.Sm off +.Li 127.127. Ar t . Ar u +.Sm on +.Op Cm prefer +.Op Cm mode Ar int +.Op Cm minpoll Ar int +.Op Cm maxpoll Ar int +.Xc +This command can be used to configure reference clocks in +special ways. +The options are interpreted as follows: +.Bl -tag -width indent +.It Cm prefer +Marks the reference clock as preferred. +All other things being +equal, this host will be chosen for synchronization among a set of +correctly operating hosts. +See the +.Qq Mitigation Rules and the prefer Keyword +page +(available as part of the HTML documentation +provided in +.Pa /usr/share/doc/ntp ) +for further information. +.It Cm mode Ar int +Specifies a mode number which is interpreted in a +device\-specific fashion. +For instance, it selects a dialing +protocol in the ACTS driver and a device subtype in the +parse +drivers. +.It Cm minpoll Ar int +.It Cm maxpoll Ar int +These options specify the minimum and maximum polling interval +for reference clock messages, as a power of 2 in seconds +For +most directly connected reference clocks, both +.Cm minpoll +and +.Cm maxpoll +default to 6 (64 s). +For modem reference clocks, +.Cm minpoll +defaults to 10 (17.1 m) and +.Cm maxpoll +defaults to 14 (4.5 h). +The allowable range is 4 (16 s) to 17 (36.4 h) inclusive. +.El +.It Xo Ic fudge +.Sm off +.Li 127.127. Ar t . Ar u +.Sm on +.Op Cm time1 Ar sec +.Op Cm time2 Ar sec +.Op Cm stratum Ar int +.Op Cm refid Ar string +.Op Cm mode Ar int +.Op Cm flag1 Cm 0 \&| Cm 1 +.Op Cm flag2 Cm 0 \&| Cm 1 +.Op Cm flag3 Cm 0 \&| Cm 1 +.Op Cm flag4 Cm 0 \&| Cm 1 +.Xc +This command can be used to configure reference clocks in +special ways. +It must immediately follow the +.Ic server +command which configures the driver. +Note that the same capability +is possible at run time using the +.Xr ntpdc 8 +program. +The options are interpreted as +follows: +.Bl -tag -width indent +.It Cm time1 Ar sec +Specifies a constant to be added to the time offset produced by +the driver, a fixed\-point decimal number in seconds. +This is used +as a calibration constant to adjust the nominal time offset of a +particular clock to agree with an external standard, such as a +precision PPS signal. +It also provides a way to correct a +systematic error or bias due to serial port or operating system +latencies, different cable lengths or receiver internal delay. +The +specified offset is in addition to the propagation delay provided +by other means, such as internal DIPswitches. +Where a calibration +for an individual system and driver is available, an approximate +correction is noted in the driver documentation pages. +Note: in order to facilitate calibration when more than one +radio clock or PPS signal is supported, a special calibration +feature is available. +It takes the form of an argument to the +.Ic enable +command described in +.Sx Miscellaneous Options +page and operates as described in the +.Qq Reference Clock Drivers +page +(available as part of the HTML documentation +provided in +.Pa /usr/share/doc/ntp ) . +.It Cm time2 Ar secs +Specifies a fixed\-point decimal number in seconds, which is +interpreted in a driver\-dependent way. +See the descriptions of +specific drivers in the +.Qq Reference Clock Drivers +page +(available as part of the HTML documentation +provided in +.Pa /usr/share/doc/ntp ) . +.It Cm stratum Ar int +Specifies the stratum number assigned to the driver, an integer +between 0 and 15. +This number overrides the default stratum number +ordinarily assigned by the driver itself, usually zero. +.It Cm refid Ar string +Specifies an ASCII string of from one to four characters which +defines the reference identifier used by the driver. +This string +overrides the default identifier ordinarily assigned by the driver +itself. +.It Cm mode Ar int +Specifies a mode number which is interpreted in a +device\-specific fashion. +For instance, it selects a dialing +protocol in the ACTS driver and a device subtype in the +parse +drivers. +.It Cm flag1 Cm 0 \&| Cm 1 +.It Cm flag2 Cm 0 \&| Cm 1 +.It Cm flag3 Cm 0 \&| Cm 1 +.It Cm flag4 Cm 0 \&| Cm 1 +These four flags are used for customizing the clock driver. +The +interpretation of these values, and whether they are used at all, +is a function of the particular clock driver. +However, by +convention +.Cm flag4 +is used to enable recording monitoring +data to the +.Cm clockstats +file configured with the +.Ic filegen +command. +Further information on the +.Ic filegen +command can be found in +.Sx Monitoring Options . +.El +.El +.Sh Miscellaneous Options +.Bl -tag -width indent +.It Ic broadcastdelay Ar seconds +The broadcast and multicast modes require a special calibration +to determine the network delay between the local and remote +servers. +Ordinarily, this is done automatically by the initial +protocol exchanges between the client and server. +In some cases, +the calibration procedure may fail due to network or server access +controls, for example. +This command specifies the default delay to +be used under these circumstances. +Typically (for Ethernet), a +number between 0.003 and 0.007 seconds is appropriate. +The default +when this command is not used is 0.004 seconds. +.It Ic calldelay Ar delay +This option controls the delay in seconds between the first and second +packets sent in burst or iburst mode to allow additional time for a modem +or ISDN call to complete. +.It Ic driftfile Ar driftfile +This command specifies the complete path and name of the file used to +record the frequency of the local clock oscillator. +This is the same +operation as the +.Fl f +command line option. +If the file exists, it is read at +startup in order to set the initial frequency and then updated once per +hour with the current frequency computed by the daemon. +If the file name is +specified, but the file itself does not exist, the starts with an initial +frequency of zero and creates the file when writing it for the first time. +If this command is not given, the daemon will always start with an initial +frequency of zero. +.Pp +The file format consists of a single line containing a single +floating point number, which records the frequency offset measured +in parts\-per\-million (PPM). +The file is updated by first writing +the current drift value into a temporary file and then renaming +this file to replace the old version. +This implies that +.Xr ntpd 8 +must have write permission for the directory the +drift file is located in, and that file system links, symbolic or +otherwise, should be avoided. +.It Ic dscp Ar value +This option specifies the Differentiated Services Control Point (DSCP) value, +a 6\-bit code. The default value is 46, signifying Expedited Forwarding. +.It Xo Ic enable +.Oo +.Cm auth | Cm bclient | +.Cm calibrate | Cm kernel | +.Cm mode7 | monitor | +.Cm ntp | Cm stats +.Oc +.Xc +.It Xo Ic disable +.Oo +.Cm auth | Cm bclient | +.Cm calibrate | Cm kernel | +.Cm mode7 | monitor | +.Cm ntp | Cm stats +.Oc +.Xc +Provides a way to enable or disable various server options. +Flags not mentioned are unaffected. +Note that all of these flags +can be controlled remotely using the +.Xr ntpdc 8 +utility program. +.Bl -tag -width indent +.It Cm auth +Enables the server to synchronize with unconfigured peers only if the +peer has been correctly authenticated using either public key or +private key cryptography. +The default for this flag is +.Ic enable . +.It Cm bclient +Enables the server to listen for a message from a broadcast or +multicast server, as in the +.Ic multicastclient +command with default +address. +The default for this flag is +.Ic disable . +.It Cm calibrate +Enables the calibrate feature for reference clocks. +The default for +this flag is +.Ic disable . +.It Cm kernel +Enables the kernel time discipline, if available. +The default for this +flag is +.Ic enable +if support is available, otherwise +.Ic disable . +.It Cm mode7 +Enables processing of NTP mode 7 implementation\-specific requests +which are used by the deprecated +.Xr ntpdc 8 +program. +The default for this flag is disable. +This flag is excluded from runtime configuration using +.Xr ntpq 8 . +The +.Xr ntpq 8 +program provides the same capabilities as +.Xr ntpdc 8 +using standard mode 6 requests. +.It Cm monitor +Enables the monitoring facility. +See the +.Xr ntpdc 8 +program +and the +.Ic monlist +command or further information. +The +default for this flag is +.Ic enable . +.It Cm ntp +Enables time and frequency discipline. +In effect, this switch opens and +closes the feedback loop, which is useful for testing. +The default for +this flag is +.Ic enable . +.It Cm stats +Enables the statistics facility. +See the +.Sx Monitoring Options +section for further information. +The default for this flag is +.Ic disable . +.El +.It Ic includefile Ar includefile +This command allows additional configuration commands +to be included from a separate file. +Include files may +be nested to a depth of five; upon reaching the end of any +include file, command processing resumes in the previous +configuration file. +This option is useful for sites that run +.Xr ntpd 8 +on multiple hosts, with (mostly) common options (e.g., a +restriction list). +.It Ic leapsmearinterval Ar seconds +This EXPERIMENTAL option is only available if +.Xr ntpd 8 +was built with the +.Cm \-\-enable\-leap\-smear +option to the +.Cm configure +script. +It specifies the interval over which a leap second correction will be applied. +Recommended values for this option are between +7200 (2 hours) and 86400 (24 hours). +.Sy DO NOT USE THIS OPTION ON PUBLIC\-ACCESS SERVERS! +See http://bugs.ntp.org/2855 for more information. +.It Ic logconfig Ar configkeyword +This command controls the amount and type of output written to +the system +.Xr syslog 3 +facility or the alternate +.Ic logfile +log file. +By default, all output is turned on. +All +.Ar configkeyword +keywords can be prefixed with +.Ql = , +.Ql + +and +.Ql \- , +where +.Ql = +sets the +.Xr syslog 3 +priority mask, +.Ql + +adds and +.Ql \- +removes +messages. +.Xr syslog 3 +messages can be controlled in four +classes +.Po +.Cm clock , +.Cm peer , +.Cm sys +and +.Cm sync +.Pc . +Within these classes four types of messages can be +controlled: informational messages +.Po +.Cm info +.Pc , +event messages +.Po +.Cm events +.Pc , +statistics messages +.Po +.Cm statistics +.Pc +and +status messages +.Po +.Cm status +.Pc . +.Pp +Configuration keywords are formed by concatenating the message class with +the event class. +The +.Cm all +prefix can be used instead of a message class. +A +message class may also be followed by the +.Cm all +keyword to enable/disable all +messages of the respective message class.Thus, a minimal log configuration +could look like this: +.Bd -literal +logconfig =syncstatus +sysevents +.Ed +.Pp +This would just list the synchronizations state of +.Xr ntpd 8 +and the major system events. +For a simple reference server, the +following minimum message configuration could be useful: +.Bd -literal +logconfig =syncall +clockall +.Ed +.Pp +This configuration will list all clock information and +synchronization information. +All other events and messages about +peers, system events and so on is suppressed. +.It Ic logfile Ar logfile +This command specifies the location of an alternate log file to +be used instead of the default system +.Xr syslog 3 +facility. +This is the same operation as the \-l command line option. +.It Ic setvar Ar variable Op Cm default +This command adds an additional system variable. +These +variables can be used to distribute additional information such as +the access policy. +If the variable of the form +.Sm off +.Va name = Ar value +.Sm on +is followed by the +.Cm default +keyword, the +variable will be listed as part of the default system variables +.Po +.Xr ntpq 8 +.Ic rv +command +.Pc ) . +These additional variables serve +informational purposes only. +They are not related to the protocol +other that they can be listed. +The known protocol variables will +always override any variables defined via the +.Ic setvar +mechanism. +There are three special variables that contain the names +of all variable of the same group. +The +.Va sys_var_list +holds +the names of all system variables. +The +.Va peer_var_list +holds +the names of all peer variables and the +.Va clock_var_list +holds the names of the reference clock variables. +.It Xo Ic tinker +.Oo +.Cm allan Ar allan | +.Cm dispersion Ar dispersion | +.Cm freq Ar freq | +.Cm huffpuff Ar huffpuff | +.Cm panic Ar panic | +.Cm step Ar step | +.Cm stepback Ar stepback | +.Cm stepfwd Ar stepfwd | +.Cm stepout Ar stepout +.Oc +.Xc +This command can be used to alter several system variables in +very exceptional circumstances. +It should occur in the +configuration file before any other configuration options. +The +default values of these variables have been carefully optimized for +a wide range of network speeds and reliability expectations. +In +general, they interact in intricate ways that are hard to predict +and some combinations can result in some very nasty behavior. +Very +rarely is it necessary to change the default values; but, some +folks cannot resist twisting the knobs anyway and this command is +for them. +Emphasis added: twisters are on their own and can expect +no help from the support group. +.Pp +The variables operate as follows: +.Bl -tag -width indent +.It Cm allan Ar allan +The argument becomes the new value for the minimum Allan +intercept, which is a parameter of the PLL/FLL clock discipline +algorithm. +The value in log2 seconds defaults to 7 (1024 s), which is also the lower +limit. +.It Cm dispersion Ar dispersion +The argument becomes the new value for the dispersion increase rate, +normally .000015 s/s. +.It Cm freq Ar freq +The argument becomes the initial value of the frequency offset in +parts\-per\-million. +This overrides the value in the frequency file, if +present, and avoids the initial training state if it is not. +.It Cm huffpuff Ar huffpuff +The argument becomes the new value for the experimental +huff\-n'\-puff filter span, which determines the most recent interval +the algorithm will search for a minimum delay. +The lower limit is +900 s (15 m), but a more reasonable value is 7200 (2 hours). +There +is no default, since the filter is not enabled unless this command +is given. +.It Cm panic Ar panic +The argument is the panic threshold, normally 1000 s. +If set to zero, +the panic sanity check is disabled and a clock offset of any value will +be accepted. +.It Cm step Ar step +The argument is the step threshold, which by default is 0.128 s. +It can +be set to any positive number in seconds. +If set to zero, step +adjustments will never occur. +Note: The kernel time discipline is +disabled if the step threshold is set to zero or greater than the +default. +.It Cm stepback Ar stepback +The argument is the step threshold for the backward direction, +which by default is 0.128 s. +It can +be set to any positive number in seconds. +If both the forward and backward step thresholds are set to zero, step +adjustments will never occur. +Note: The kernel time discipline is +disabled if +each direction of step threshold are either +set to zero or greater than .5 second. +.It Cm stepfwd Ar stepfwd +As for stepback, but for the forward direction. +.It Cm stepout Ar stepout +The argument is the stepout timeout, which by default is 900 s. +It can +be set to any positive number in seconds. +If set to zero, the stepout +pulses will not be suppressed. +.El +.It Xo Ic rlimit +.Oo +.Cm memlock Ar Nmegabytes | +.Cm stacksize Ar N4kPages +.Cm filenum Ar Nfiledescriptors +.Oc +.Xc +.Bl -tag -width indent +.It Cm memlock Ar Nmegabytes +Specify the number of megabytes of memory that should be +allocated and locked. +Probably only available under Linux, this option may be useful +when dropping root (the +.Fl i +option). +The default is 32 megabytes on non\-Linux machines, and \-1 under Linux. +-1 means "do not lock the process into memory". +0 means "lock whatever memory the process wants into memory". +.It Cm stacksize Ar N4kPages +Specifies the maximum size of the process stack on systems with the +.Fn mlockall +function. +Defaults to 50 4k pages (200 4k pages in OpenBSD). +.It Cm filenum Ar Nfiledescriptors +Specifies the maximum number of file descriptors ntpd may have open at once. Defaults to the system default. +.El +.It Xo Ic trap Ar host_address +.Op Cm port Ar port_number +.Op Cm interface Ar interface_address +.Xc +This command configures a trap receiver at the given host +address and port number for sending messages with the specified +local interface address. +If the port number is unspecified, a value +of 18447 is used. +If the interface address is not specified, the +message is sent with a source address of the local interface the +message is sent through. +Note that on a multihomed host the +interface used may vary from time to time with routing changes. +.Pp +The trap receiver will generally log event messages and other +information from the server in a log file. +While such monitor +programs may also request their own trap dynamically, configuring a +trap receiver will ensure that no messages are lost when the server +is started. +.It Cm hop Ar ... +This command specifies a list of TTL values in increasing order, up to 8 +values can be specified. +In manycast mode these values are used in turn in +an expanding\-ring search. +The default is eight multiples of 32 starting at +31. +.El +.Sh "OPTIONS" +.Bl -tag +.It Fl \-help +Display usage information and exit. +.It Fl \-more\-help +Pass the extended usage information through a pager. +.It Fl \-version Op Brq Ar v|c|n +Output version of program and exit. The default mode is `v', a simple +version. The `c' mode will print copyright information and `n' will +print the full copyright notice. +.El +.Sh "OPTION PRESETS" +Any option that is not marked as \fInot presettable\fP may be preset +by loading values from environment variables named: +.nf + \fBNTP_CONF_<option\-name>\fP or \fBNTP_CONF\fP +.fi +.ad +.Sh "ENVIRONMENT" +See \fBOPTION PRESETS\fP for configuration environment variables. +.Sh FILES +.Bl -tag -width /etc/ntp.drift -compact +.It Pa /etc/ntp.conf +the default name of the configuration file +.It Pa ntp.keys +private MD5 keys +.It Pa ntpkey +RSA private key +.It Pa ntpkey_ Ns Ar host +RSA public key +.It Pa ntp_dh +Diffie\-Hellman agreement parameters +.El +.Sh "EXIT STATUS" +One of the following exit values will be returned: +.Bl -tag +.It 0 " (EXIT_SUCCESS)" +Successful program execution. +.It 1 " (EXIT_FAILURE)" +The operation failed or the command syntax was not valid. +.It 70 " (EX_SOFTWARE)" +libopts had an internal operational error. Please report +it to autogen\-users@lists.sourceforge.net. Thank you. +.El +.Sh "SEE ALSO" +.Xr ntpd 8 , +.Xr ntpdc 8 , +.Xr ntpq 8 +.Pp +In addition to the manual pages provided, +comprehensive documentation is available on the world wide web +at +.Li http://www.ntp.org/ . +A snapshot of this documentation is available in HTML format in +.Pa /usr/share/doc/ntp . +.Rs +.%A David L. Mills +.%T Network Time Protocol (Version 4) +.%O RFC5905 +.Re +.Sh "AUTHORS" +The University of Delaware and Network Time Foundation +.Sh "COPYRIGHT" +Copyright (C) 1992\-2015 The University of Delaware and Network Time Foundation all rights reserved. +This program is released under the terms of the NTP license, <http://ntp.org/license>. +.Sh BUGS +The syntax checking is not picky; some combinations of +ridiculous and even hilarious options and modes may not be +detected. +.Pp +The +.Pa ntpkey_ Ns Ar host +files are really digital +certificates. +These should be obtained via secure directory +services when they become universally available. +.Pp +Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org +.Sh NOTES +This document was derived from FreeBSD. +.Pp +This manual page was \fIAutoGen\fP\-erated from the \fBntp.conf\fP +option definitions. diff --git a/usr.sbin/ntp/doc/ntp.keys.5 b/usr.sbin/ntp/doc/ntp.keys.5 new file mode 100644 index 0000000..b1bcb3c --- /dev/null +++ b/usr.sbin/ntp/doc/ntp.keys.5 @@ -0,0 +1,160 @@ +.Dd October 21 2015 +.Dt NTP_KEYS 5 File Formats +.Os SunOS 5.10 +.\" EDIT THIS FILE WITH CAUTION (ntp.mdoc) +.\" +.\" $FreeBSD$ +.\" +.\" It has been AutoGen-ed October 21, 2015 at 12:38:28 PM by AutoGen 5.18.5 +.\" From the definitions ntp.keys.def +.\" and the template file agmdoc-file.tpl +.Sh NAME +.Nm ntp.keys +.Nd NTP symmetric key file format + +.Sh NAME +.Nm ntp.keys +.Nd NTP symmetric key file format +.Sh SYNOPSIS +.Nm +.Op Fl \-option\-name +.Op Fl \-option\-name Ar value +.Pp +All arguments must be options. +.Pp +.Sh DESCRIPTION +This document describes the format of an NTP symmetric key file. +For a description of the use of this type of file, see the +.Qq Authentication Support +section of the +.Xr ntp.conf 5 +page. +.Pp +.Xr ntpd 8 +reads its keys from a file specified using the +.Fl k +command line option or the +.Ic keys +statement in the configuration file. +While key number 0 is fixed by the NTP standard +(as 56 zero bits) +and may not be changed, +one or more keys numbered between 1 and 65534 +may be arbitrarily set in the keys file. +.Pp +The key file uses the same comment conventions +as the configuration file. +Key entries use a fixed format of the form +.Pp +.D1 Ar keyno type key +.Pp +where +.Ar keyno +is a positive integer (between 1 and 65534), +.Ar type +is the message digest algorithm, +and +.Ar key +is the key itself. +.Pp +The +.Ar key +may be given in a format +controlled by the +.Ar type +field. +The +.Ar type +.Li MD5 +is always supported. +If +.Li ntpd +was built with the OpenSSL library +then any digest library supported by that library may be specified. +However, if compliance with FIPS 140\-2 is required the +.Ar type +must be either +.Li SHA +or +.Li SHA1 . +.Pp +What follows are some key types, and corresponding formats: +.Pp +.Bl -tag -width RMD160 -compact +.It Li MD5 +The key is 1 to 16 printable characters terminated by +an EOL, +whitespace, +or +a +.Li # +(which is the "start of comment" character). +.Pp +.It Li SHA +.It Li SHA1 +.It Li RMD160 +The key is a hex\-encoded ASCII string of 40 characters, +which is truncated as necessary. +.El +.Pp +Note that the keys used by the +.Xr ntpq 8 +and +.Xr ntpdc 8 +programs are checked against passwords +requested by the programs and entered by hand, +so it is generally appropriate to specify these keys in ASCII format. +.Sh "OPTIONS" +.Bl -tag +.It Fl \-help +Display usage information and exit. +.It Fl \-more\-help +Pass the extended usage information through a pager. +.It Fl \-version Op Brq Ar v|c|n +Output version of program and exit. The default mode is `v', a simple +version. The `c' mode will print copyright information and `n' will +print the full copyright notice. +.El +.Sh "OPTION PRESETS" +Any option that is not marked as \fInot presettable\fP may be preset +by loading values from environment variables named: +.nf + \fBNTP_KEYS_<option\-name>\fP or \fBNTP_KEYS\fP +.fi +.ad +.Sh "ENVIRONMENT" +See \fBOPTION PRESETS\fP for configuration environment variables. +.Sh FILES +.Bl -tag -width /etc/ntp.keys -compact +.It Pa /etc/ntp.keys +the default name of the configuration file +.El +.Sh "EXIT STATUS" +One of the following exit values will be returned: +.Bl -tag +.It 0 " (EXIT_SUCCESS)" +Successful program execution. +.It 1 " (EXIT_FAILURE)" +The operation failed or the command syntax was not valid. +.It 70 " (EX_SOFTWARE)" +libopts had an internal operational error. Please report +it to autogen\-users@lists.sourceforge.net. Thank you. +.El +.Sh "SEE ALSO" +.Xr ntp.conf 5 , +.Xr ntpd 8 , +.Xr ntpdate 8 , +.Xr ntpdc 8 , +.Xr sntp 8 +.Sh "AUTHORS" +The University of Delaware and Network Time Foundation +.Sh "COPYRIGHT" +Copyright (C) 1992\-2015 The University of Delaware and Network Time Foundation all rights reserved. +This program is released under the terms of the NTP license, <http://ntp.org/license>. +.Sh "BUGS" +Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org +.Sh NOTES +This document was derived from FreeBSD. +.Pp +This manual page was \fIAutoGen\fP\-erated from the \fBntp.keys\fP +option definitions. diff --git a/usr.sbin/ntp/doc/ntpd.8 b/usr.sbin/ntp/doc/ntpd.8 new file mode 100644 index 0000000..243f96d --- /dev/null +++ b/usr.sbin/ntp/doc/ntpd.8 @@ -0,0 +1,910 @@ +.Dd October 21 2015 +.Dt NTPD 8 User Commands +.Os +.\" EDIT THIS FILE WITH CAUTION (ntpd-opts.mdoc) +.\" +.\" $FreeBSD$ +.\" +.\" It has been AutoGen-ed October 21, 2015 at 12:38:30 PM by AutoGen 5.18.5 +.\" From the definitions ntpd-opts.def +.\" and the template file agmdoc-cmd.tpl +.Sh NAME +.Nm ntpd +.Nd NTP daemon program +.Sh SYNOPSIS +.Nm +.\" Mixture of short (flag) options and long options +.Op Fl flags +.Op Fl flag Op Ar value +.Op Fl \-option\-name Ns Oo Oo Ns "=| " Oc Ns Ar value Oc +[ <server1> ... <serverN> ] +.Pp +.Sh DESCRIPTION +The +.Nm +utility is an operating system daemon which sets +and maintains the system time of day in synchronism with Internet +standard time servers. +It is a complete implementation of the +Network Time Protocol (NTP) version 4, as defined by RFC\-5905, +but also retains compatibility with +version 3, as defined by RFC\-1305, and versions 1 +and 2, as defined by RFC\-1059 and RFC\-1119, respectively. +.Pp +The +.Nm +utility does most computations in 64\-bit floating point +arithmetic and does relatively clumsy 64\-bit fixed point operations +only when necessary to preserve the ultimate precision, about 232 +picoseconds. +While the ultimate precision is not achievable with +ordinary workstations and networks of today, it may be required +with future gigahertz CPU clocks and gigabit LANs. +.Pp +Ordinarily, +.Nm +reads the +.Xr ntp.conf 5 +configuration file at startup time in order to determine the +synchronization sources and operating modes. +It is also possible to +specify a working, although limited, configuration entirely on the +command line, obviating the need for a configuration file. +This may +be particularly useful when the local host is to be configured as a +broadcast/multicast client, with all peers being determined by +listening to broadcasts at run time. +.Pp +If NetInfo support is built into +.Nm , +then +.Nm +will attempt to read its configuration from the +NetInfo if the default +.Xr ntp.conf 5 +file cannot be read and no file is +specified by the +.Fl c +option. +.Pp +Various internal +.Nm +variables can be displayed and +configuration options altered while the +.Nm +is running +using the +.Xr ntpq 8 +and +.Xr ntpdc 8 +utility programs. +.Pp +When +.Nm +starts it looks at the value of +.Xr umask 2 , +and if zero +.Nm +will set the +.Xr umask 2 +to 022. +.Sh "OPTIONS" +.Bl -tag +.It Fl 4 , Fl \-ipv4 +Force IPv4 DNS name resolution. +This option must not appear in combination with any of the following options: +ipv6. +.sp +Force DNS resolution of following host names on the command line +to the IPv4 namespace. +.It Fl 6 , Fl \-ipv6 +Force IPv6 DNS name resolution. +This option must not appear in combination with any of the following options: +ipv4. +.sp +Force DNS resolution of following host names on the command line +to the IPv6 namespace. +.It Fl a , Fl \-authreq +Require crypto authentication. +This option must not appear in combination with any of the following options: +authnoreq. +.sp +Require cryptographic authentication for broadcast client, +multicast client and symmetric passive associations. +This is the default. +.It Fl A , Fl \-authnoreq +Do not require crypto authentication. +This option must not appear in combination with any of the following options: +authreq. +.sp +Do not require cryptographic authentication for broadcast client, +multicast client and symmetric passive associations. +This is almost never a good idea. +.It Fl b , Fl \-bcastsync +Allow us to sync to broadcast servers. +.sp +.It Fl c Ar string , Fl \-configfile Ns = Ns Ar string +configuration file name. +.sp +The name and path of the configuration file, +\fI/etc/ntp.conf\fP +by default. +.It Fl d , Fl \-debug\-level +Increase debug verbosity level. +This option may appear an unlimited number of times. +.sp +.It Fl D Ar number , Fl \-set\-debug\-level Ns = Ns Ar number +Set the debug verbosity level. +This option may appear an unlimited number of times. +This option takes an integer number as its argument. +.sp +.It Fl f Ar string , Fl \-driftfile Ns = Ns Ar string +frequency drift file name. +.sp +The name and path of the frequency file, +\fI/etc/ntp.drift\fP +by default. +This is the same operation as the +\fBdriftfile\fP \fIdriftfile\fP +configuration specification in the +\fI/etc/ntp.conf\fP +file. +.It Fl g , Fl \-panicgate +Allow the first adjustment to be Big. +This option may appear an unlimited number of times. +.sp +Normally, +\fBntpd\fP +exits with a message to the system log if the offset exceeds the panic threshold, which is 1000 s by default. This option allows the time to be set to any value without restriction; however, this can happen only once. If the threshold is exceeded after that, +\fBntpd\fP +will exit with a message to the system log. This option can be used with the +\fB\-q\fP +and +\fB\-x\fP +options. +See the +\fBtinker\fP +configuration file directive for other options. +.It Fl G , Fl \-force\-step\-once +Step any initial offset correction.. +.sp +Normally, +\fBntpd\fP +steps the time if the time offset exceeds the step threshold, +which is 128 ms by default, and otherwise slews the time. +This option forces the initial offset correction to be stepped, +so the highest time accuracy can be achieved quickly. +However, this may also cause the time to be stepped back +so this option must not be used if +applications requiring monotonic time are running. +See the \fBtinker\fP configuration file directive for other options. +.It Fl i Ar string , Fl \-jaildir Ns = Ns Ar string +Jail directory. +.sp +Chroot the server to the directory +\fIjaildir\fP +. +This option also implies that the server attempts to drop root privileges at startup. +You may need to also specify a +\fB\-u\fP +option. +This option is only available if the OS supports adjusting the clock +without full root privileges. +This option is supported under NetBSD (configure with +\fB\-\-enable\-clockctl\fP) or Linux (configure with +\fB\-\-enable\-linuxcaps\fP) or Solaris (configure with \fB\-\-enable\-solarisprivs\fP). +.It Fl I Ar iface , Fl \-interface Ns = Ns Ar iface +Listen on an interface name or address. +This option may appear an unlimited number of times. +.sp +Open the network address given, or all the addresses associated with the +given interface name. This option may appear multiple times. This option +also implies not opening other addresses, except wildcard and localhost. +This option is deprecated. Please consider using the configuration file +\fBinterface\fP command, which is more versatile. +.It Fl k Ar string , Fl \-keyfile Ns = Ns Ar string +path to symmetric keys. +.sp +Specify the name and path of the symmetric key file. +\fI/etc/ntp.keys\fP +is the default. +This is the same operation as the +\fBkeys\fP \fIkeyfile\fP +configuration file directive. +.It Fl l Ar string , Fl \-logfile Ns = Ns Ar string +path to the log file. +.sp +Specify the name and path of the log file. +The default is the system log file. +This is the same operation as the +\fBlogfile\fP \fIlogfile\fP +configuration file directive. +.It Fl L , Fl \-novirtualips +Do not listen to virtual interfaces. +.sp +Do not listen to virtual interfaces, defined as those with +names containing a colon. This option is deprecated. Please +consider using the configuration file \fBinterface\fP command, which +is more versatile. +.It Fl M , Fl \-modifymmtimer +Modify Multimedia Timer (Windows only). +.sp +Set the Windows Multimedia Timer to highest resolution. This +ensures the resolution does not change while ntpd is running, +avoiding timekeeping glitches associated with changes. +.It Fl n , Fl \-nofork +Do not fork. +This option must not appear in combination with any of the following options: +wait\-sync. +.sp +.It Fl N , Fl \-nice +Run at high priority. +.sp +To the extent permitted by the operating system, run +\fBntpd\fP +at the highest priority. +.It Fl p Ar string , Fl \-pidfile Ns = Ns Ar string +path to the PID file. +.sp +Specify the name and path of the file used to record +\fBntpd\fP's +process ID. +This is the same operation as the +\fBpidfile\fP \fIpidfile\fP +configuration file directive. +.It Fl P Ar number , Fl \-priority Ns = Ns Ar number +Process priority. +This option takes an integer number as its argument. +.sp +To the extent permitted by the operating system, run +\fBntpd\fP +at the specified +\fBsched_setscheduler(SCHED_FIFO)\fP +priority. +.It Fl q , Fl \-quit +Set the time and quit. +This option must not appear in combination with any of the following options: +saveconfigquit, wait\-sync. +.sp +\fBntpd\fP +will not daemonize and will exit after the clock is first +synchronized. This behavior mimics that of the +\fBntpdate\fP +program, which will soon be replaced with a shell script. +The +\fB\-g\fP +and +\fB\-x\fP +options can be used with this option. +Note: The kernel time discipline is disabled with this option. +.It Fl r Ar string , Fl \-propagationdelay Ns = Ns Ar string +Broadcast/propagation delay. +.sp +Specify the default propagation delay from the broadcast/multicast server to this client. This is necessary only if the delay cannot be computed automatically by the protocol. +.It Fl \-saveconfigquit Ns = Ns Ar string +Save parsed configuration and quit. +This option must not appear in combination with any of the following options: +quit, wait\-sync. +.sp +Cause \fBntpd\fP to parse its startup configuration file and save an +equivalent to the given filename and exit. This option was +designed for automated testing. +.It Fl s Ar string , Fl \-statsdir Ns = Ns Ar string +Statistics file location. +.sp +Specify the directory path for files created by the statistics facility. +This is the same operation as the +\fBstatsdir\fP \fIstatsdir\fP +configuration file directive. +.It Fl t Ar tkey , Fl \-trustedkey Ns = Ns Ar tkey +Trusted key number. +This option may appear an unlimited number of times. +.sp +Add the specified key number to the trusted key list. +.It Fl u Ar string , Fl \-user Ns = Ns Ar string +Run as userid (or userid:groupid). +.sp +Specify a user, and optionally a group, to switch to. +This option is only available if the OS supports adjusting the clock +without full root privileges. +This option is supported under NetBSD (configure with +\fB\-\-enable\-clockctl\fP) or Linux (configure with +\fB\-\-enable\-linuxcaps\fP) or Solaris (configure with \fB\-\-enable\-solarisprivs\fP). +.It Fl U Ar number , Fl \-updateinterval Ns = Ns Ar number +interval in seconds between scans for new or dropped interfaces. +This option takes an integer number as its argument. +.sp +Give the time in seconds between two scans for new or dropped interfaces. +For systems with routing socket support the scans will be performed shortly after the interface change +has been detected by the system. +Use 0 to disable scanning. 60 seconds is the minimum time between scans. +.It Fl \-var Ns = Ns Ar nvar +make ARG an ntp variable (RW). +This option may appear an unlimited number of times. +.sp +.It Fl \-dvar Ns = Ns Ar ndvar +make ARG an ntp variable (RW|DEF). +This option may appear an unlimited number of times. +.sp +.It Fl w Ar number , Fl \-wait\-sync Ns = Ns Ar number +Seconds to wait for first clock sync. +This option must not appear in combination with any of the following options: +nofork, quit, saveconfigquit. +This option takes an integer number as its argument. +.sp +If greater than zero, alters \fBntpd\fP's behavior when forking to +daemonize. Instead of exiting with status 0 immediately after +the fork, the parent waits up to the specified number of +seconds for the child to first synchronize the clock. The exit +status is zero (success) if the clock was synchronized, +otherwise it is \fBETIMEDOUT\fP. +This provides the option for a script starting \fBntpd\fP to easily +wait for the first set of the clock before proceeding. +.It Fl x , Fl \-slew +Slew up to 600 seconds. +.sp +Normally, the time is slewed if the offset is less than the step threshold, which is 128 ms by default, and stepped if above the threshold. +This option sets the threshold to 600 s, which is well within the accuracy window to set the clock manually. +Note: Since the slew rate of typical Unix kernels is limited to 0.5 ms/s, each second of adjustment requires an amortization interval of 2000 s. +Thus, an adjustment as much as 600 s will take almost 14 days to complete. +This option can be used with the +\fB\-g\fP +and +\fB\-q\fP +options. +See the +\fBtinker\fP +configuration file directive for other options. +Note: The kernel time discipline is disabled with this option. +.It Fl \-usepcc +Use CPU cycle counter (Windows only). +.sp +Attempt to substitute the CPU counter for \fBQueryPerformanceCounter\fP. +The CPU counter and \fBQueryPerformanceCounter\fP are compared, and if +they have the same frequency, the CPU counter (RDTSC on x86) is +used directly, saving the overhead of a system call. +.It Fl \-pccfreq Ns = Ns Ar string +Force CPU cycle counter use (Windows only). +.sp +Force substitution the CPU counter for \fBQueryPerformanceCounter\fP. +The CPU counter (RDTSC on x86) is used unconditionally with the +given frequency (in Hz). +.It Fl m , Fl \-mdns +Register with mDNS as a NTP server. +.sp +Registers as an NTP server with the local mDNS server which allows +the server to be discovered via mDNS client lookup. +.It Fl \&? , Fl \-help +Display usage information and exit. +.It Fl \&! , Fl \-more\-help +Pass the extended usage information through a pager. +.It Fl \-version Op Brq Ar v|c|n +Output version of program and exit. The default mode is `v', a simple +version. The `c' mode will print copyright information and `n' will +print the full copyright notice. +.El +.Sh "OPTION PRESETS" +Any option that is not marked as \fInot presettable\fP may be preset +by loading values from environment variables named: +.nf + \fBNTPD_<option\-name>\fP or \fBNTPD\fP +.fi +.ad +.Sh USAGE +.Ss "How NTP Operates" +The +.Nm +utility operates by exchanging messages with +one or more configured servers over a range of designated poll intervals. +When +started, whether for the first or subsequent times, the program +requires several exchanges from the majority of these servers so +the signal processing and mitigation algorithms can accumulate and +groom the data and set the clock. +In order to protect the network +from bursts, the initial poll interval for each server is delayed +an interval randomized over a few seconds. +At the default initial poll +interval of 64s, several minutes can elapse before the clock is +set. +This initial delay to set the clock +can be safely and dramatically reduced using the +.Cm iburst +keyword with the +.Ic server +configuration +command, as described in +.Xr ntp.conf 5 . +.Pp +Most operating systems and hardware of today incorporate a +time\-of\-year (TOY) chip to maintain the time during periods when +the power is off. +When the machine is booted, the chip is used to +initialize the operating system time. +After the machine has +synchronized to a NTP server, the operating system corrects the +chip from time to time. +In the default case, if +.Nm +detects that the time on the host +is more than 1000s from the server time, +.Nm +assumes something must be terribly wrong and the only +reliable action is for the operator to intervene and set the clock +by hand. +(Reasons for this include there is no TOY chip, +or its battery is dead, or that the TOY chip is just of poor quality.) +This causes +.Nm +to exit with a panic message to +the system log. +The +.Fl g +option overrides this check and the +clock will be set to the server time regardless of the chip time +(up to 68 years in the past or future \(em +this is a limitation of the NTPv4 protocol). +However, and to protect against broken hardware, such as when the +CMOS battery fails or the clock counter becomes defective, once the +clock has been set an error greater than 1000s will cause +.Nm +to exit anyway. +.Pp +Under ordinary conditions, +.Nm +adjusts the clock in +small steps so that the timescale is effectively continuous and +without discontinuities. +Under conditions of extreme network +congestion, the roundtrip delay jitter can exceed three seconds and +the synchronization distance, which is equal to one\-half the +roundtrip delay plus error budget terms, can become very large. +The +.Nm +algorithms discard sample offsets exceeding 128 ms, +unless the interval during which no sample offset is less than 128 +ms exceeds 900s. +The first sample after that, no matter what the +offset, steps the clock to the indicated time. +In practice this +reduces the false alarm rate where the clock is stepped in error to +a vanishingly low incidence. +.Pp +As the result of this behavior, once the clock has been set it +very rarely strays more than 128 ms even under extreme cases of +network path congestion and jitter. +Sometimes, in particular when +.Nm +is first started without a valid drift file +on a system with a large intrinsic drift +the error might grow to exceed 128 ms, +which would cause the clock to be set backwards +if the local clock time is more than 128 s +in the future relative to the server. +In some applications, this behavior may be unacceptable. +There are several solutions, however. +If the +.Fl x +option is included on the command line, the clock will +never be stepped and only slew corrections will be used. +But this choice comes with a cost that +should be carefully explored before deciding to use +the +.Fl x +option. +The maximum slew rate possible is limited +to 500 parts\-per\-million (PPM) as a consequence of the correctness +principles on which the NTP protocol and algorithm design are +based. +As a result, the local clock can take a long time to +converge to an acceptable offset, about 2,000 s for each second the +clock is outside the acceptable range. +During this interval the +local clock will not be consistent with any other network clock and +the system cannot be used for distributed applications that require +correctly synchronized network time. +.Pp +In spite of the above precautions, sometimes when large +frequency errors are present the resulting time offsets stray +outside the 128\-ms range and an eventual step or slew time +correction is required. +If following such a correction the +frequency error is so large that the first sample is outside the +acceptable range, +.Nm +enters the same state as when the +.Pa ntp.drift +file is not present. +The intent of this behavior +is to quickly correct the frequency and restore operation to the +normal tracking mode. +In the most extreme cases +(the host +.Cm time.ien.it +comes to mind), there may be occasional +step/slew corrections and subsequent frequency corrections. +It +helps in these cases to use the +.Cm burst +keyword when +configuring the server, but +ONLY +when you have permission to do so from the owner of the target host. +.Pp +Finally, +in the past many startup scripts would run +.Xr ntpdate 8 +or +.Xr sntp 8 +to get the system clock close to correct before starting +.Xr ntpd 8 , +but this was never more than a mediocre hack and is no longer needed. +If you are following the instructions in +.Sx "Starting NTP (Best Current Practice)" +and you still need to set the system time before starting +.Nm , +please open a bug report and document what is going on, +and then look at using +.Xr sntp 8 +if you really need to set the clock before starting +.Nm . +.Pp +There is a way to start +.Xr ntpd 8 +that often addresses all of the problems mentioned above. +.Ss "Starting NTP (Best Current Practice)" +First, use the +.Cm iburst +option on your +.Cm server +entries. +.Pp +If you can also keep a good +.Pa ntp.drift +file then +.Xr ntpd 8 +will effectively "warm\-start" and your system's clock will +be stable in under 11 seconds' time. +.Pp +As soon as possible in the startup sequence, start +.Xr ntpd 8 +with at least the +.Fl g +and perhaps the +.Fl N +options. +Then, +start the rest of your "normal" processes. +This will give +.Xr ntpd 8 +as much time as possible to get the system's clock synchronized and stable. +.Pp +Finally, +if you have processes like +.Cm dovecot +or database servers +that require +monotonically\-increasing time, +run +.Xr ntp\-wait 1ntp\-waitmdoc +as late as possible in the boot sequence +(perhaps with the +.Fl v +flag) +and after +.Xr ntp\-wait 1ntp\-waitmdoc +exits successfully +it is as safe as it will ever be to start any process that require +stable time. +.Ss "Frequency Discipline" +The +.Nm +behavior at startup depends on whether the +frequency file, usually +.Pa ntp.drift , +exists. +This file +contains the latest estimate of clock frequency error. +When the +.Nm +is started and the file does not exist, the +.Nm +enters a special mode designed to quickly adapt to +the particular system clock oscillator time and frequency error. +This takes approximately 15 minutes, after which the time and +frequency are set to nominal values and the +.Nm +enters +normal mode, where the time and frequency are continuously tracked +relative to the server. +After one hour the frequency file is +created and the current frequency offset written to it. +When the +.Nm +is started and the file does exist, the +.Nm +frequency is initialized from the file and enters normal mode +immediately. +After that the current frequency offset is written to +the file at hourly intervals. +.Ss "Operating Modes" +The +.Nm +utility can operate in any of several modes, including +symmetric active/passive, client/server broadcast/multicast and +manycast, as described in the +.Qq Association Management +page +(available as part of the HTML documentation +provided in +.Pa /usr/share/doc/ntp ) . +It normally operates continuously while +monitoring for small changes in frequency and trimming the clock +for the ultimate precision. +However, it can operate in a one\-time +mode where the time is set from an external server and frequency is +set from a previously recorded frequency file. +A +broadcast/multicast or manycast client can discover remote servers, +compute server\-client propagation delay correction factors and +configure itself automatically. +This makes it possible to deploy a +fleet of workstations without specifying configuration details +specific to the local environment. +.Pp +By default, +.Nm +runs in continuous mode where each of +possibly several external servers is polled at intervals determined +by an intricate state machine. +The state machine measures the +incidental roundtrip delay jitter and oscillator frequency wander +and determines the best poll interval using a heuristic algorithm. +Ordinarily, and in most operating environments, the state machine +will start with 64s intervals and eventually increase in steps to +1024s. +A small amount of random variation is introduced in order to +avoid bunching at the servers. +In addition, should a server become +unreachable for some time, the poll interval is increased in steps +to 1024s in order to reduce network overhead. +.Pp +In some cases it may not be practical for +.Nm +to run continuously. +A common workaround has been to run the +.Xr ntpdate 8 +or +.Xr sntp 8 +programs from a +.Xr cron 8 +job at designated +times. +However, these programs do not have the crafted signal +processing, error checking or mitigation algorithms of +.Nm . +The +.Fl q +option is intended for this purpose. +Setting this option will cause +.Nm +to exit just after +setting the clock for the first time. +The procedure for initially +setting the clock is the same as in continuous mode; most +applications will probably want to specify the +.Cm iburst +keyword with the +.Ic server +configuration command. +With this +keyword a volley of messages are exchanged to groom the data and +the clock is set in about 10 s. +If nothing is heard after a +couple of minutes, the daemon times out and exits. +After a suitable +period of mourning, the +.Xr ntpdate 8 +program will be +retired. +.Pp +When kernel support is available to discipline the clock +frequency, which is the case for stock Solaris, Tru64, Linux and +.Fx , +a useful feature is available to discipline the clock +frequency. +First, +.Nm +is run in continuous mode with +selected servers in order to measure and record the intrinsic clock +frequency offset in the frequency file. +It may take some hours for +the frequency and offset to settle down. +Then the +.Nm +is +stopped and run in one\-time mode as required. +At each startup, the +frequency is read from the file and initializes the kernel +frequency. +.Ss "Poll Interval Control" +This version of NTP includes an intricate state machine to +reduce the network load while maintaining a quality of +synchronization consistent with the observed jitter and wander. +There are a number of ways to tailor the operation in order enhance +accuracy by reducing the interval or to reduce network overhead by +increasing it. +However, the user is advised to carefully consider +the consequences of changing the poll adjustment range from the +default minimum of 64 s to the default maximum of 1,024 s. +The +default minimum can be changed with the +.Ic tinker +.Cm minpoll +command to a value not less than 16 s. +This value is used for all +configured associations, unless overridden by the +.Cm minpoll +option on the configuration command. +Note that most device drivers +will not operate properly if the poll interval is less than 64 s +and that the broadcast server and manycast client associations will +also use the default, unless overridden. +.Pp +In some cases involving dial up or toll services, it may be +useful to increase the minimum interval to a few tens of minutes +and maximum interval to a day or so. +Under normal operation +conditions, once the clock discipline loop has stabilized the +interval will be increased in steps from the minimum to the +maximum. +However, this assumes the intrinsic clock frequency error +is small enough for the discipline loop correct it. +The capture +range of the loop is 500 PPM at an interval of 64s decreasing by a +factor of two for each doubling of interval. +At a minimum of 1,024 +s, for example, the capture range is only 31 PPM. +If the intrinsic +error is greater than this, the drift file +.Pa ntp.drift +will +have to be specially tailored to reduce the residual error below +this limit. +Once this is done, the drift file is automatically +updated once per hour and is available to initialize the frequency +on subsequent daemon restarts. +.Ss "The huff\-n'\-puff Filter" +In scenarios where a considerable amount of data are to be +downloaded or uploaded over telephone modems, timekeeping quality +can be seriously degraded. +This occurs because the differential +delays on the two directions of transmission can be quite large. +In +many cases the apparent time errors are so large as to exceed the +step threshold and a step correction can occur during and after the +data transfer is in progress. +.Pp +The huff\-n'\-puff filter is designed to correct the apparent time +offset in these cases. +It depends on knowledge of the propagation +delay when no other traffic is present. +In common scenarios this +occurs during other than work hours. +The filter maintains a shift +register that remembers the minimum delay over the most recent +interval measured usually in hours. +Under conditions of severe +delay, the filter corrects the apparent offset using the sign of +the offset and the difference between the apparent delay and +minimum delay. +The name of the filter reflects the negative (huff) +and positive (puff) correction, which depends on the sign of the +offset. +.Pp +The filter is activated by the +.Ic tinker +command and +.Cm huffpuff +keyword, as described in +.Xr ntp.conf 5 . +.Sh "ENVIRONMENT" +See \fBOPTION PRESETS\fP for configuration environment variables. +.Sh FILES +.Bl -tag -width /etc/ntp.drift -compact +.It Pa /etc/ntp.conf +the default name of the configuration file +.It Pa /etc/ntp.drift +the default name of the drift file +.It Pa /etc/ntp.keys +the default name of the key file +.El +.Sh "EXIT STATUS" +One of the following exit values will be returned: +.Bl -tag +.It 0 " (EXIT_SUCCESS)" +Successful program execution. +.It 1 " (EXIT_FAILURE)" +The operation failed or the command syntax was not valid. +.It 70 " (EX_SOFTWARE)" +libopts had an internal operational error. Please report +it to autogen\-users@lists.sourceforge.net. Thank you. +.El +.Sh "SEE ALSO" +.Xr ntp.conf 5 , +.Xr ntpdate 8 , +.Xr ntpdc 8 , +.Xr ntpq 8 , +.Xr sntp 8 +.Pp +In addition to the manual pages provided, +comprehensive documentation is available on the world wide web +at +.Li http://www.ntp.org/ . +A snapshot of this documentation is available in HTML format in +.Pa /usr/share/doc/ntp . +.Rs +.%A David L. Mills +.%T Network Time Protocol (Version 1) +.%O RFC1059 +.Re +.Rs +.%A David L. Mills +.%T Network Time Protocol (Version 2) +.%O RFC1119 +.Re +.Rs +.%A David L. Mills +.%T Network Time Protocol (Version 3) +.%O RFC1305 +.Re +.Rs +.%A David L. Mills +.%A J. Martin, Ed. +.%A J. Burbank +.%A W. Kasch +.%T Network Time Protocol Version 4: Protocol and Algorithms Specification +.%O RFC5905 +.Re +.Rs +.%A David L. Mills +.%A B. Haberman, Ed. +.%T Network Time Protocol Version 4: Autokey Specification +.%O RFC5906 +.Re +.Rs +.%A H. Gerstung +.%A C. Elliott +.%A B. Haberman, Ed. +.%T Definitions of Managed Objects for Network Time Protocol Version 4: (NTPv4) +.%O RFC5907 +.Re +.Rs +.%A R. Gayraud +.%A B. Lourdelet +.%T Network Time Protocol (NTP) Server Option for DHCPv6 +.%O RFC5908 +.Re +.Sh "AUTHORS" +The University of Delaware and Network Time Foundation +.Sh "COPYRIGHT" +Copyright (C) 1992\-2015 The University of Delaware and Network Time Foundation all rights reserved. +This program is released under the terms of the NTP license, <http://ntp.org/license>. +.Sh BUGS +The +.Nm +utility has gotten rather fat. +While not huge, it has gotten +larger than might be desirable for an elevated\-priority +.Nm +running on a workstation, particularly since many of +the fancy features which consume the space were designed more with +a busy primary server, rather than a high stratum workstation in +mind. +.Pp +Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org +.Sh NOTES +Portions of this document came from FreeBSD. +.Pp +This manual page was \fIAutoGen\fP\-erated from the \fBntpd\fP +option definitions. diff --git a/usr.sbin/ntp/doc/ntpdate.8 b/usr.sbin/ntp/doc/ntpdate.8 new file mode 100644 index 0000000..e5aaecd --- /dev/null +++ b/usr.sbin/ntp/doc/ntpdate.8 @@ -0,0 +1,279 @@ +.\" +.\" $FreeBSD$ +.\" +.Dd May 17, 2006 +.Dt NTPDATE 8 +.Os +.Sh NAME +.Nm ntpdate +.Nd set the date and time via NTP +.Sh SYNOPSIS +.Nm +.Op Fl 46bBdoqsuv +.Op Fl a Ar key +.Op Fl e Ar authdelay +.Op Fl k Ar keyfile +.Op Fl o Ar version +.Op Fl p Ar samples +.Op Fl t Ar timeout +.Ar server ... +.Sh DESCRIPTION +.Em Note : +The functionality of this program is now available +in the +.Xr ntpd 8 +program. +See the +.Fl q +command line +option in the +.Xr ntpd 8 +page. +After a suitable period of +mourning, the +.Nm +utility is to be retired from this +distribution. +.Pp +The +.Nm +utility sets the local date and time by polling the +Network Time Protocol (NTP) server(s) given as the +.Ar server +arguments to determine the correct time. +It must be run as root on +the local host. +A number of samples are obtained from each of the +servers specified and a subset of the NTP clock filter and +selection algorithms are applied to select the best of these. +Note +that the accuracy and reliability of +.Nm +depends on +the number of servers, the number of polls each time it is run and +the interval between runs. +.Pp +The following options are available: +.Bl -tag -width indent +.It Fl 4 +Force DNS resolution of following host names on the command line to the +IPv4 namespace. +.It Fl 6 +Force DNS resolution of following host names on the command line to the +IPv6 namespace. +.It Fl a Ar key +Enable the authentication function and specify the key +identifier to be used for authentication as the argument +.Ar key . +The keys and key identifiers must match +in both the client and server key files. +The default is to disable +the authentication function. +.It Fl B +Force the time to always be slewed using the +.Xr adjtime 2 +system +call, even if the measured offset is greater than +-128 ms. +The +default is to step the time using +.Xr settimeofday 2 +if the offset is +greater than +-128 ms. +Note that, if the offset is much greater +than +-128 ms in this case, it can take a long time (hours) to +slew the clock to the correct value. +During this time, the host +should not be used to synchronize clients. +.It Fl b +Force the time to be stepped using the +.Xr settimeofday 2 +system +call, rather than slewed (default) using the +.Xr adjtime 2 +system call. +This option should be used when called from a startup file at boot +time. +.It Fl d +Enable the debugging mode, in which +.Nm +will go +through all the steps, but not adjust the local clock. +Information +useful for general debugging will also be printed. +.It Fl e Ar authdelay +Specify the processing delay to perform an authentication +function as the value +.Ar authdelay , +in seconds and fraction +(see +.Xr ntpd 8 +for details). +This number is usually small +enough to be negligible for most purposes, though specifying a +value may improve timekeeping on very slow CPU's. +.It Fl k Ar keyfile +Specify the path for the authentication key file as the string +.Ar keyfile . +The default is +.Pa /etc/ntp.keys . +This file +should be in the format described in +.Xr ntpd 8 . +.It Fl o Ar version +Specify the NTP version for outgoing packets as the integer +.Ar version , +which can be 1 or 2. +The default is 3. +This allows +.Nm +to be used with older NTP versions. +.It Fl p Ar samples +Specify the number of samples to be acquired from each server +as the integer +.Ar samples , +with values from 1 to 8 inclusive. +The default is 4. +.It Fl q +Query only - do not set the clock. +.It Fl s +Divert logging output from the standard output (default) to the +system +.Xr syslog 3 +facility. +This is designed primarily for +convenience of +.Xr cron 8 +scripts. +.It Fl t Ar timeout +Specify the maximum time waiting for a server response as the +value +.Ar timeout , +in seconds and fraction. +The value is +rounded to a multiple of 0.2 seconds. +The default is 1 second, a +value suitable for polling across a LAN. +.It Fl u +Direct +.Nm +to use an unprivileged port for outgoing +packets. +This is most useful when behind a firewall that blocks +incoming traffic to privileged ports, and you want to synchronise +with hosts beyond the firewall. +Note that the +.Fl d +option +always uses unprivileged ports. +.It Fl v +Be verbose. +This option will cause +.Nm Ns 's +version +identification string to be logged. +.El +.Pp +The +.Nm +utility can be run manually as necessary to set the +host clock, or it can be run from the host startup script to set +the clock at boot time. +This is useful in some cases to set the +clock initially before starting the NTP daemon +.Xr ntpd 8 . +It is +also possible to run +.Nm +from a +.Xr cron 8 +script. +However, it is important to note that +.Nm +with +contrived +.Xr cron 8 +scripts is no substitute for the NTP +daemon, which uses sophisticated algorithms to maximize accuracy +and reliability while minimizing resource use. +Finally, since +.Nm +does not discipline the host clock frequency as +does +.Xr ntpd 8 , +the accuracy using +.Nm +is +limited. +.Pp +Time adjustments are made by +.Nm +in one of two +ways. +If +.Nm +determines the clock is in error more +than 0.5 second it will simply step the time by calling the system +.Xr settimeofday 2 +routine. +If the error is less than 0.5 +seconds, it will slew the time by calling the system +.Xr adjtime 2 +routine. +The latter technique is less disruptive +and more accurate when the error is small, and works quite well +when +.Nm +is run by +.Xr cron 8 +every hour or +two. +.Pp +The +.Nm +utility will decline to set the date if an NTP server +daemon (e.g., +.Xr ntpd 8 ) +is running on the same host. +When +running +.Nm +on a regular basis from +.Xr cron 8 +as +an alternative to running a daemon, doing so once every hour or two +will result in precise enough timekeeping to avoid stepping the +clock. +.Pp +Note that in contexts where a host name is expected, a +.Fl 4 +qualifier preceding the host name forces DNS resolution to the +IPv4 namespace, while a +.Fl 6 +qualifier forces DNS resolution to the IPv6 namespace. +.Pp +If NetInfo support is compiled into +.Nm , +then the +.Cm server +argument is optional if +.Nm +can find a +time server in the NetInfo configuration for +.Xr ntpd 8 . +.Sh FILES +.Bl -tag -width /etc/ntp.keys -compact +.It Pa /etc/ntp.keys +contains the encryption keys used by +.Nm . +.El +.Sh SEE ALSO +.Xr ntpd 8 +.Sh BUGS +The slew adjustment is actually 50% larger than the measured +offset, since this (it is argued) will tend to keep a badly +drifting clock more accurate. +This is probably not a good idea and +may cause a troubling hunt for some values of the kernel variables +.Va kern.clockrate.tick +and +.Va kern.clockrate.tickadj . diff --git a/usr.sbin/ntp/doc/ntpdc.8 b/usr.sbin/ntp/doc/ntpdc.8 new file mode 100644 index 0000000..74129c4 --- /dev/null +++ b/usr.sbin/ntp/doc/ntpdc.8 @@ -0,0 +1,811 @@ +.Dd October 21 2015 +.Dt NTPDC 8 User Commands +.Os +.\" EDIT THIS FILE WITH CAUTION (ntpdc-opts.mdoc) +.\" +.\" $FreeBSD$ +.\" +.\" It has been AutoGen-ed October 21, 2015 at 12:38:57 PM by AutoGen 5.18.5 +.\" From the definitions ntpdc-opts.def +.\" and the template file agmdoc-cmd.tpl +.Sh NAME +.Nm ntpdc +.Nd vendor-specific NTPD control program +.Sh SYNOPSIS +.Nm +.\" Mixture of short (flag) options and long options +.Op Fl flags +.Op Fl flag Op Ar value +.Op Fl \-option\-name Ns Oo Oo Ns "=| " Oc Ns Ar value Oc +[ host ...] +.Pp +.Sh DESCRIPTION +.Nm +is deprecated. +Please use +.Xr ntpq 8 instead \- it can do everything +.Nm +used to do, and it does so using a much more sane interface. +.Pp +.Nm +is a utility program used to query +.Xr ntpd 8 +about its +current state and to request changes in that state. +It uses NTP mode 7 control message formats described in the source code. +The program may +be run either in interactive mode or controlled using command line +arguments. +Extensive state and statistics information is available +through the +.Nm +interface. +In addition, nearly all the +configuration options which can be specified at startup using +ntpd's configuration file may also be specified at run time using +.Nm . +.Sh "OPTIONS" +.Bl -tag +.It Fl 4 , Fl \-ipv4 +Force IPv4 DNS name resolution. +This option must not appear in combination with any of the following options: +ipv6. +.sp +Force DNS resolution of following host names on the command line +to the IPv4 namespace. +.It Fl 6 , Fl \-ipv6 +Force IPv6 DNS name resolution. +This option must not appear in combination with any of the following options: +ipv4. +.sp +Force DNS resolution of following host names on the command line +to the IPv6 namespace. +.It Fl c Ar cmd , Fl \-command Ns = Ns Ar cmd +run a command and exit. +This option may appear an unlimited number of times. +.sp +The following argument is interpreted as an interactive format command +and is added to the list of commands to be executed on the specified +host(s). +.It Fl d , Fl \-debug\-level +Increase debug verbosity level. +This option may appear an unlimited number of times. +.sp +.It Fl D Ar number , Fl \-set\-debug\-level Ns = Ns Ar number +Set the debug verbosity level. +This option may appear an unlimited number of times. +This option takes an integer number as its argument. +.sp +.It Fl i , Fl \-interactive +Force ntpq to operate in interactive mode. +This option must not appear in combination with any of the following options: +command, listpeers, peers, showpeers. +.sp +Force ntpq to operate in interactive mode. Prompts will be written +to the standard output and commands read from the standard input. +.It Fl l , Fl \-listpeers +Print a list of the peers. +This option must not appear in combination with any of the following options: +command. +.sp +Print a list of the peers known to the server as well as a summary of +their state. This is equivalent to the 'listpeers' interactive command. +.It Fl n , Fl \-numeric +numeric host addresses. +.sp +Output all host addresses in dotted\-quad numeric format rather than +converting to the canonical host names. +.It Fl p , Fl \-peers +Print a list of the peers. +This option must not appear in combination with any of the following options: +command. +.sp +Print a list of the peers known to the server as well as a summary +of their state. This is equivalent to the 'peers' interactive command. +.It Fl s , Fl \-showpeers +Show a list of the peers. +This option must not appear in combination with any of the following options: +command. +.sp +Print a list of the peers known to the server as well as a summary +of their state. This is equivalent to the 'dmpeers' interactive command. +.It Fl \&? , Fl \-help +Display usage information and exit. +.It Fl \&! , Fl \-more\-help +Pass the extended usage information through a pager. +.It Fl > Oo Ar cfgfile Oc , Fl \-save\-opts Oo Ns = Ns Ar cfgfile Oc +Save the option state to \fIcfgfile\fP. The default is the \fIlast\fP +configuration file listed in the \fBOPTION PRESETS\fP section, below. +The command will exit after updating the config file. +.It Fl < Ar cfgfile , Fl \-load\-opts Ns = Ns Ar cfgfile , Fl \-no\-load\-opts +Load options from \fIcfgfile\fP. +The \fIno\-load\-opts\fP form will disable the loading +of earlier config/rc/ini files. \fI\-\-no\-load\-opts\fP is handled early, +out of order. +.It Fl \-version Op Brq Ar v|c|n +Output version of program and exit. The default mode is `v', a simple +version. The `c' mode will print copyright information and `n' will +print the full copyright notice. +.El +.Sh "OPTION PRESETS" +Any option that is not marked as \fInot presettable\fP may be preset +by loading values from configuration ("RC" or ".INI") file(s) and values from +environment variables named: +.nf + \fBNTPDC_<option\-name>\fP or \fBNTPDC\fP +.fi +.ad +The environmental presets take precedence (are processed later than) +the configuration files. +The \fIhomerc\fP files are "\fI$HOME\fP", and "\fI.\fP". +If any of these are directories, then the file \fI.ntprc\fP +is searched for within those directories. +.Sh USAGE +If one or more request options are included on the command line +when +.Nm +is executed, each of the requests will be sent +to the NTP servers running on each of the hosts given as command +line arguments, or on localhost by default. +If no request options +are given, +.Nm +will attempt to read commands from the +standard input and execute these on the NTP server running on the +first host given on the command line, again defaulting to localhost +when no other host is specified. +The +.Nm +utility will prompt for +commands if the standard input is a terminal device. +.Pp +The +.Nm +utility uses NTP mode 7 packets to communicate with the +NTP server, and hence can be used to query any compatible server on +the network which permits it. +Note that since NTP is a UDP protocol +this communication will be somewhat unreliable, especially over +large distances in terms of network topology. +The +.Nm +utility makes +no attempt to retransmit requests, and will time requests out if +the remote host is not heard from within a suitable timeout +time. +.Pp +The operation of +.Nm +are specific to the particular +implementation of the +.Xr ntpd 8 +daemon and can be expected to +work only with this and maybe some previous versions of the daemon. +Requests from a remote +.Nm +utility which affect the +state of the local server must be authenticated, which requires +both the remote program and local server share a common key and key +identifier. +.Pp +Note that in contexts where a host name is expected, a +.Fl 4 +qualifier preceding the host name forces DNS resolution to the IPv4 namespace, +while a +.Fl 6 +qualifier forces DNS resolution to the IPv6 namespace. +Specifying a command line option other than +.Fl i +or +.Fl n +will cause the specified query (queries) to be sent to +the indicated host(s) immediately. +Otherwise, +.Nm +will +attempt to read interactive format commands from the standard +input. +.Ss "Interactive Commands" +Interactive format commands consist of a keyword followed by zero +to four arguments. +Only enough characters of the full keyword to +uniquely identify the command need be typed. +The output of a +command is normally sent to the standard output, but optionally the +output of individual commands may be sent to a file by appending a +.Ql \&> , +followed by a file name, to the command line. +.Pp +A number of interactive format commands are executed entirely +within the +.Nm +utility itself and do not result in NTP +mode 7 requests being sent to a server. +These are described +following. +.Bl -tag -width indent +.It Ic \&? Ar command_keyword +.It Ic help Ar command_keyword +A +.Sq Ic \&? +will print a list of all the command +keywords known to this incarnation of +.Nm . +A +.Sq Ic \&? +followed by a command keyword will print function and usage +information about the command. +This command is probably a better +source of information about +.Xr ntpq 8 +than this manual +page. +.It Ic delay Ar milliseconds +Specify a time interval to be added to timestamps included in +requests which require authentication. +This is used to enable +(unreliable) server reconfiguration over long delay network paths +or between machines whose clocks are unsynchronized. +Actually the +server does not now require timestamps in authenticated requests, +so this command may be obsolete. +.It Ic host Ar hostname +Set the host to which future queries will be sent. +Hostname may +be either a host name or a numeric address. +.It Ic hostnames Op Cm yes | Cm no +If +.Cm yes +is specified, host names are printed in +information displays. +If +.Cm no +is specified, numeric +addresses are printed instead. +The default is +.Cm yes , +unless +modified using the command line +.Fl n +switch. +.It Ic keyid Ar keyid +This command allows the specification of a key number to be +used to authenticate configuration requests. +This must correspond +to a key number the server has been configured to use for this +purpose. +.It Ic quit +Exit +.Nm . +.It Ic passwd +This command prompts you to type in a password (which will not +be echoed) which will be used to authenticate configuration +requests. +The password must correspond to the key configured for +use by the NTP server for this purpose if such requests are to be +successful. +.It Ic timeout Ar milliseconds +Specify a timeout period for responses to server queries. +The +default is about 8000 milliseconds. +Note that since +.Nm +retries each query once after a timeout, the total waiting time for +a timeout will be twice the timeout value set. +.El +.Ss "Control Message Commands" +Query commands result in NTP mode 7 packets containing requests for +information being sent to the server. +These are read\-only commands +in that they make no modification of the server configuration +state. +.Bl -tag -width indent +.It Ic listpeers +Obtains and prints a brief list of the peers for which the +server is maintaining state. +These should include all configured +peer associations as well as those peers whose stratum is such that +they are considered by the server to be possible future +synchronization candidates. +.It Ic peers +Obtains a list of peers for which the server is maintaining +state, along with a summary of that state. +Summary information +includes the address of the remote peer, the local interface +address (0.0.0.0 if a local address has yet to be determined), the +stratum of the remote peer (a stratum of 16 indicates the remote +peer is unsynchronized), the polling interval, in seconds, the +reachability register, in octal, and the current estimated delay, +offset and dispersion of the peer, all in seconds. +.Pp +The character in the left margin indicates the mode this peer +entry is operating in. +A +.Ql \&+ +denotes symmetric active, a +.Ql \&\- +indicates symmetric passive, a +.Ql \&= +means the +remote server is being polled in client mode, a +.Ql \&^ +indicates that the server is broadcasting to this address, a +.Ql \&~ +denotes that the remote peer is sending broadcasts and a +.Ql \&~ +denotes that the remote peer is sending broadcasts and a +.Ql \&* +marks the peer the server is currently synchronizing +to. +.Pp +The contents of the host field may be one of four forms. +It may +be a host name, an IP address, a reference clock implementation +name with its parameter or +.Fn REFCLK "implementation_number" "parameter" . +On +.Ic hostnames +.Cm no +only IP\-addresses +will be displayed. +.It Ic dmpeers +A slightly different peer summary list. +Identical to the output +of the +.Ic peers +command, except for the character in the +leftmost column. +Characters only appear beside peers which were +included in the final stage of the clock selection algorithm. +A +.Ql \&. +indicates that this peer was cast off in the falseticker +detection, while a +.Ql \&+ +indicates that the peer made it +through. +A +.Ql \&* +denotes the peer the server is currently +synchronizing with. +.It Ic showpeer Ar peer_address Oo Ar ... Oc +Shows a detailed display of the current peer variables for one +or more peers. +Most of these values are described in the NTP +Version 2 specification. +.It Ic pstats Ar peer_address Oo Ar ... Oc +Show per\-peer statistic counters associated with the specified +peer(s). +.It Ic clockstat Ar clock_peer_address Oo Ar ... Oc +Obtain and print information concerning a peer clock. +The +values obtained provide information on the setting of fudge factors +and other clock performance information. +.It Ic kerninfo +Obtain and print kernel phase\-lock loop operating parameters. +This information is available only if the kernel has been specially +modified for a precision timekeeping function. +.It Ic loopinfo Op Cm oneline | Cm multiline +Print the values of selected loop filter variables. +The loop +filter is the part of NTP which deals with adjusting the local +system clock. +The +.Sq offset +is the last offset given to the +loop filter by the packet processing code. +The +.Sq frequency +is the frequency error of the local clock in parts\-per\-million +(ppm). +The +.Sq time_const +controls the stiffness of the +phase\-lock loop and thus the speed at which it can adapt to +oscillator drift. +The +.Sq watchdog timer +value is the number +of seconds which have elapsed since the last sample offset was +given to the loop filter. +The +.Cm oneline +and +.Cm multiline +options specify the format in which this +information is to be printed, with +.Cm multiline +as the +default. +.It Ic sysinfo +Print a variety of system state variables, i.e., state related +to the local server. +All except the last four lines are described +in the NTP Version 3 specification, RFC\-1305. +.Pp +The +.Sq system flags +show various system flags, some of +which can be set and cleared by the +.Ic enable +and +.Ic disable +configuration commands, respectively. +These are +the +.Cm auth , +.Cm bclient , +.Cm monitor , +.Cm pll , +.Cm pps +and +.Cm stats +flags. +See the +.Xr ntpd 8 +documentation for the meaning of these flags. +There +are two additional flags which are read only, the +.Cm kernel_pll +and +.Cm kernel_pps . +These flags indicate +the synchronization status when the precision time kernel +modifications are in use. +The +.Sq kernel_pll +indicates that +the local clock is being disciplined by the kernel, while the +.Sq kernel_pps +indicates the kernel discipline is provided by the PPS +signal. +.Pp +The +.Sq stability +is the residual frequency error remaining +after the system frequency correction is applied and is intended for +maintenance and debugging. +In most architectures, this value will +initially decrease from as high as 500 ppm to a nominal value in +the range .01 to 0.1 ppm. +If it remains high for some time after +starting the daemon, something may be wrong with the local clock, +or the value of the kernel variable +.Va kern.clockrate.tick +may be +incorrect. +.Pp +The +.Sq broadcastdelay +shows the default broadcast delay, +as set by the +.Ic broadcastdelay +configuration command. +.Pp +The +.Sq authdelay +shows the default authentication delay, +as set by the +.Ic authdelay +configuration command. +.It Ic sysstats +Print statistics counters maintained in the protocol +module. +.It Ic memstats +Print statistics counters related to memory allocation +code. +.It Ic iostats +Print statistics counters maintained in the input\-output +module. +.It Ic timerstats +Print statistics counters maintained in the timer/event queue +support code. +.It Ic reslist +Obtain and print the server's restriction list. +This list is +(usually) printed in sorted order and may help to understand how +the restrictions are applied. +.It Ic monlist Op Ar version +Obtain and print traffic counts collected and maintained by the +monitor facility. +The version number should not normally need to be +specified. +.It Ic clkbug Ar clock_peer_address Oo Ar ... Oc +Obtain debugging information for a reference clock driver. +This +information is provided only by some clock drivers and is mostly +undecodable without a copy of the driver source in hand. +.El +.Ss "Runtime Configuration Requests" +All requests which cause state changes in the server are +authenticated by the server using a configured NTP key (the +facility can also be disabled by the server by not configuring a +key). +The key number and the corresponding key must also be made +known to +.Nm . +This can be done using the +.Ic keyid +and +.Ic passwd +commands, the latter of which will prompt at the terminal for a +password to use as the encryption key. +You will also be prompted +automatically for both the key number and password the first time a +command which would result in an authenticated request to the +server is given. +Authentication not only provides verification that +the requester has permission to make such changes, but also gives +an extra degree of protection again transmission errors. +.Pp +Authenticated requests always include a timestamp in the packet +data, which is included in the computation of the authentication +code. +This timestamp is compared by the server to its receive time +stamp. +If they differ by more than a small amount the request is +rejected. +This is done for two reasons. +First, it makes simple +replay attacks on the server, by someone who might be able to +overhear traffic on your LAN, much more difficult. +Second, it makes +it more difficult to request configuration changes to your server +from topologically remote hosts. +While the reconfiguration facility +will work well with a server on the local host, and may work +adequately between time\-synchronized hosts on the same LAN, it will +work very poorly for more distant hosts. +As such, if reasonable +passwords are chosen, care is taken in the distribution and +protection of keys and appropriate source address restrictions are +applied, the run time reconfiguration facility should provide an +adequate level of security. +.Pp +The following commands all make authenticated requests. +.Bl -tag -width indent +.It Xo Ic addpeer Ar peer_address +.Op Ar keyid +.Op Ar version +.Op Cm prefer +.Xc +Add a configured peer association at the given address and +operating in symmetric active mode. +Note that an existing +association with the same peer may be deleted when this command is +executed, or may simply be converted to conform to the new +configuration, as appropriate. +If the optional +.Ar keyid +is a +nonzero integer, all outgoing packets to the remote server will +have an authentication field attached encrypted with this key. +If +the value is 0 (or not given) no authentication will be done. +The +.Ar version +can be 1, 2 or 3 and defaults to 3. +The +.Cm prefer +keyword indicates a preferred peer (and thus will +be used primarily for clock synchronisation if possible). +The +preferred peer also determines the validity of the PPS signal \- if +the preferred peer is suitable for synchronisation so is the PPS +signal. +.It Xo Ic addserver Ar peer_address +.Op Ar keyid +.Op Ar version +.Op Cm prefer +.Xc +Identical to the addpeer command, except that the operating +mode is client. +.It Xo Ic broadcast Ar peer_address +.Op Ar keyid +.Op Ar version +.Op Cm prefer +.Xc +Identical to the addpeer command, except that the operating +mode is broadcast. +In this case a valid key identifier and key are +required. +The +.Ar peer_address +parameter can be the broadcast +address of the local network or a multicast group address assigned +to NTP. +If a multicast address, a multicast\-capable kernel is +required. +.It Ic unconfig Ar peer_address Oo Ar ... Oc +This command causes the configured bit to be removed from the +specified peer(s). +In many cases this will cause the peer +association to be deleted. +When appropriate, however, the +association may persist in an unconfigured mode if the remote peer +is willing to continue on in this fashion. +.It Xo Ic fudge Ar peer_address +.Op Cm time1 +.Op Cm time2 +.Op Ar stratum +.Op Ar refid +.Xc +This command provides a way to set certain data for a reference +clock. +See the source listing for further information. +.It Xo Ic enable +.Oo +.Cm auth | Cm bclient | +.Cm calibrate | Cm kernel | +.Cm monitor | Cm ntp | +.Cm pps | Cm stats +.Oc +.Xc +.It Xo Ic disable +.Oo +.Cm auth | Cm bclient | +.Cm calibrate | Cm kernel | +.Cm monitor | Cm ntp | +.Cm pps | Cm stats +.Oc +.Xc +These commands operate in the same way as the +.Ic enable +and +.Ic disable +configuration file commands of +.Xr ntpd 8 . +.Bl -tag -width indent +.It Cm auth +Enables the server to synchronize with unconfigured peers only +if the peer has been correctly authenticated using either public key +or private key cryptography. +The default for this flag is enable. +.It Cm bclient +Enables the server to listen for a message from a broadcast or +multicast server, as in the multicastclient command with +default address. +The default for this flag is disable. +.It Cm calibrate +Enables the calibrate feature for reference clocks. +The default for this flag is disable. +.It Cm kernel +Enables the kernel time discipline, if available. +The default for this flag is enable if support is available, otherwise disable. +.It Cm monitor +Enables the monitoring facility. +See the documentation here about the +.Cm monlist +command or further information. +The default for this flag is enable. +.It Cm ntp +Enables time and frequency discipline. +In effect, this switch opens and closes the feedback loop, +which is useful for testing. +The default for this flag is enable. +.It Cm pps +Enables the pulse\-per\-second (PPS) signal when frequency +and time is disciplined by the precision time kernel modifications. +See the +.Qq A Kernel Model for Precision Timekeeping +(available as part of the HTML documentation +provided in +.Pa /usr/share/doc/ntp ) +page for further information. +The default for this flag is disable. +.It Cm stats +Enables the statistics facility. +See the +.Sx Monitoring Options +section of +.Xr ntp.conf 5 +for further information. +The default for this flag is disable. +.El +.It Xo Ic restrict Ar address Ar mask +.Ar flag Oo Ar ... Oc +.Xc +This command operates in the same way as the +.Ic restrict +configuration file commands of +.Xr ntpd 8 . +.It Xo Ic unrestrict Ar address Ar mask +.Ar flag Oo Ar ... Oc +.Xc +Unrestrict the matching entry from the restrict list. +.It Xo Ic delrestrict Ar address Ar mask +.Op Cm ntpport +.Xc +Delete the matching entry from the restrict list. +.It Ic readkeys +Causes the current set of authentication keys to be purged and +a new set to be obtained by rereading the keys file (which must +have been specified in the +.Xr ntpd 8 +configuration file). +This +allows encryption keys to be changed without restarting the +server. +.It Ic trustedkey Ar keyid Oo Ar ... Oc +.It Ic untrustedkey Ar keyid Oo Ar ... Oc +These commands operate in the same way as the +.Ic trustedkey +and +.Ic untrustedkey +configuration file +commands of +.Xr ntpd 8 . +.It Ic authinfo +Returns information concerning the authentication module, +including known keys and counts of encryptions and decryptions +which have been done. +.It Ic traps +Display the traps set in the server. +See the source listing for +further information. +.It Xo Ic addtrap Ar address +.Op Ar port +.Op Ar interface +.Xc +Set a trap for asynchronous messages. +See the source listing +for further information. +.It Xo Ic clrtrap Ar address +.Op Ar port +.Op Ar interface +.Xc +Clear a trap for asynchronous messages. +See the source listing +for further information. +.It Ic reset +Clear the statistics counters in various modules of the server. +See the source listing for further information. +.El +.Sh "ENVIRONMENT" +See \fBOPTION PRESETS\fP for configuration environment variables. +.Sh "FILES" +See \fBOPTION PRESETS\fP for configuration files. +.Sh "EXIT STATUS" +One of the following exit values will be returned: +.Bl -tag +.It 0 " (EXIT_SUCCESS)" +Successful program execution. +.It 1 " (EXIT_FAILURE)" +The operation failed or the command syntax was not valid. +.It 66 " (EX_NOINPUT)" +A specified configuration file could not be loaded. +.It 70 " (EX_SOFTWARE)" +libopts had an internal operational error. Please report +it to autogen\-users@lists.sourceforge.net. Thank you. +.El +.Sh "SEE ALSO" +.Xr ntp.conf 5 , +.Xr ntpd 8 +.Rs +.%A David L. Mills +.%T Network Time Protocol (Version 3) +.%O RFC1305 +.Re +.Sh AUTHORS +The formatting directives in this document came from FreeBSD. +.Sh "COPYRIGHT" +Copyright (C) 1992\-2015 The University of Delaware and Network Time Foundation all rights reserved. +This program is released under the terms of the NTP license, <http://ntp.org/license>. +.Sh BUGS +The +.Nm +utility is a crude hack. +Much of the information it shows is +deadly boring and could only be loved by its implementer. +The +program was designed so that new (and temporary) features were easy +to hack in, at great expense to the program's ease of use. +Despite +this, the program is occasionally useful. +.Pp +Please report bugs to http://bugs.ntp.org . +.Pp +Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org +.Sh "NOTES" +This manual page was \fIAutoGen\fP\-erated from the \fBntpdc\fP +option definitions. diff --git a/usr.sbin/ntp/doc/ntpq.8 b/usr.sbin/ntp/doc/ntpq.8 new file mode 100644 index 0000000..bcd1fba --- /dev/null +++ b/usr.sbin/ntp/doc/ntpq.8 @@ -0,0 +1,966 @@ +.Dd October 21 2015 +.Dt NTPQ 8 User Commands +.Os +.\" EDIT THIS FILE WITH CAUTION (ntpq-opts.mdoc) +.\" +.\" $FreeBSD$ +.\" +.\" It has been AutoGen-ed October 21, 2015 at 12:39:29 PM by AutoGen 5.18.5 +.\" From the definitions ntpq-opts.def +.\" and the template file agmdoc-cmd.tpl +.Sh NAME +.Nm ntpq +.Nd standard NTP query program +.Sh SYNOPSIS +.Nm +.\" Mixture of short (flag) options and long options +.Op Fl flags +.Op Fl flag Op Ar value +.Op Fl \-option\-name Ns Oo Oo Ns "=| " Oc Ns Ar value Oc +[ host ...] +.Pp +.Sh DESCRIPTION +The +.Nm +utility program is used to query NTP servers which +implement the standard NTP mode 6 control message formats defined +in Appendix B of the NTPv3 specification RFC1305, requesting +information about current state and/or changes in that state. +The same formats are used in NTPv4, although some of the +variables have changed and new ones added. The description on this +page is for the NTPv4 variables. +The program may be run either in interactive mode or controlled using +command line arguments. +Requests to read and write arbitrary +variables can be assembled, with raw and pretty\-printed output +options being available. +The +.Nm +utility can also obtain and print a +list of peers in a common format by sending multiple queries to the +server. +If one or more request options is included on the command line +when +.Nm +is executed, each of the requests will be sent +to the NTP servers running on each of the hosts given as command +line arguments, or on localhost by default. +If no request options +are given, +.Nm +will attempt to read commands from the +standard input and execute these on the NTP server running on the +first host given on the command line, again defaulting to localhost +when no other host is specified. +The +.Nm +utility will prompt for +commands if the standard input is a terminal device. +.Nm +uses NTP mode 6 packets to communicate with the +NTP server, and hence can be used to query any compatible server on +the network which permits it. +Note that since NTP is a UDP protocol +this communication will be somewhat unreliable, especially over +large distances in terms of network topology. +The +.Nm +utility makes +one attempt to retransmit requests, and will time requests out if +the remote host is not heard from within a suitable timeout +time. +Specifying a +command line option other than +.Fl i +or +.Fl n +will +cause the specified query (queries) to be sent to the indicated +host(s) immediately. +Otherwise, +.Nm +will attempt to read +interactive format commands from the standard input. +.Ss "Internal Commands" +Interactive format commands consist of a keyword followed by zero +to four arguments. +Only enough characters of the full keyword to +uniquely identify the command need be typed. +A +number of interactive format commands are executed entirely within +the +.Nm +utility itself and do not result in NTP mode 6 +requests being sent to a server. +These are described following. +.Bl -tag -width "? [command_keyword]" -compact -offset indent +.It Ic ? Op Ar command_keyword +.It Ic help Op Ar command_keyword +A +.Ql \&? +by itself will print a list of all the command +keywords known to this incarnation of +.Nm . +A +.Ql \&? +followed by a command keyword will print function and usage +information about the command. +This command is probably a better +source of information about +.Nm +than this manual +page. +.It Ic addvars Ar variable_name Ns Xo Op Ic =value +.Ic ... +.Xc +.It Ic rmvars Ar variable_name Ic ... +.It Ic clearvars +.It Ic showvars +The data carried by NTP mode 6 messages consists of a list of +items of the form +.Ql variable_name=value , +where the +.Ql =value +is ignored, and can be omitted, +in requests to the server to read variables. +The +.Nm +utility maintains an internal list in which data to be included in control +messages can be assembled, and sent using the +.Ic readlist +and +.Ic writelist +commands described below. +The +.Ic addvars +command allows variables and their optional values to be added to +the list. +If more than one variable is to be added, the list should +be comma\-separated and not contain white space. +The +.Ic rmvars +command can be used to remove individual variables from the list, +while the +.Ic clearlist +command removes all variables from the +list. +The +.Ic showvars +command displays the current list of optional variables. +.It Ic authenticate Op yes | no +Normally +.Nm +does not authenticate requests unless +they are write requests. +The command +.Ql authenticate yes +causes +.Nm +to send authentication with all requests it +makes. +Authenticated requests causes some servers to handle +requests slightly differently, and can occasionally melt the CPU in +fuzzballs if you turn authentication on before doing a +.Ic peer +display. +The command +.Ql authenticate +causes +.Nm +to display whether or not +.Nm +is currently autheinticating requests. +.It Ic cooked +Causes output from query commands to be "cooked", so that +variables which are recognized by +.Nm +will have their +values reformatted for human consumption. +Variables which +.Nm +thinks should have a decodable value but didn't are +marked with a trailing +.Ql \&? . +.It Xo +.Ic debug +.Oo +.Cm more | +.Cm less | +.Cm off +.Oc +.Xc +With no argument, displays the current debug level. +Otherwise, the debug level is changed to the indicated level. +.It Ic delay Ar milliseconds +Specify a time interval to be added to timestamps included in +requests which require authentication. +This is used to enable +(unreliable) server reconfiguration over long delay network paths +or between machines whose clocks are unsynchronized. +Actually the +server does not now require timestamps in authenticated requests, +so this command may be obsolete. +.It Ic exit +Exit +.Nm . +.It Ic host Ar hostname +Set the host to which future queries will be sent. +.Ar hostname +may be either a host name or a numeric address. +.It Ic hostnames Op Cm yes | Cm no +If +.Cm yes +is specified, host names are printed in +information displays. +If +.Cm no +is specified, numeric +addresses are printed instead. +The default is +.Cm yes , +unless +modified using the command line +.Fl n +switch. +.It Ic keyid Ar keyid +This command allows the specification of a key number to be +used to authenticate configuration requests. +This must correspond +to the +.Cm controlkey +key number the server has been configured to use for this +purpose. +.It Ic keytype Xo Oo +.Cm md5 | +.Cm OpenSSLDigestType +.Oc +.Xc +Specify the type of key to use for authenticating requests. +.Cm md5 +is alway supported. +If +.Nm +was built with OpenSSL support, +any digest type supported by OpenSSL can also be provided. +If no argument is given, the current +.Ic keytype +is displayed. +.It Ic ntpversion Xo Oo +.Cm 1 | +.Cm 2 | +.Cm 3 | +.Cm 4 +.Oc +.Xc +Sets the NTP version number which +.Nm +claims in +packets. +Defaults to 3, and note that mode 6 control messages (and +modes, for that matter) didn't exist in NTP version 1. +There appear +to be no servers left which demand version 1. +With no argument, displays the current NTP version that will be used +when communicating with servers. +.It Ic passwd +This command prompts you to type in a password (which will not +be echoed) which will be used to authenticate configuration +requests. +The password must correspond to the key configured for +use by the NTP server for this purpose if such requests are to be +successful. +.\" Not yet implemented. +.\" .It Ic poll +.\" .Op Ar n +.\" .Op Ic verbose +.\" Poll an NTP server in client mode +.\" .Ar n +.\" times. +.It Ic quit +Exit +.Nm . +.It Ic raw +Causes all output from query commands is printed as received +from the remote server. +The only formating/interpretation done on +the data is to transform nonascii data into a printable (but barely +understandable) form. +.It Ic timeout Ar milliseconds +Specify a timeout period for responses to server queries. +The +default is about 5000 milliseconds. +Note that since +.Nm +retries each query once after a timeout, the total waiting time for +a timeout will be twice the timeout value set. +.It Ic version +Print the version of the +.Nm +program. +.El +.Ss "Control Message Commands" +Association IDs are used to identify system, peer and clock variables. +System variables are assigned an association ID of zero and system name space, while each association is assigned a nonzero association ID and peer namespace. +Most control commands send a single mode\-6 message to the server and expect a single response message. +The exceptions are the +.Li peers +command, which sends a series of messages, +and the +.Li mreadlist +and +.Li mreadvar +commands, which iterate over a range of associations. +.Bl -tag -width "something" -compact -offset indent +.It Cm associations +Display a list of mobilized associations in the form: +.Dl ind assid status conf reach auth condition last_event cnt +.Bl -column -offset indent ".Sy Variable" ".Sy Description" +.It Sy String Ta Sy Description +.It Li ind Ta index on this list +.It Li assid Ta association ID +.It Li status Ta peer status word +.It Li conf Ta Li yes : persistent, Li no : ephemeral +.It Li reach Ta Li yes : reachable, Li no : unreachable +.It Li auth Ta Li ok , Li yes , Li bad and Li none +.It Li condition Ta selection status (see the Li select field of the peer status word) +.It Li last_event Ta event report (see the Li event field of the peer status word) +.It Li cnt Ta event count (see the Li count field of the peer status word) +.El +.It Cm authinfo +Display the authentication statistics. +.It Cm clockvar Ar assocID Oo Ar name Ns Oo Cm = Ns Ar value Oc Oc Op ... +.It Cm cv Ar assocID Oo Ar name Ns Oo Cm = Ns Ar value Oc Oc Op ... +Display a list of clock variables for those associations supporting a reference clock. +.It Cm :config Op ... +Send the remainder of the command line, including whitespace, to the server as a run\-time configuration command in the same format as a line in the configuration file. This command is experimental until further notice and clarification. Authentication is of course required. +.It Cm config\-from\-file Ar filename +Send the each line of +.Ar filename +to the server as run\-time configuration commands in the same format as a line in the configuration file. This command is experimental until further notice and clarification. Authentication is required. +.It Ic ifstats +Display statistics for each local network address. Authentication is required. +.It Ic iostats +Display network and reference clock I/O statistics. +.It Ic kerninfo +Display kernel loop and PPS statistics. As with other ntpq output, times are in milliseconds. The precision value displayed is in milliseconds as well, unlike the precision system variable. +.It Ic lassociations +Perform the same function as the associations command, except display mobilized and unmobilized associations. +.It Ic lopeers Xo +.Oo Ic \-4 | +.Ic \-6 +.Oc +.Xc +Obtain and print a list of all peers and clients showing +.Ar dstadr +(associated with any given IP version). +.It Ic lpeers Xo +.Oo Ic \-4 | +.Ic \-6 +.Oc +.Xc +Print a peer spreadsheet for the appropriate IP version(s). +.Ar dstadr +(associated with any given IP version). +.It Ic monstats +Display monitor facility statistics. +.It Ic mrulist Oo Ic limited | Ic kod | Ic mincount Ns = Ns Ar count | Ic laddr Ns = Ns Ar localaddr | Ic sort Ns = Ns Ar sortorder | Ic resany Ns = Ns Ar hexmask | Ic resall Ns = Ns Ar hexmask Oc +Obtain and print traffic counts collected and maintained by the monitor facility. +With the exception of +.Cm sort Ns = Ns Ar sortorder , +the options filter the list returned by +.Cm ntpd. +The +.Cm limited +and +.Cm kod +options return only entries representing client addresses from which the last packet received triggered either discarding or a KoD response. +The +.Cm mincount Ns = Ns Ar count +option filters entries representing less than +.Ar count +packets. +The +.Cm laddr Ns = Ns Ar localaddr +option filters entries for packets received on any local address other than +.Ar localaddr . +.Cm resany Ns = Ns Ar hexmask +and +.Cm resall Ns = Ns Ar hexmask +filter entries containing none or less than all, respectively, of the bits in +.Ar hexmask , +which must begin with +.Cm 0x . +The +.Ar sortorder +defaults to +.Cm lstint +and may be any of +.Cm addr , +.Cm count , +.Cm avgint , +.Cm lstint , +or any of those preceded by a minus sign (hyphen) to reverse the sort order. +The output columns are: +.Bl -tag -width "something" -compact -offset indent +.It Column +Description +.It Ic lstint +Interval in s between the receipt of the most recent packet from this address and the completion of the retrieval of the MRU list by +.Nm . +.It Ic avgint +Average interval in s between packets from this address. +.It Ic rstr +Restriction flags associated with this address. +Most are copied unchanged from the matching +.Ic restrict +command, however 0x400 (kod) and 0x20 (limited) flags are cleared unless the last packet from this address triggered a rate control response. +.It Ic r +Rate control indicator, either +a period, +.Ic L +or +.Ic K +for no rate control response, +rate limiting by discarding, or rate limiting with a KoD response, respectively. +.It Ic m +Packet mode. +.It Ic v +Packet version number. +.It Ic count +Packets received from this address. +.It Ic rport +Source port of last packet from this address. +.It Ic remote address +DNS name, numeric address, or address followed by +claimed DNS name which could not be verified in parentheses. +.El +.It Ic mreadvar assocID assocID Oo Ar variable_name Ns Oo = Ns Ar value Oc Oc ... +.It Ic mrv assocID assocID Oo Ar variable_name Ns Oo = Ns Ar value Oc Oc ... +Perform the same function as the +.Ic readvar +command, except for a range of association IDs. +This range is determined from the association list cached by the most recent +.Ic associations +command. +.It Ic opeers Xo +.Oo Ic \-4 | +.Ic \-6 +.Oc +.Xc +Obtain and print the old\-style list of all peers and clients showing +.Ar dstadr +(associated with any given IP version), +rather than the +.Ar refid . +.It Ic passociations +Perform the same function as the +.Ic associations +command, +except that it uses previously stored data rather than making a new query. +.It Ic peers +Display a list of peers in the form: +.Dl [tally]remote refid st t when pool reach delay offset jitter +.Bl -tag -width "something" -compact -offset indent +.It Variable +Description +.It Ic [tally] +single\-character code indicating current value of the +.Ic select +field of the +.Lk decode.html#peer "peer status word" +.It Ic remote +host name (or IP number) of peer. +The value displayed will be truncated to 15 characters unless the +.Fl w +flag is given, in which case the full value will be displayed +on the first line, +and the remaining data is displayed on the next line. +.It Ic refid +association ID or +.Lk decode.html#kiss "'kiss code" +.It Ic st +stratum +.It Ic t +.Ic u : +unicast or manycast client, +.Ic b : +broadcast or multicast client, +.Ic l : +local (reference clock), +.Ic s : +symmetric (peer), +.Ic A : +manycast server, +.Ic B : +broadcast server, +.Ic M : +multicast server +.It Ic when +sec/min/hr since last received packet +.It Ic poll +poll interval (log2 s) +.It Ic reach +reach shift register (octal) +.It Ic delay +roundtrip delay +.It Ic offset +offset of server relative to this host +.It Ic jitter +jitter +.El +.It Ic apeers +Display a list of peers in the form: +.Dl [tally]remote refid assid st t when pool reach delay offset jitter +where the output is just like the +.Ic peers +command except that the +.Ic refid +is displayed in hex format and the association number is also displayed. +.It Ic pstats Ar assocID +Show the statistics for the peer with the given +.Ar assocID . +.It Ic readlist Ar assocID +.It Ic rl Ar assocID +Read the system or peer variables included in the variable list. +.It Ic readvar Ar assocID Ar name Ns Oo Ns = Ns Ar value Oc Oo , ... Oc +.It Ic rv Ar assocID Ar name Ns Oo Ns = Ns Ar value Oc Oo , ... Oc +Display the specified variables. +If +.Ar assocID +is zero, the variables are from the +.Sx System Variables +name space, otherwise they are from the +.Sx Peer Variables +name space. +The +.Ar assocID +is required, as the same name can occur in both spaces. +If no +.Ar name +is included, all operative variables in the name space are displayed. +In this case only, if the +.Ar assocID +is omitted, it is assumed zero. +Multiple names are specified with comma separators and without whitespace. +Note that time values are represented in milliseconds +and frequency values in parts\-per\-million (PPM). +Some NTP timestamps are represented in the format +YYYYMMDDTTTT , +where YYYY is the year, +MM the month of year, +DD the day of month and +TTTT the time of day. +.It Ic reslist +Show the access control (restrict) list for +.Nm . +.It Ic saveconfig Ar filename +Write the current configuration, +including any runtime modifications given with +.Ic :config +or +.Ic config\-from\-file , +to the ntpd host's file +.Ar filename . +This command will be rejected by the server unless +.Lk miscopt.html#saveconfigdir "saveconfigdir" +appears in the +.Ic ntpd +configuration file. +.Ar filename +can use +.Xr strftime +format specifies to substitute the current date and time, for example, +.Ic q]saveconfig ntp\-%Y%m%d\-%H%M%S.confq] . +The filename used is stored in system variable +.Ic savedconfig . +Authentication is required. +.It Ic timerstats +Display interval timer counters. +.It Ic writelist Ar assocID +Write the system or peer variables included in the variable list. +.It Ic writevar Ar assocID Ar name Ns = Ns Ar value Op , ... +Write the specified variables. +If the +.Ar assocID +is zero, the variables are from the +.Sx System Variables +name space, otherwise they are from the +.Sx Peer Variables +name space. +The +.Ar assocID +is required, as the same name can occur in both spaces. +.It Ic sysinfo +Display operational summary. +.It Ic sysstats +Print statistics counters maintained in the protocol module. +.El +.Ss Status Words and Kiss Codes +The current state of the operating program is shown +in a set of status words +maintained by the system. +Status information is also available on a per\-association basis. +These words are displayed in the +.Ic rv +and +.Ic as +commands both in hexadecimal and in decoded short tip strings. +The codes, tips and short explanations are documented on the +.Lk decode.html "Event Messages and Status Words" +page. +The page also includes a list of system and peer messages, +the code for the latest of which is included in the status word. +.Pp +Information resulting from protocol machine state transitions +is displayed using an informal set of ASCII strings called +.Lk decode.html#kiss "kiss codes" . +The original purpose was for kiss\-o'\-death (KoD) packets +sent by the server to advise the client of an unusual condition. +They are now displayed, when appropriate, +in the reference identifier field in various billboards. +.Ss System Variables +The following system variables appear in the +.Ic rv +billboard. +Not all variables are displayed in some configurations. +.Bl -tag -width "something" -compact -offset indent +.It Variable +Description +.It Ic status +.Lk decode.html#sys "system status word" +.It Ic version +NTP software version and build time +.It Ic processor +hardware platform and version +.It Ic system +operating system and version +.It Ic leap +leap warning indicator (0\-3) +.It Ic stratum +stratum (1\-15) +.It Ic precision +precision (log2 s) +.It Ic rootdelay +total roundtrip delay to the primary reference clock +.It Ic rootdisp +total dispersion to the primary reference clock +.It Ic peer +system peer association ID +.It Ic tc +time constant and poll exponent (log2 s) (3\-17) +.It Ic mintc +minimum time constant (log2 s) (3\-10) +.It Ic clock +date and time of day +.It Ic refid +reference ID or +.Lk decode.html#kiss "kiss code" +.It Ic reftime +reference time +.It Ic offset +combined offset of server relative to this host +.It Ic sys_jitter +combined system jitter +.It Ic frequency +frequency offset (PPM) relative to hardware clock +.It Ic clk_wander +clock frequency wander (PPM) +.It Ic clk_jitter +clock jitter +.It Ic tai +TAI\-UTC offset (s) +.It Ic leapsec +NTP seconds when the next leap second is/was inserted +.It Ic expire +NTP seconds when the NIST leapseconds file expires +.El +The jitter and wander statistics are exponentially\-weighted RMS averages. +The system jitter is defined in the NTPv4 specification; +the clock jitter statistic is computed by the clock discipline module. +.Pp +When the NTPv4 daemon is compiled with the OpenSSL software library, +additional system variables are displayed, +including some or all of the following, +depending on the particular Autokey dance: +.Bl -tag -width "something" -compact -offset indent +.It Variable +Description +.It Ic host +Autokey host name for this host +.It Ic ident +Autokey group name for this host +.It Ic flags +host flags (see Autokey specification) +.It Ic digest +OpenSSL message digest algorithm +.It Ic signature +OpenSSL digest/signature scheme +.It Ic update +NTP seconds at last signature update +.It Ic cert +certificate subject, issuer and certificate flags +.It Ic until +NTP seconds when the certificate expires +.El +.Ss Peer Variables +The following peer variables appear in the +.Ic rv +billboard for each association. +Not all variables are displayed in some configurations. +.Bl -tag -width "something" -compact -offset indent +.It Variable +Description +.It Ic associd +association ID +.It Ic status +.Lk decode.html#peer "peer status word" +.It Ic srcadr +source (remote) IP address +.It Ic srcport +source (remote) port +.It Ic dstadr +destination (local) IP address +.It Ic dstport +destination (local) port +.It Ic leap +leap indicator (0\-3) +.It Ic stratum +stratum (0\-15) +.It Ic precision +precision (log2 s) +.It Ic rootdelay +total roundtrip delay to the primary reference clock +.It Ic rootdisp +total root dispersion to the primary reference clock +.It Ic refid +reference ID or +.Lk decode.html#kiss "kiss code" +.It Ic reftime +reference time +.It Ic reach +reach register (octal) +.It Ic unreach +unreach counter +.It Ic hmode +host mode (1\-6) +.It Ic pmode +peer mode (1\-5) +.It Ic hpoll +host poll exponent (log2 s) (3\-17) +.It Ic ppoll +peer poll exponent (log2 s) (3\-17) +.It Ic headway +headway (see +.Lk rate.html "Rate Management and the Kiss\-o'\-Death Packet" ) +.It Ic flash +.Lk decode.html#flash "flash status word" +.It Ic offset +filter offset +.It Ic delay +filter delay +.It Ic dispersion +filter dispersion +.It Ic jitter +filter jitter +.It Ic ident +Autokey group name for this association +.It Ic bias +unicast/broadcast bias +.It Ic xleave +interleave delay (see +.Lk xleave.html "NTP Interleaved Modes" ) +.El +The +.Ic bias +variable is calculated when the first broadcast packet is received +after the calibration volley. +It represents the offset of the broadcast subgraph relative to the unicast subgraph. +The +.Ic xleave +variable appears only for the interleaved symmetric and interleaved modes. +It represents the internal queuing, buffering and transmission delays +for the preceding packet. +.Pp +When the NTPv4 daemon is compiled with the OpenSSL software library, +additional peer variables are displayed, including the following: +.Bl -tag -width "something" -compact -offset indent +.It Variable +Description +.It Ic flags +peer flags (see Autokey specification) +.It Ic host +Autokey server name +.It Ic flags +peer flags (see Autokey specification) +.It Ic signature +OpenSSL digest/signature scheme +.It Ic initsequence +initial key ID +.It Ic initkey +initial key index +.It Ic timestamp +Autokey signature timestamp +.El +.Ss Clock Variables +The following clock variables appear in the +.Ic cv +billboard for each association with a reference clock. +Not all variables are displayed in some configurations. +.Bl -tag -width "something" -compact -offset indent +.It Variable +Description +.It Ic associd +association ID +.It Ic status +.Lk decode.html#clock "clock status word" +.It Ic device +device description +.It Ic timecode +ASCII time code string (specific to device) +.It Ic poll +poll messages sent +.It Ic noreply +no reply +.It Ic badformat +bad format +.It Ic baddata +bad date or time +.It Ic fudgetime1 +fudge time 1 +.It Ic fudgetime2 +fudge time 2 +.It Ic stratum +driver stratum +.It Ic refid +driver reference ID +.It Ic flags +driver flags +.El +.Sh "OPTIONS" +.Bl -tag +.It Fl 4 , Fl \-ipv4 +Force IPv4 DNS name resolution. +This option must not appear in combination with any of the following options: +ipv6. +.sp +Force DNS resolution of following host names on the command line +to the IPv4 namespace. +.It Fl 6 , Fl \-ipv6 +Force IPv6 DNS name resolution. +This option must not appear in combination with any of the following options: +ipv4. +.sp +Force DNS resolution of following host names on the command line +to the IPv6 namespace. +.It Fl c Ar cmd , Fl \-command Ns = Ns Ar cmd +run a command and exit. +This option may appear an unlimited number of times. +.sp +The following argument is interpreted as an interactive format command +and is added to the list of commands to be executed on the specified +host(s). +.It Fl d , Fl \-debug\-level +Increase debug verbosity level. +This option may appear an unlimited number of times. +.sp +.It Fl D Ar number , Fl \-set\-debug\-level Ns = Ns Ar number +Set the debug verbosity level. +This option may appear an unlimited number of times. +This option takes an integer number as its argument. +.sp +.It Fl i , Fl \-interactive +Force ntpq to operate in interactive mode. +This option must not appear in combination with any of the following options: +command, peers. +.sp +Force \fBntpq\fP to operate in interactive mode. +Prompts will be written to the standard output and +commands read from the standard input. +.It Fl n , Fl \-numeric +numeric host addresses. +.sp +Output all host addresses in dotted\-quad numeric format rather than +converting to the canonical host names. +.It Fl \-old\-rv +Always output status line with readvar. +.sp +By default, \fBntpq\fP now suppresses the \fBassocid=...\fP +line that precedes the output of \fBreadvar\fP +(alias \fBrv\fP) when a single variable is requested, such as +\fBntpq \-c "rv 0 offset"\fP. +This option causes \fBntpq\fP to include both lines of output +for a single\-variable \fBreadvar\fP. +Using an environment variable to +preset this option in a script will enable both older and +newer \fBntpq\fP to behave identically in this regard. +.It Fl p , Fl \-peers +Print a list of the peers. +This option must not appear in combination with any of the following options: +interactive. +.sp +Print a list of the peers known to the server as well as a summary +of their state. This is equivalent to the 'peers' interactive command. +.It Fl w , Fl \-wide +Display the full 'remote' value. +.sp +Display the full value of the 'remote' value. If this requires +more than 15 characters, display the full value, emit a newline, +and continue the data display properly indented on the next line. +.It Fl \&? , Fl \-help +Display usage information and exit. +.It Fl \&! , Fl \-more\-help +Pass the extended usage information through a pager. +.It Fl > Oo Ar cfgfile Oc , Fl \-save\-opts Oo Ns = Ns Ar cfgfile Oc +Save the option state to \fIcfgfile\fP. The default is the \fIlast\fP +configuration file listed in the \fBOPTION PRESETS\fP section, below. +The command will exit after updating the config file. +.It Fl < Ar cfgfile , Fl \-load\-opts Ns = Ns Ar cfgfile , Fl \-no\-load\-opts +Load options from \fIcfgfile\fP. +The \fIno\-load\-opts\fP form will disable the loading +of earlier config/rc/ini files. \fI\-\-no\-load\-opts\fP is handled early, +out of order. +.It Fl \-version Op Brq Ar v|c|n +Output version of program and exit. The default mode is `v', a simple +version. The `c' mode will print copyright information and `n' will +print the full copyright notice. +.El +.Sh "OPTION PRESETS" +Any option that is not marked as \fInot presettable\fP may be preset +by loading values from configuration ("RC" or ".INI") file(s) and values from +environment variables named: +.nf + \fBNTPQ_<option\-name>\fP or \fBNTPQ\fP +.fi +.ad +The environmental presets take precedence (are processed later than) +the configuration files. +The \fIhomerc\fP files are "\fI$HOME\fP", and "\fI.\fP". +If any of these are directories, then the file \fI.ntprc\fP +is searched for within those directories. +.Sh "ENVIRONMENT" +See \fBOPTION PRESETS\fP for configuration environment variables. +.Sh "FILES" +See \fBOPTION PRESETS\fP for configuration files. +.Sh "EXIT STATUS" +One of the following exit values will be returned: +.Bl -tag +.It 0 " (EXIT_SUCCESS)" +Successful program execution. +.It 1 " (EXIT_FAILURE)" +The operation failed or the command syntax was not valid. +.It 66 " (EX_NOINPUT)" +A specified configuration file could not be loaded. +.It 70 " (EX_SOFTWARE)" +libopts had an internal operational error. Please report +it to autogen\-users@lists.sourceforge.net. Thank you. +.El +.Sh "AUTHORS" +The University of Delaware and Network Time Foundation +.Sh "COPYRIGHT" +Copyright (C) 1992\-2015 The University of Delaware and Network Time Foundation all rights reserved. +This program is released under the terms of the NTP license, <http://ntp.org/license>. +.Sh "BUGS" +Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org +.Sh "NOTES" +This manual page was \fIAutoGen\fP\-erated from the \fBntpq\fP +option definitions. diff --git a/usr.sbin/ntp/doc/ntptime.8 b/usr.sbin/ntp/doc/ntptime.8 new file mode 100644 index 0000000..bb3b41a --- /dev/null +++ b/usr.sbin/ntp/doc/ntptime.8 @@ -0,0 +1,67 @@ +.\" +.\" $FreeBSD$ +.\" +.Dd April 27, 2015 +.Dt NTPTIME 8 +.Os +.Sh NAME +.Nm ntptime +.Nd read kernel time variables +.Sh SYNOPSIS +.Nm +.Op Fl chr +.Op Fl e Ar est_error +.Op Fl f Ar frequency +.Op Fl m Ar max_error +.Op Fl o Ar offset +.Op Fl s Ar status +.Op Fl t Ar time_constant +.Sh DESCRIPTION +The +.Nm +utility is useful only with special kernels +described in the +.Qo +A Kernel Model for Precision Timekeeping +.Qc +page +(available as part of the HTML documentation +provided in +.Pa /usr/share/doc/ntp ) . +It reads and displays time-related kernel variables +using the +.Fn gettime +and +.Xr adjtime 2 +system calls if available. +A similar display can be obtained using the +.Xr ntpdc 8 +program's +.Ic kerninfo +command. +.Pp +The following options are available: +.Bl -tag -width indent +.It Fl c +Display the execution time of +.Nm +itself. +.It Fl e Ar est_error +Specify estimated error, in microseconds. +.It Fl f Ar frequency +Specify frequency offset, in parts per million. +.It Fl h +Display help information. +.It Fl m Ar max_error +Specify max possible errors, in microseconds. +.It Fl o Ar offset +Specify clock offset, in microseconds. +.It Fl r +Display Unix and NTP times in raw format. +.It Fl s Ar status +.It Fl t Ar time_constant +Specify time constant, an integer in the range 0-4. +.El +.Sh SEE ALSO +.Xr adjtime 2 , +.Xr ntpdc 8 diff --git a/usr.sbin/ntp/doc/ntptrace.8 b/usr.sbin/ntp/doc/ntptrace.8 new file mode 100644 index 0000000..40cb719 --- /dev/null +++ b/usr.sbin/ntp/doc/ntptrace.8 @@ -0,0 +1,93 @@ +.Dd February 4 2015 +.Dt NTPTRACE 8 User Commands +.Os +.\" EDIT THIS FILE WITH CAUTION (ntptrace-opts.mdoc) +.\" +.\" $FreeBSD$ +.\" +.\" It has been AutoGen-ed February 4, 2015 at 02:37:48 AM by AutoGen 5.18.5pre4 +.\" From the definitions ntptrace-opts.def +.\" and the template file agmdoc-cmd.tpl +.Sh NAME +.Nm ntptrace +.Nd Trace peers of an NTP server +.Sh SYNOPSIS +.Nm +.\" Mixture of short (flag) options and long options +.Op Fl flags +.Op Fl flag Op Ar value +.Op Fl \-option\-name Ns Oo Oo Ns "=| " Oc Ns Ar value Oc +[host] +.Pp +.Sh DESCRIPTION +\fBntptrace\fP is a perl script that uses the ntpq utility program to follow +the chain of NTP servers from a given host back to the primary time source. For +ntptrace to work properly, each of these servers must implement the NTP Control +and Monitoring Protocol specified in RFC 1305 and enable NTP Mode 6 packets. +.sp +If given no arguments, ntptrace starts with localhost. Here is an example of +the output from ntptrace: +.sp +.Bd -literal -offset indent +% ntptrace localhost: stratum 4, offset 0.0019529, synch distance 0.144135 +server2ozo.com: stratum 2, offset 0.0124263, synch distance 0.115784 usndh.edu: +stratum 1, offset 0.0019298, synch distance 0.011993, refid 'WWVB' +.Ed +.sp +On each line, the fields are (left to right): the host name, the host stratum, +the time offset between that host and the local host (as measured by +\fBntptrace\fP; this is why it is not always zero for "localhost"), the host +synchronization distance, and (only for stratum\-1 servers) the reference clock +ID. All times are given in seconds. Note that the stratum is the server hop +count to the primary source, while the synchronization distance is the +estimated error relative to the primary source. These terms are precisely +defined in RFC\-1305. +.Sh "OPTIONS" +.Bl -tag +.It Fl n , Fl \-numeric +Print IP addresses instead of hostnames. +.sp +Output hosts as dotted\-quad numeric format rather than converting to +the canonical host names. +.It Fl m Ar number , Fl \-max\-hosts Ns = Ns Ar number +Maximum number of peers to trace. +This option takes an integer number as its argument. +The default +.Ar number +for this option is: +.ti +4 + 99 +.sp +This option has not been fully documented. +.It Fl r Ar string , Fl \-host Ns = Ns Ar string +Single remote host. +The default +.Ar string +for this option is: +.ti +4 + 127.0.0.1 +.sp +This option has not been fully documented. +.It Fl \&? , Fl \-help +Display usage information and exit. +.It Fl \&! , Fl \-more\-help +Pass the extended usage information through a pager. +.It Fl v Op Brq Ar v|c|n Fl \-version Op Brq Ar v|c|n +Output version of program and exit. The default mode is `v', a simple +version. The `c' mode will print copyright information and `n' will +print the full copyright notice. +.El +.Sh "EXIT STATUS" +One of the following exit values will be returned: +.Bl -tag +.It 0 " (EXIT_SUCCESS)" +Successful program execution. +.It 1 " (EXIT_FAILURE)" +The operation failed or the command syntax was not valid. +.It 70 " (EX_SOFTWARE)" +libopts had an internal operational error. Please report +it to autogen\-users@lists.sourceforge.net. Thank you. +.El +.Sh "NOTES" +This manual page was \fIAutoGen\fP\-erated from the \fBntptrace\fP +option definitions. diff --git a/usr.sbin/ntp/doc/pic/Makefile b/usr.sbin/ntp/doc/pic/Makefile new file mode 100644 index 0000000..11bcab6 --- /dev/null +++ b/usr.sbin/ntp/doc/pic/Makefile @@ -0,0 +1,27 @@ +# $FreeBSD$ + +.include <src.opts.mk> + +FILESDIR= ${SHAREDIR}/doc/ntp/pic + +.if ${MK_HTML} != "no" +FILES= 9400n.jpg alice11.gif alice13.gif alice15.gif alice23.gif \ + alice31.gif alice32.gif alice35.gif alice38.gif alice44.gif \ + alice47.gif alice51.gif alice61.gif barnstable.gif beaver.gif \ + boom3.gif boom3a.gif boom4.gif broad.gif bustardfly.gif c51.jpg \ + description.jpg discipline.gif dogsnake.gif driver29.gif \ + driver43_1.gif driver43_2.jpg fg6021.gif fg6039.jpg fig_3_1.gif \ + flatheads.gif flt1.gif flt2.gif flt3.gif flt4.gif flt5.gif flt6.gif \ + flt7.gif flt8.gif flt9.gif freq1211.gif gadget.jpg gps167.jpg \ + group.gif hornraba.gif igclock.gif neoclock4x.gif offset1211.gif \ + oncore_evalbig.gif oncore_remoteant.jpg oncore_utplusbig.gif oz2.gif \ + panda.gif pd_om006.gif pd_om011.gif peer.gif pogo.gif pogo1a.gif \ + pogo3a.gif pogo4.gif pogo5.gif pogo6.gif pogo7.gif pogo8.gif \ + pzf509.jpg pzf511.jpg rabbit.gif radio2.jpg sheepb.jpg stack1a.jpg \ + stats.gif sx5.gif thunderbolt.jpg time1.gif tonea.gif tribeb.gif \ + wingdorothy.gif +.endif + +.PATH: ${.CURDIR}/../../../../contrib/ntp/html/pic + +.include <bsd.prog.mk> diff --git a/usr.sbin/ntp/doc/pic/Makefile.depend b/usr.sbin/ntp/doc/pic/Makefile.depend new file mode 100644 index 0000000..f80275d --- /dev/null +++ b/usr.sbin/ntp/doc/pic/Makefile.depend @@ -0,0 +1,11 @@ +# $FreeBSD$ +# Autogenerated - do NOT edit! + +DIRDEPS = \ + + +.include <dirdeps.mk> + +.if ${DEP_RELDIR} == ${_DEP_RELDIR} +# local dependencies - needed for -jN in clean tree +.endif diff --git a/usr.sbin/ntp/doc/scripts/Makefile b/usr.sbin/ntp/doc/scripts/Makefile new file mode 100644 index 0000000..13adda7 --- /dev/null +++ b/usr.sbin/ntp/doc/scripts/Makefile @@ -0,0 +1,15 @@ +# $FreeBSD$ + +.include <src.opts.mk> + +FILESDIR= ${SHAREDIR}/doc/ntp/scripts + +.if ${MK_HTML} != "no" +FILES= accopt.txt audio.txt authopt.txt clockopt.txt command.txt config.txt \ + confopt.txt external.txt footer.txt hand.txt install.txt manual.txt \ + misc.txt miscopt.txt monopt.txt refclock.txt special.txt style.css +.endif + +.PATH: ${.CURDIR}/../../../../contrib/ntp/html/scripts + +.include <bsd.prog.mk> diff --git a/usr.sbin/ntp/doc/scripts/Makefile.depend b/usr.sbin/ntp/doc/scripts/Makefile.depend new file mode 100644 index 0000000..f80275d --- /dev/null +++ b/usr.sbin/ntp/doc/scripts/Makefile.depend @@ -0,0 +1,11 @@ +# $FreeBSD$ +# Autogenerated - do NOT edit! + +DIRDEPS = \ + + +.include <dirdeps.mk> + +.if ${DEP_RELDIR} == ${_DEP_RELDIR} +# local dependencies - needed for -jN in clean tree +.endif diff --git a/usr.sbin/ntp/doc/sntp.8 b/usr.sbin/ntp/doc/sntp.8 new file mode 100644 index 0000000..9bcc78d --- /dev/null +++ b/usr.sbin/ntp/doc/sntp.8 @@ -0,0 +1,314 @@ +.Dd October 21 2015 +.Dt SNTP 8 User Commands +.Os +.\" EDIT THIS FILE WITH CAUTION (sntp-opts.mdoc) +.\" +.\" $FreeBSD$ +.\" +.\" It has been AutoGen-ed October 21, 2015 at 12:30:59 PM by AutoGen 5.18.5 +.\" From the definitions sntp-opts.def +.\" and the template file agmdoc-cmd.tpl +.Sh NAME +.Nm sntp +.Nd standard Simple Network Time Protocol client program +.Sh SYNOPSIS +.Nm +.\" Mixture of short (flag) options and long options +.Op Fl flags +.Op Fl flag Op Ar value +.Op Fl \-option\-name Ns Oo Oo Ns "=| " Oc Ns Ar value Oc +[ hostname\-or\-IP ...] +.Pp +.Sh DESCRIPTION +.Nm +can be used as an SNTP client to query a NTP or SNTP server and either display +the time or set the local system's time (given suitable privilege). It can be +run as an interactive command or from a +.Ic cron +job. +NTP (the Network Time Protocol) and SNTP (the Simple Network Time Protocol) +are defined and described by RFC 5905. +.Pp +The default is to write the estimated correct local date and time (i.e. not +UTC) to the standard output in a format like: +.Ic "'1996\-10\-15 20:17:25.123 (+0800) +4.567 +/\- 0.089 [host] IP sN'" +where the +.Ic "'(+0800)'" +means that to get to UTC from the reported local time one must +add 8 hours and 0 minutes, +the +.Ic "'+4.567'" +indicates the local clock is 4.567 seconds behind the correct time +(so 4.567 seconds must be added to the local clock to get it to be correct). +Note that the number of decimals printed for this value will change +based on the reported precision of the server. +.Ic "'+/\- 0.089'" +is the reported +.Em synchronization distance +(in seconds), which represents the maximum error due to all causes. +If the server does not report valid data needed to calculate the +synchronization distance, this will be reported as +.Ic "'+/\- ?'" . +If the +.Em host +is different from the +.Em IP , +both will be displayed. +Otherwise, only the +.Em IP +is displayed. +Finally, the +.Em stratum +of the host is reported +and the leap indicator is decoded and displayed. +.Sh "OPTIONS" +.Bl -tag +.It Fl 4 , Fl \-ipv4 +Force IPv4 DNS name resolution. +This option must not appear in combination with any of the following options: +ipv6. +.sp +Force DNS resolution of the following host names on the command line +to the IPv4 namespace. +.It Fl 6 , Fl \-ipv6 +Force IPv6 DNS name resolution. +This option must not appear in combination with any of the following options: +ipv4. +.sp +Force DNS resolution of the following host names on the command line +to the IPv6 namespace. +.It Fl a Ar auth\-keynumber , Fl \-authentication Ns = Ns Ar auth\-keynumber +Enable authentication with the key \fBauth\-keynumber\fP. +This option takes an integer number as its argument. +.sp +Enable authentication using the key specified in this option's +argument. The argument of this option is the \fBkeyid\fP, a +number specified in the \fBkeyfile\fP as this key's identifier. +See the \fBkeyfile\fP option (\fB\-k\fP) for more details. +.It Fl b Ar broadcast\-address , Fl \-broadcast Ns = Ns Ar broadcast\-address +Listen to the address specified for broadcast time sync. +This option may appear an unlimited number of times. +.sp +If specified \fBsntp\fP will listen to the specified address +for NTP broadcasts. The default maximum wait time +can (and probably should) be modified with \fB\-t\fP. +.It Fl c Ar host\-name , Fl \-concurrent Ns = Ns Ar host\-name +Concurrently query all IPs returned for host\-name. +This option may appear an unlimited number of times. +.sp +Requests from an NTP "client" to a "server" should never be sent +more rapidly than one every 2 seconds. By default, any IPs returned +as part of a DNS lookup are assumed to be for a single instance of +\fBntpd\fP, and therefore \fBsntp\fP will send queries to these IPs +one after another, with a 2\-second gap in between each query. +.sp +The \fB\-c\fP or \fB\-\-concurrent\fP flag says that any IPs +returned for the DNS lookup of the supplied host\-name are on +different machines, so we can send concurrent queries. +.It Fl d , Fl \-debug\-level +Increase debug verbosity level. +This option may appear an unlimited number of times. +.sp +.It Fl D Ar number , Fl \-set\-debug\-level Ns = Ns Ar number +Set the debug verbosity level. +This option may appear an unlimited number of times. +This option takes an integer number as its argument. +.sp +.It Fl g Ar milliseconds , Fl \-gap Ns = Ns Ar milliseconds +The gap (in milliseconds) between time requests. +This option takes an integer number as its argument. +The default +.Ar milliseconds +for this option is: +.ti +4 + 50 +.sp +Since we're only going to use the first valid response we get and +there is benefit to specifying a good number of servers to query, +separate the queries we send out by the specified number of +milliseconds. +.It Fl K Ar file\-name , Fl \-kod Ns = Ns Ar file\-name +KoD history filename. +The default +.Ar file\-name +for this option is: +.ti +4 + /var/db/ntp\-kod +.sp +Specifies the filename to be used for the persistent history of KoD +responses received from servers. If the file does not exist, a +warning message will be displayed. The file will not be created. +.It Fl k Ar file\-name , Fl \-keyfile Ns = Ns Ar file\-name +Look in this file for the key specified with \fB\-a\fP. +.sp +This option specifies the keyfile. +\fBsntp\fP will search for the key specified with \fB\-a\fP +\fIkeyno\fP in this file. See \fBntp.keys(5)\fP for more +information. +.It Fl l Ar file\-name , Fl \-logfile Ns = Ns Ar file\-name +Log to specified logfile. +.sp +This option causes the client to write log messages to the specified +\fIlogfile\fP. +.It Fl M Ar number , Fl \-steplimit Ns = Ns Ar number +Adjustments less than \fBsteplimit\fP msec will be slewed. +This option takes an integer number as its argument. +The value of +.Ar number +is constrained to being: +.in +4 +.nf +.na +greater than or equal to 0 +.fi +.in -4 +.sp +If the time adjustment is less than \fIsteplimit\fP milliseconds, +slew the amount using \fBadjtime(2)\fP. Otherwise, step the +correction using \fBsettimeofday(2)\fP. The default value is 0, +which means all adjustments will be stepped. This is a feature, as +different situations demand different values. +.It Fl o Ar number , Fl \-ntpversion Ns = Ns Ar number +Send \fBint\fP as our NTP protocol version. +This option takes an integer number as its argument. +The value of +.Ar number +is constrained to being: +.in +4 +.nf +.na +in the range 0 through 7 +.fi +.in -4 +The default +.Ar number +for this option is: +.ti +4 + 4 +.sp +When sending requests to a remote server, tell them we are running +NTP protocol version \fIntpversion\fP . +.It Fl r , Fl \-usereservedport +Use the NTP Reserved Port (port 123). +.sp +Use port 123, which is reserved for NTP, for our network +communications. +.It Fl S , Fl \-step +OK to 'step' the time with \fBsettimeofday(2)\fP. +.sp +.It Fl s , Fl \-slew +OK to 'slew' the time with \fBadjtime(2)\fP. +.sp +.It Fl t Ar seconds , Fl \-timeout Ns = Ns Ar seconds +The number of seconds to wait for responses. +This option takes an integer number as its argument. +The default +.Ar seconds +for this option is: +.ti +4 + 5 +.sp +When waiting for a reply, \fBsntp\fP will wait the number +of seconds specified before giving up. The default should be +more than enough for a unicast response. If \fBsntp\fP is +only waiting for a broadcast response a longer timeout is +likely needed. +.It Fl \-wait , " Fl \-no\-wait" +Wait for pending replies (if not setting the time). +The \fIno\-wait\fP form will disable the option. +This option is enabled by default. +.sp +If we are not setting the time, wait for all pending responses. +.It Fl \&? , Fl \-help +Display usage information and exit. +.It Fl \&! , Fl \-more\-help +Pass the extended usage information through a pager. +.It Fl > Oo Ar cfgfile Oc , Fl \-save\-opts Oo Ns = Ns Ar cfgfile Oc +Save the option state to \fIcfgfile\fP. The default is the \fIlast\fP +configuration file listed in the \fBOPTION PRESETS\fP section, below. +The command will exit after updating the config file. +.It Fl < Ar cfgfile , Fl \-load\-opts Ns = Ns Ar cfgfile , Fl \-no\-load\-opts +Load options from \fIcfgfile\fP. +The \fIno\-load\-opts\fP form will disable the loading +of earlier config/rc/ini files. \fI\-\-no\-load\-opts\fP is handled early, +out of order. +.It Fl \-version Op Brq Ar v|c|n +Output version of program and exit. The default mode is `v', a simple +version. The `c' mode will print copyright information and `n' will +print the full copyright notice. +.El +.Sh "OPTION PRESETS" +Any option that is not marked as \fInot presettable\fP may be preset +by loading values from configuration ("RC" or ".INI") file(s) and values from +environment variables named: +.nf + \fBSNTP_<option\-name>\fP or \fBSNTP\fP +.fi +.ad +The environmental presets take precedence (are processed later than) +the configuration files. +The \fIhomerc\fP files are "\fI$HOME\fP", and "\fI.\fP". +If any of these are directories, then the file \fI.ntprc\fP +is searched for within those directories. +.Sh USAGE +.Bl -tag -width indent +.It Li "sntp ntpserver.somewhere" +is the simplest use of this program +and can be run as an unprivileged command +to check the current time and error in the local clock. +.It Li "sntp \-Ss \-M 128 ntpserver.somewhere" +With suitable privilege, +run as a command +or from a +.Xr cron 8 +job, +.Ic "sntp \-Ss \-M 128 ntpserver.somewhere" +will request the time from the server, +and if that server reports that it is synchronized +then if the offset adjustment is less than 128 milliseconds +the correction will be slewed, +and if the correction is more than 128 milliseconds +the correction will be stepped. +.It Li "sntp \-S ntpserver.somewhere" +With suitable privilege, +run as a command +or from a +.Xr cron 8 +job, +.Ic "sntp \-S ntpserver.somewhere" +will set (step) the local clock from a synchronized specified server, +like the (deprecated) +.Xr ntpdate 8 , +or +.Xr rdate 8 +commands. +.El +.Sh "ENVIRONMENT" +See \fBOPTION PRESETS\fP for configuration environment variables. +.Sh "FILES" +See \fBOPTION PRESETS\fP for configuration files. +.Sh "EXIT STATUS" +One of the following exit values will be returned: +.Bl -tag +.It 0 " (EXIT_SUCCESS)" +Successful program execution. +.It 1 " (EXIT_FAILURE)" +The operation failed or the command syntax was not valid. +.It 66 " (EX_NOINPUT)" +A specified configuration file could not be loaded. +.It 70 " (EX_SOFTWARE)" +libopts had an internal operational error. Please report +it to autogen\-users@lists.sourceforge.net. Thank you. +.El +.Sh AUTHORS +.An "Johannes Maximilian Kuehn" +.An "Harlan Stenn" +.An "Dave Hart" +.Sh "COPYRIGHT" +Copyright (C) 1992\-2015 The University of Delaware and Network Time Foundation all rights reserved. +This program is released under the terms of the NTP license, <http://ntp.org/license>. +.Sh "BUGS" +Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org +.Sh "NOTES" +This manual page was \fIAutoGen\fP\-erated from the \fBsntp\fP +option definitions. diff --git a/usr.sbin/ntp/libntp/Makefile b/usr.sbin/ntp/libntp/Makefile new file mode 100644 index 0000000..1e48483 --- /dev/null +++ b/usr.sbin/ntp/libntp/Makefile @@ -0,0 +1,89 @@ +# $FreeBSD$ + +.PATH: ${.CURDIR}/../../../contrib/ntp/libntp \ + ${.CURDIR}/../../../contrib/ntp/lib/isc \ + ${.CURDIR}/../../../contrib/ntp/lib/isc/nls \ + ${.CURDIR}/../../../contrib/ntp/lib/isc/pthreads \ + ${.CURDIR}/../../../contrib/ntp/lib/isc/unix \ + +LIB= ntp +INTERNALLIB= + +NTP_SRCS= systime.c a_md5encrypt.c adjtime.c atoint.c \ + atolfp.c atouint.c audio.c authkeys.c \ + authreadkeys.c authusekey.c bsd_strerror.c buftvtots.c \ + caljulian.c caltontp.c calyearstart.c clocktime.c \ + clocktypes.c decodenetnum.c dofptoa.c dolfptoa.c \ + emalloc.c findconfig.c getopt.c hextoint.c \ + hextolfp.c humandate.c icom.c iosignal.c \ + lib_strbuf.c machines.c mktime.c modetoa.c \ + mstolfp.c msyslog.c netof.c ntp_calendar.c \ + ntp_crypto_rnd.c ntp_intres.c ntp_libopts.c \ + ntp_lineedit.c ntp_random.c ntp_rfc2553.c ntp_worker.c \ + numtoa.c numtohost.c octtoint.c prettydate.c \ + recvbuff.c refidsmear.c \ + refnumtoa.c snprintf.c socket.c \ + socktoa.c socktohost.c ssl_init.c statestr.c \ + strdup.c strl_obsd.c syssignal.c timetoa.c \ + timevalops.c uglydate.c vint64ops.c work_fork.c \ + work_thread.c ymd2yd.c + +ISC_PTHREADS_SRCS= condition.c \ + thread.c \ + mutex.c + +ISC_UNIX_SRCS= dir.c \ + errno2result.c \ + file.c \ + interfaceiter.c \ + net.c \ + stdio.c \ + stdtime.c \ + strerror.c \ + time.c + +ISC_NLS_SRCS= msgcat.c + +ISC_SRCS= assertions.c \ + buffer.c \ + backtrace-emptytbl.c \ + backtrace.c \ + error.c \ + event.c \ + inet_ntop.c \ + inet_pton.c \ + lib.c \ + log.c \ + md5.c \ + netaddr.c \ + netscope.c \ + ondestroy.c \ + random.c \ + result.c \ + task.c \ + sha1.c \ + sockaddr.c \ + ${ISC_NLS_SRCS} \ + ${ISC_PTHREADS_SRCS} \ + ${ISC_UNIX_SRCS} + +SRCS= ${NTP_SRCS} ${ISC_SRCS} version.c + +CFLAGS+= -I${.CURDIR}/../../../contrib/ntp/include \ + -I${.CURDIR}/../../../contrib/ntp/lib/isc/include \ + -I${.CURDIR}/../../../contrib/ntp/lib/isc/unix/include \ + -I${.CURDIR}/../../../contrib/ntp/lib/isc/pthreads/include \ + -I${.CURDIR}/../../../contrib/ntp/sntp/libopts \ + -I${.CURDIR}/../../../lib/libc/${MACHINE_ARCH} \ + -I${.CURDIR}/../../../lib/libedit/edit \ + -I${.CURDIR}/../ \ + -I${.CURDIR}/ + +CFLAGS+= -DHAVE_BSD_NICE -DHAVE_STDINT_H + +CLEANFILES+= .version version.c + +version.c: + sh -e ${.CURDIR}/../scripts/mkver ntpd + +.include <bsd.lib.mk> diff --git a/usr.sbin/ntp/libntp/Makefile.depend b/usr.sbin/ntp/libntp/Makefile.depend new file mode 100644 index 0000000..aa72b94 --- /dev/null +++ b/usr.sbin/ntp/libntp/Makefile.depend @@ -0,0 +1,19 @@ +# $FreeBSD$ +# Autogenerated - do NOT edit! + +DIRDEPS = \ + include \ + include/arpa \ + include/xlocale \ + lib/libedit/edit/readline \ + lib/msun \ + secure/lib/libcrypto \ + + +.include <dirdeps.mk> + +.if ${DEP_RELDIR} == ${_DEP_RELDIR} +# local dependencies - needed for -jN in clean tree +version.o: version.c +version.po: version.c +.endif diff --git a/usr.sbin/ntp/libntpevent/Makefile b/usr.sbin/ntp/libntpevent/Makefile new file mode 100644 index 0000000..b912ed8 --- /dev/null +++ b/usr.sbin/ntp/libntpevent/Makefile @@ -0,0 +1,34 @@ +# $FreeBSD$ + +.PATH: ${.CURDIR}/../../../contrib/ntp/sntp/libevent + +LIB= ntpevent +INTERNALLIB= + +SRCS= buffer.c bufferevent.c bufferevent_filter.c bufferevent_openssl.c \ + bufferevent_pair.c epoll.c evdns.c event.c event_tagging.c \ + evmap.c evport.c evrpc.c evthread.c evthread_pthread.c evutil.c \ + evutil_rand.c evutil_time.c http.c kqueue.c listener.c log.c poll.c \ + select.c signal.c strlcpy.c + +.if ${MACHINE_ARCH} == "i386" +NTP_ATOMIC=x86_32 +.elif ${MACHINE_ARCH} == "amd64" +NTP_ATOMIC=x86_64 +.elif ${MACHINE_ARCH} == "ia64" +NTP_ATOMIC=ia64 +.elif ${MACHINE_ARCH} == "powerpc64" +NTP_ATOMIC=powerpc +.elif ${MACHINE_ARCH} == "sparc64" +NTP_ATOMIC=sparc64 +.else +NTP_ATOMIC=noatomic +.endif + +CFLAGS+= -I${.CURDIR}/../../../contrib/ntp/include \ + -I${.CURDIR}/../../../contrib/ntp/sntp/libevent/include \ + -I${.CURDIR}/ + +CFLAGS+= -DHAVE_BSD_NICE -DHAVE_STDINT_H + +.include <bsd.lib.mk> diff --git a/usr.sbin/ntp/libntpevent/Makefile.depend b/usr.sbin/ntp/libntpevent/Makefile.depend new file mode 100644 index 0000000..39fece6 --- /dev/null +++ b/usr.sbin/ntp/libntpevent/Makefile.depend @@ -0,0 +1,16 @@ +# $FreeBSD$ +# Autogenerated - do NOT edit! + +DIRDEPS = \ + include \ + include/arpa \ + include/xlocale \ + secure/lib/libcrypto \ + secure/lib/libssl \ + + +.include <dirdeps.mk> + +.if ${DEP_RELDIR} == ${_DEP_RELDIR} +# local dependencies - needed for -jN in clean tree +.endif diff --git a/usr.sbin/ntp/libntpevent/event2/event-config.h b/usr.sbin/ntp/libntpevent/event2/event-config.h new file mode 100644 index 0000000..920b7ba --- /dev/null +++ b/usr.sbin/ntp/libntpevent/event2/event-config.h @@ -0,0 +1,648 @@ +/* event2/event-config.h +* $FreeBSD$ +* +* This file was generated by autoconf when libevent was built, and post- +* processed by Libevent so that its macros would have a uniform prefix. +* +* DO NOT EDIT THIS FILE. +* +* Do not rely on macros in this file existing in later versions. +*/ + +#ifndef EVENT2_EVENT_CONFIG_H_INCLUDED_ +#define EVENT2_EVENT_CONFIG_H_INCLUDED_ +/* config.h. Generated from config.h.in by configure. */ +/* config.h.in. Generated from configure.ac by autoheader. */ + +/* Define if libevent should build without support for a debug mode */ +/* #undef EVENT__DISABLE_DEBUG_MODE */ + +/* Define if libevent should not allow replacing the mm functions */ +/* #undef EVENT__DISABLE_MM_REPLACEMENT */ + +/* Define if libevent should not be compiled with thread support */ +/* #undef EVENT__DISABLE_THREAD_SUPPORT */ + +/* Define to 1 if you have the `accept4' function. */ +#define EVENT__HAVE_ACCEPT4 1 + +/* Define to 1 if you have the `arc4random' function. */ +#define EVENT__HAVE_ARC4RANDOM 1 + +/* Define to 1 if you have the `arc4random_buf' function. */ +#define EVENT__HAVE_ARC4RANDOM_BUF 1 + +/* Define to 1 if you have the <arpa/inet.h> header file. */ +#define EVENT__HAVE_ARPA_INET_H 1 + +/* Define to 1 if you have the `clock_gettime' function. */ +#define EVENT__HAVE_CLOCK_GETTIME 1 + +/* Define to 1 if you have the <cthreads.h> header file. */ +/* #undef EVENT__HAVE_CTHREADS_H */ + +/* Define to 1 if you have the declaration of `CTL_KERN', and to 0 if you + don't. */ +#define EVENT__HAVE_DECL_CTL_KERN 1 + +/* Define to 1 if you have the declaration of `KERN_ARND', and to 0 if you + don't. */ +#define EVENT__HAVE_DECL_KERN_ARND 1 + +/* Define to 1 if you have the declaration of `KERN_RANDOM', and to 0 if you + don't. */ +#define EVENT__HAVE_DECL_KERN_RANDOM 0 + +/* Define to 1 if you have the declaration of `RANDOM_UUID', and to 0 if you + don't. */ +#define EVENT__HAVE_DECL_RANDOM_UUID 0 + +/* Define if /dev/poll is available */ +/* #undef EVENT__HAVE_DEVPOLL */ + +/* Define to 1 if you have the <dlfcn.h> header file. */ +#define EVENT__HAVE_DLFCN_H 1 + +/* Define if your system supports the epoll system calls */ +/* #undef EVENT__HAVE_EPOLL */ + +/* Define to 1 if you have the `epoll_create1' function. */ +/* #undef EVENT__HAVE_EPOLL_CREATE1 */ + +/* Define to 1 if you have the `epoll_ctl' function. */ +/* #undef EVENT__HAVE_EPOLL_CTL */ + +/* Define to 1 if you have the `eventfd' function. */ +/* #undef EVENT__HAVE_EVENTFD */ + +/* Define if your system supports event ports */ +/* #undef EVENT__HAVE_EVENT_PORTS */ + +/* Define to 1 if you have the `fcntl' function. */ +#define EVENT__HAVE_FCNTL 1 + +/* Define to 1 if you have the <fcntl.h> header file. */ +#define EVENT__HAVE_FCNTL_H 1 + +/* Define to 1 if the system has the type `fd_mask'. */ +#define EVENT__HAVE_FD_MASK 1 + +/* Do we have getaddrinfo()? */ +#define EVENT__HAVE_GETADDRINFO 1 + +/* Define to 1 if you have the `getegid' function. */ +#define EVENT__HAVE_GETEGID 1 + +/* Define to 1 if you have the `geteuid' function. */ +#define EVENT__HAVE_GETEUID 1 + +/* Define this if you have any gethostbyname_r() */ +/* #undef EVENT__HAVE_GETHOSTBYNAME_R */ + +/* Define this if gethostbyname_r takes 3 arguments */ +/* #undef EVENT__HAVE_GETHOSTBYNAME_R_3_ARG */ + +/* Define this if gethostbyname_r takes 5 arguments */ +/* #undef EVENT__HAVE_GETHOSTBYNAME_R_5_ARG */ + +/* Define this if gethostbyname_r takes 6 arguments */ +/* #undef EVENT__HAVE_GETHOSTBYNAME_R_6_ARG */ + +/* Define to 1 if you have the `getifaddrs' function. */ +#define EVENT__HAVE_GETIFADDRS 1 + +/* Define to 1 if you have the `getnameinfo' function. */ +#define EVENT__HAVE_GETNAMEINFO 1 + +/* Define to 1 if you have the `getprotobynumber' function. */ +#define EVENT__HAVE_GETPROTOBYNUMBER 1 + +/* Define to 1 if you have the `getservbyname' function. */ +/* #undef EVENT__HAVE_GETSERVBYNAME */ + +/* Define to 1 if you have the `gettimeofday' function. */ +#define EVENT__HAVE_GETTIMEOFDAY 1 + +/* if you have GNU Pth */ +/* #undef EVENT__HAVE_GNU_PTH */ + +/* Define to 1 if you have the <ifaddrs.h> header file. */ +#define EVENT__HAVE_IFADDRS_H 1 + +/* Define to 1 if you have the `inet_ntop' function. */ +#define EVENT__HAVE_INET_NTOP 1 + +/* Define to 1 if you have the `inet_pton' function. */ +#define EVENT__HAVE_INET_PTON 1 + +/* Define to 1 if you have the <inttypes.h> header file. */ +#define EVENT__HAVE_INTTYPES_H 1 + +/* Define to 1 if you have the `issetugid' function. */ +#define EVENT__HAVE_ISSETUGID 1 + +/* Define to 1 if you have the `kqueue' function. */ +#define EVENT__HAVE_KQUEUE 1 + +/* Define if the system has zlib */ +#define EVENT__HAVE_LIBZ 1 + +/* if you have LinuxThreads */ +/* #undef EVENT__HAVE_LINUX_THREADS */ + +/* if you have SunOS LWP package */ +/* #undef EVENT__HAVE_LWP */ + +/* Define to 1 if you have the <lwp/lwp.h> header file. */ +/* #undef EVENT__HAVE_LWP_LWP_H */ + +/* Define to 1 if you have the `mach_absolute_time' function. */ +/* #undef EVENT__HAVE_MACH_ABSOLUTE_TIME */ + +/* define if you have Mach Cthreads */ +/* #undef EVENT__HAVE_MACH_CTHREADS */ + +/* Define to 1 if you have the <mach/cthreads.h> header file. */ +/* #undef EVENT__HAVE_MACH_CTHREADS_H */ + +/* Define to 1 if you have the <mach/mach_time.h> header file. */ +/* #undef EVENT__HAVE_MACH_MACH_TIME_H */ + +/* Define to 1 if you have the <memory.h> header file. */ +#define EVENT__HAVE_MEMORY_H 1 + +/* Define to 1 if you have the `mmap' function. */ +#define EVENT__HAVE_MMAP 1 + +/* Define to 1 if you have the `nanosleep' function. */ +#define EVENT__HAVE_NANOSLEEP 1 + +/* Define to 1 if you have the <netdb.h> header file. */ +#define EVENT__HAVE_NETDB_H 1 + +/* Define to 1 if you have the <netinet/in6.h> header file. */ +/* #undef EVENT__HAVE_NETINET_IN6_H */ + +/* Define to 1 if you have the <netinet/in.h> header file. */ +#define EVENT__HAVE_NETINET_IN_H 1 + +/* Define to 1 if you have the <netinet/tcp.h> header file. */ +#define EVENT__HAVE_NETINET_TCP_H 1 + +/* if you have NT Event Log */ +/* #undef EVENT__HAVE_NT_EVENT_LOG */ + +/* if you have NT Service Manager */ +/* #undef EVENT__HAVE_NT_SERVICE_MANAGER */ + +/* if you have NT Threads */ +/* #undef EVENT__HAVE_NT_THREADS */ + +/* Define if the system has openssl */ +/* #undef EVENT__HAVE_OPENSSL */ + +/* Define to 1 if you have the `pipe' function. */ +#define EVENT__HAVE_PIPE 1 + +/* Define to 1 if you have the `pipe2' function. */ +#define EVENT__HAVE_PIPE2 1 + +/* Define to 1 if you have the `poll' function. */ +#define EVENT__HAVE_POLL 1 + +/* Define to 1 if you have the <poll.h> header file. */ +#define EVENT__HAVE_POLL_H 1 + +/* Define to 1 if you have the `port_create' function. */ +/* #undef EVENT__HAVE_PORT_CREATE */ + +/* Define to 1 if you have the <port.h> header file. */ +/* #undef EVENT__HAVE_PORT_H */ + +/* Define if you have POSIX threads libraries and header files. */ +/* #undef EVENT__HAVE_PTHREAD */ + +/* define to pthreads API spec revision */ +#define EVENT__HAVE_PTHREADS 10 + +/* define if you have pthread_detach function */ +#define EVENT__HAVE_PTHREAD_DETACH 1 + +/* Define to 1 if you have the `pthread_getconcurrency' function. */ +#define EVENT__HAVE_PTHREAD_GETCONCURRENCY 1 + +/* Define to 1 if you have the <pthread.h> header file. */ +#define EVENT__HAVE_PTHREAD_H 1 + +/* Define to 1 if you have the `pthread_kill' function. */ +#define EVENT__HAVE_PTHREAD_KILL 1 + +/* Define to 1 if you have the `pthread_kill_other_threads_np' function. */ +/* #undef EVENT__HAVE_PTHREAD_KILL_OTHER_THREADS_NP */ + +/* define if you have pthread_rwlock_destroy function */ +#define EVENT__HAVE_PTHREAD_RWLOCK_DESTROY 1 + +/* Define to 1 if you have the `pthread_setconcurrency' function. */ +#define EVENT__HAVE_PTHREAD_SETCONCURRENCY 1 + +/* Define to 1 if you have the `pthread_yield' function. */ +#define EVENT__HAVE_PTHREAD_YIELD 1 + +/* Define to 1 if you have the <pth.h> header file. */ +/* #undef EVENT__HAVE_PTH_H */ + +/* Define to 1 if you have the `putenv' function. */ +#define EVENT__HAVE_PUTENV 1 + +/* Define to 1 if the system has the type `sa_family_t'. */ +#define EVENT__HAVE_SA_FAMILY_T 1 + +/* Define to 1 if you have the <sched.h> header file. */ +#define EVENT__HAVE_SCHED_H 1 + +/* Define to 1 if you have the `sched_yield' function. */ +#define EVENT__HAVE_SCHED_YIELD 1 + +/* Define to 1 if you have the `select' function. */ +#define EVENT__HAVE_SELECT 1 + +/* Define to 1 if you have the `sendfile' function. */ +#define EVENT__HAVE_SENDFILE 1 + +/* Define to 1 if you have the `setenv' function. */ +#define EVENT__HAVE_SETENV 1 + +/* Define if F_SETFD is defined in <fcntl.h> */ +#define EVENT__HAVE_SETFD 1 + +/* Define to 1 if you have the `setrlimit' function. */ +#define EVENT__HAVE_SETRLIMIT 1 + +/* Define to 1 if you have the `sigaction' function. */ +#define EVENT__HAVE_SIGACTION 1 + +/* Define to 1 if you have the `signal' function. */ +#define EVENT__HAVE_SIGNAL 1 + +/* Define to 1 if you have the `splice' function. */ +/* #undef EVENT__HAVE_SPLICE */ + +/* Define to 1 if you have the <stdarg.h> header file. */ +#define EVENT__HAVE_STDARG_H 1 + +/* Define to 1 if you have the <stddef.h> header file. */ +#define EVENT__HAVE_STDDEF_H 1 + +/* Define to 1 if you have the <stdint.h> header file. */ +#define EVENT__HAVE_STDINT_H 1 + +/* Define to 1 if you have the <stdlib.h> header file. */ +#define EVENT__HAVE_STDLIB_H 1 + +/* Define to 1 if you have the <strings.h> header file. */ +#define EVENT__HAVE_STRINGS_H 1 + +/* Define to 1 if you have the <string.h> header file. */ +#define EVENT__HAVE_STRING_H 1 + +/* Define to 1 if you have the `strlcpy' function. */ +#define EVENT__HAVE_STRLCPY 1 + +/* Define to 1 if you have the `strsep' function. */ +#define EVENT__HAVE_STRSEP 1 + +/* Define to 1 if you have the `strtok_r' function. */ +#define EVENT__HAVE_STRTOK_R 1 + +/* Define to 1 if you have the `strtoll' function. */ +#define EVENT__HAVE_STRTOLL 1 + +/* Define to 1 if the system has the type `struct addrinfo'. */ +#define EVENT__HAVE_STRUCT_ADDRINFO 1 + +/* Define to 1 if the system has the type `struct in6_addr'. */ +#define EVENT__HAVE_STRUCT_IN6_ADDR 1 + +/* Define to 1 if `s6_addr16' is a member of `struct in6_addr'. */ +/* #undef EVENT__HAVE_STRUCT_IN6_ADDR_S6_ADDR16 */ + +/* Define to 1 if `s6_addr32' is a member of `struct in6_addr'. */ +/* #undef EVENT__HAVE_STRUCT_IN6_ADDR_S6_ADDR32 */ + +/* Define to 1 if the system has the type `struct sockaddr_in6'. */ +#define EVENT__HAVE_STRUCT_SOCKADDR_IN6 1 + +/* Define to 1 if `sin6_len' is a member of `struct sockaddr_in6'. */ +#define EVENT__HAVE_STRUCT_SOCKADDR_IN6_SIN6_LEN 1 + +/* Define to 1 if `sin_len' is a member of `struct sockaddr_in'. */ +#define EVENT__HAVE_STRUCT_SOCKADDR_IN_SIN_LEN 1 + +/* Define to 1 if the system has the type `struct sockaddr_storage'. */ +#define EVENT__HAVE_STRUCT_SOCKADDR_STORAGE 1 + +/* Define to 1 if `ss_family' is a member of `struct sockaddr_storage'. */ +#define EVENT__HAVE_STRUCT_SOCKADDR_STORAGE_SS_FAMILY 1 + +/* Define to 1 if `__ss_family' is a member of `struct sockaddr_storage'. */ +/* #undef EVENT__HAVE_STRUCT_SOCKADDR_STORAGE___SS_FAMILY */ + +/* Define to 1 if the system has the type `struct so_linger'. */ +/* #undef EVENT__HAVE_STRUCT_SO_LINGER */ + +/* Define to 1 if you have the <synch.h> header file. */ +/* #undef EVENT__HAVE_SYNCH_H */ + +/* Define to 1 if you have the `sysctl' function. */ +#define EVENT__HAVE_SYSCTL 1 + +/* Define to 1 if you have the <sys/devpoll.h> header file. */ +/* #undef EVENT__HAVE_SYS_DEVPOLL_H */ + +/* Define to 1 if you have the <sys/epoll.h> header file. */ +/* #undef EVENT__HAVE_SYS_EPOLL_H */ + +/* Define to 1 if you have the <sys/eventfd.h> header file. */ +/* #undef EVENT__HAVE_SYS_EVENTFD_H */ + +/* Define to 1 if you have the <sys/event.h> header file. */ +#define EVENT__HAVE_SYS_EVENT_H 1 + +/* Define to 1 if you have the <sys/ioctl.h> header file. */ +#define EVENT__HAVE_SYS_IOCTL_H 1 + +/* Define to 1 if you have the <sys/mman.h> header file. */ +#define EVENT__HAVE_SYS_MMAN_H 1 + +/* Define to 1 if you have the <sys/param.h> header file. */ +#define EVENT__HAVE_SYS_PARAM_H 1 + +/* Define to 1 if you have the <sys/queue.h> header file. */ +#define EVENT__HAVE_SYS_QUEUE_H 1 + +/* Define to 1 if you have the <sys/resource.h> header file. */ +#define EVENT__HAVE_SYS_RESOURCE_H 1 + +/* Define to 1 if you have the <sys/select.h> header file. */ +#define EVENT__HAVE_SYS_SELECT_H 1 + +/* Define to 1 if you have the <sys/sendfile.h> header file. */ +/* #undef EVENT__HAVE_SYS_SENDFILE_H */ + +/* Define to 1 if you have the <sys/socket.h> header file. */ +#define EVENT__HAVE_SYS_SOCKET_H 1 + +/* Define to 1 if you have the <sys/stat.h> header file. */ +#define EVENT__HAVE_SYS_STAT_H 1 + +/* Define to 1 if you have the <sys/sysctl.h> header file. */ +#define EVENT__HAVE_SYS_SYSCTL_H 1 + +/* Define to 1 if you have the <sys/timerfd.h> header file. */ +/* #undef EVENT__HAVE_SYS_TIMERFD_H */ + +/* Define to 1 if you have the <sys/time.h> header file. */ +#define EVENT__HAVE_SYS_TIME_H 1 + +/* Define to 1 if you have the <sys/types.h> header file. */ +#define EVENT__HAVE_SYS_TYPES_H 1 + +/* Define to 1 if you have the <sys/uio.h> header file. */ +#define EVENT__HAVE_SYS_UIO_H 1 + +/* Define to 1 if you have the <sys/wait.h> header file. */ +#define EVENT__HAVE_SYS_WAIT_H 1 + +/* Define if TAILQ_FOREACH is defined in <sys/queue.h> */ +#define EVENT__HAVE_TAILQFOREACH 1 + +/* if you have Solaris LWP (thr) package */ +/* #undef EVENT__HAVE_THR */ + +/* Define to 1 if you have the <thread.h> header file. */ +/* #undef EVENT__HAVE_THREAD_H */ + +/* Define to 1 if you have the `thr_getconcurrency' function. */ +/* #undef EVENT__HAVE_THR_GETCONCURRENCY */ + +/* Define to 1 if you have the `thr_setconcurrency' function. */ +/* #undef EVENT__HAVE_THR_SETCONCURRENCY */ + +/* Define to 1 if you have the `thr_yield' function. */ +/* #undef EVENT__HAVE_THR_YIELD */ + +/* Define if timeradd is defined in <sys/time.h> */ +#define EVENT__HAVE_TIMERADD 1 + +/* Define if timerclear is defined in <sys/time.h> */ +#define EVENT__HAVE_TIMERCLEAR 1 + +/* Define if timercmp is defined in <sys/time.h> */ +#define EVENT__HAVE_TIMERCMP 1 + +/* Define to 1 if you have the `timerfd_create' function. */ +/* #undef EVENT__HAVE_TIMERFD_CREATE */ + +/* Define if timerisset is defined in <sys/time.h> */ +#define EVENT__HAVE_TIMERISSET 1 + +/* Define to 1 if the system has the type `uint16_t'. */ +#define EVENT__HAVE_UINT16_T 1 + +/* Define to 1 if the system has the type `uint32_t'. */ +#define EVENT__HAVE_UINT32_T 1 + +/* Define to 1 if the system has the type `uint64_t'. */ +#define EVENT__HAVE_UINT64_T 1 + +/* Define to 1 if the system has the type `uint8_t'. */ +#define EVENT__HAVE_UINT8_T 1 + +/* Define to 1 if the system has the type `uintptr_t'. */ +#define EVENT__HAVE_UINTPTR_T 1 + +/* Define to 1 if you have the `umask' function. */ +#define EVENT__HAVE_UMASK 1 + +/* Define to 1 if you have the <unistd.h> header file. */ +#define EVENT__HAVE_UNISTD_H 1 + +/* Define to 1 if you have the `unsetenv' function. */ +#define EVENT__HAVE_UNSETENV 1 + +/* Define to 1 if you have the `usleep' function. */ +#define EVENT__HAVE_USLEEP 1 + +/* Define to 1 if you have the `vasprintf' function. */ +#define EVENT__HAVE_VASPRINTF 1 + +/* Define if kqueue works correctly with pipes */ +#define EVENT__HAVE_WORKING_KQUEUE 1 + +/* define if select implicitly yields */ +#define EVENT__HAVE_YIELDING_SELECT 1 + +/* Define to 1 if you have the <zlib.h> header file. */ +#define EVENT__HAVE_ZLIB_H 1 + +/* define to 1 if library is thread safe */ +#define EVENT__LDAP_API_FEATURE_X_OPENLDAP_THREAD_SAFE 1 + +/* Define to the sub-directory in which libtool stores uninstalled libraries. + */ +#define EVENT__LT_OBJDIR ".libs/" + +/* Define to 1 if your C compiler doesn't accept -c and -o together. */ +/* #undef EVENT__NO_MINUS_C_MINUS_O */ + +/* define if you have (or want) no threads */ +/* #undef EVENT__NO_THREADS */ + +/* Numeric representation of the version */ +#define EVENT__NUMERIC_VERSION 0x02010301 + +/* Name of package */ +#define EVENT__PACKAGE "libevent" + +/* Define to the address where bug reports for this package should be sent. */ +#define EVENT__PACKAGE_BUGREPORT "" + +/* Define to the full name of this package. */ +#define EVENT__PACKAGE_NAME "libevent" + +/* Define to the full name and version of this package. */ +#define EVENT__PACKAGE_STRING "libevent 2.1.3-alpha-dev" + +/* Define to the one symbol short name of this package. */ +#define EVENT__PACKAGE_TARNAME "libevent" + +/* Define to the home page for this package. */ +#define EVENT__PACKAGE_URL "" + +/* Define to the version of this package. */ +#define EVENT__PACKAGE_VERSION "2.1.3-alpha-dev" + +/* enable thread safety */ +#define EVENT__REENTRANT 1 + +/* define if sched_yield yields the entire process */ +/* #undef EVENT__REPLACE_BROKEN_YIELD */ + +/* The size of `int', as computed by sizeof. */ +#define EVENT__SIZEOF_INT 4 + +/* The size of `long', as computed by sizeof. */ +#define EVENT__SIZEOF_LONG 8 + +/* The size of `long long', as computed by sizeof. */ +#define EVENT__SIZEOF_LONG_LONG 8 + +/* The size of `off_t', as computed by sizeof. */ +#define EVENT__SIZEOF_OFF_T 8 + +/* The size of `pthread_t', as computed by sizeof. */ +#define EVENT__SIZEOF_PTHREAD_T 8 + +/* The size of `short', as computed by sizeof. */ +#define EVENT__SIZEOF_SHORT 2 + +/* The size of `size_t', as computed by sizeof. */ +#define EVENT__SIZEOF_SIZE_T 8 + +/* The size of `void *', as computed by sizeof. */ +#define EVENT__SIZEOF_VOID_P 8 + +/* Define to 1 if you have the ANSI C header files. */ +#define EVENT__STDC_HEADERS 1 + +/* enable thread safety */ +#define EVENT__THREADSAFE 1 + +/* enable thread safety */ +#define EVENT__THREAD_SAFE 1 + +/* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */ +#define EVENT__TIME_WITH_SYS_TIME 1 + +/* Version number of package */ +#define EVENT__VERSION "2.1.3-alpha-dev" + +/* Number of bits in a file offset, on hosts where this is settable. */ +/* #undef EVENT___FILE_OFFSET_BITS */ + +/* Define for large files, on AIX-style hosts. */ +/* #undef EVENT___LARGE_FILES */ + +/* Define to 1 if on MINIX. */ +/* #undef EVENT___MINIX */ + +/* Define to 2 if the system does not provide POSIX.1 features except with + this defined. */ +/* #undef EVENT___POSIX_1_SOURCE */ + +/* Define to 1 if you need to in order for `stat' and other things to work. */ +/* #undef EVENT___POSIX_SOURCE */ + +/* enable thread safety */ +#define EVENT___REENTRANT 1 + +/* enable thread safety */ +#define EVENT___SGI_MP_SOURCE 1 + +/* enable thread safety */ +#define EVENT___THREADSAFE 1 + +/* enable thread safety */ +#define EVENT___THREAD_SAFE 1 + +/* Define to 500 only on HP-UX. */ +/* #undef EVENT___XOPEN_SOURCE */ + +/* Enable extensions on AIX 3, Interix. */ +#ifndef EVENT___ALL_SOURCE +# define EVENT___ALL_SOURCE 1 +#endif +/* Enable GNU extensions on systems that have them. */ +#ifndef EVENT___GNU_SOURCE +# define EVENT___GNU_SOURCE 1 +#endif +/* Enable threading extensions on Solaris. */ +#ifndef EVENT___POSIX_PTHREAD_SEMANTICS +# define EVENT___POSIX_PTHREAD_SEMANTICS 1 +#endif +/* Enable extensions on HP NonStop. */ +#ifndef EVENT___TANDEM_SOURCE +# define EVENT___TANDEM_SOURCE 1 +#endif +/* Enable general extensions on Solaris. */ +#ifndef EVENT____EXTENSIONS__ +# define EVENT____EXTENSIONS__ 1 +#endif + + +/* Define to appropriate substitue if compiler doesnt have __func__ */ +/* #undef EVENT____func__ */ + +/* Define to empty if `const' does not conform to ANSI C. */ +/* #undef EVENT__const */ + +/* Define to `__inline__' or `__inline' if that's what the C compiler + calls it, or to nothing if 'inline' is not supported under any name. */ +#ifndef EVENT____cplusplus +/* #undef EVENT__inline */ +#endif + +/* Define to `int' if <sys/types.h> does not define. */ +/* #undef EVENT__pid_t */ + +/* Define to `unsigned int' if <sys/types.h> does not define. */ +/* #undef EVENT__size_t */ + +/* Define to unsigned int if you dont have it */ +/* #undef EVENT__socklen_t */ + +/* Define to `int' if <sys/types.h> does not define. */ +/* #undef EVENT__ssize_t */ + +#endif /* event2/event-config.h */ diff --git a/usr.sbin/ntp/libopts/Makefile b/usr.sbin/ntp/libopts/Makefile new file mode 100644 index 0000000..3c7eef7 --- /dev/null +++ b/usr.sbin/ntp/libopts/Makefile @@ -0,0 +1,14 @@ +# $FreeBSD$ + +.PATH: ${.CURDIR}/../../../contrib/ntp/sntp/libopts + +LIB= opts +INTERNALLIB= + +SRCS= libopts.c + +CFLAGS+= -I${.CURDIR}/../../../contrib/ntp/include \ + -I${.CURDIR}/../../../contrib/ntp/sntp/libopts \ + -I${.CURDIR}/../ + +.include <bsd.lib.mk> diff --git a/usr.sbin/ntp/libopts/Makefile.depend b/usr.sbin/ntp/libopts/Makefile.depend new file mode 100644 index 0000000..18be76b --- /dev/null +++ b/usr.sbin/ntp/libopts/Makefile.depend @@ -0,0 +1,13 @@ +# $FreeBSD$ +# Autogenerated - do NOT edit! + +DIRDEPS = \ + include \ + include/xlocale \ + + +.include <dirdeps.mk> + +.if ${DEP_RELDIR} == ${_DEP_RELDIR} +# local dependencies - needed for -jN in clean tree +.endif diff --git a/usr.sbin/ntp/libparse/Makefile b/usr.sbin/ntp/libparse/Makefile new file mode 100644 index 0000000..e99e471 --- /dev/null +++ b/usr.sbin/ntp/libparse/Makefile @@ -0,0 +1,19 @@ +# $FreeBSD$ + +.PATH: ${.CURDIR}/../../../contrib/ntp/libparse + +LIB= parse +INTERNALLIB= + +SRCS= binio.c clk_computime.c clk_dcf7000.c clk_hopf6021.c \ + clk_meinberg.c clk_rawdcf.c clk_rcc8000.c clk_schmid.c \ + clk_sel240x.c clk_trimtaip.c clk_trimtsip.c clk_varitext.c \ + clk_wharton.c data_mbg.c gpstolfp.c ieee754io.c \ + info_trimble.c mfp_mul.c parse.c parse_conf.c \ + trim_info.c + +CFLAGS+= -I${.CURDIR}/../../../contrib/ntp/include \ + -I${.CURDIR}/../../../contrib/ntp/lib/isc/unix/include \ + -I${.CURDIR}/../../../contrib/ntp/lib/isc/include -I${.CURDIR}/../ + +.include <bsd.lib.mk> diff --git a/usr.sbin/ntp/libparse/Makefile.depend b/usr.sbin/ntp/libparse/Makefile.depend new file mode 100644 index 0000000..4bf31bd --- /dev/null +++ b/usr.sbin/ntp/libparse/Makefile.depend @@ -0,0 +1,16 @@ +# $FreeBSD$ +# Autogenerated - do NOT edit! + +DIRDEPS = \ + include \ + include/arpa \ + include/xlocale \ + lib/msun \ + secure/lib/libcrypto \ + + +.include <dirdeps.mk> + +.if ${DEP_RELDIR} == ${_DEP_RELDIR} +# local dependencies - needed for -jN in clean tree +.endif diff --git a/usr.sbin/ntp/ntp-keygen/Makefile b/usr.sbin/ntp/ntp-keygen/Makefile new file mode 100644 index 0000000..d3f10f3 --- /dev/null +++ b/usr.sbin/ntp/ntp-keygen/Makefile @@ -0,0 +1,29 @@ +# $FreeBSD$ + +MAN= + +.include <src.opts.mk> + +.PATH: ${.CURDIR}/../../../contrib/ntp/util \ + ${.CURDIR}/../../../contrib/ntp/ntpd + +PROG= ntp-keygen +SRCS= ntp-keygen.c ntp-keygen-opts.c + +CFLAGS+= -I${.CURDIR}/../../../contrib/ntp/include \ + -I${.CURDIR}/../../../contrib/ntp/include \ + -I${.CURDIR}/../../../contrib/ntp/lib/isc/include \ + -I${.CURDIR}/../../../contrib/ntp/lib/isc/unix/include \ + -I${.CURDIR}/../../../contrib/ntp/lib/isc/pthreads/include \ + -I${.CURDIR}/../../../contrib/ntp/lib/isc/${NTP_ATOMIC}/include \ + -I${.CURDIR}/../../../contrib/ntp/sntp/libopts \ + -I${.CURDIR}/../../../lib/libc/${MACHINE_ARCH} \ + -I${.CURDIR}/../ + +LIBADD+= ntp opts pthread + +.if ${MK_OPENSSL} != "no" +LIBADD+= crypto +.endif + +.include <bsd.prog.mk> diff --git a/usr.sbin/ntp/ntp-keygen/Makefile.depend b/usr.sbin/ntp/ntp-keygen/Makefile.depend new file mode 100644 index 0000000..88a55c0 --- /dev/null +++ b/usr.sbin/ntp/ntp-keygen/Makefile.depend @@ -0,0 +1,24 @@ +# $FreeBSD$ +# Autogenerated - do NOT edit! + +DIRDEPS = \ + gnu/lib/csu \ + gnu/lib/libgcc \ + include \ + include/arpa \ + include/xlocale \ + lib/${CSU_DIR} \ + lib/libc \ + lib/libcompiler_rt \ + lib/libthr \ + lib/msun \ + secure/lib/libcrypto \ + usr.sbin/ntp/libntp \ + usr.sbin/ntp/libopts \ + + +.include <dirdeps.mk> + +.if ${DEP_RELDIR} == ${_DEP_RELDIR} +# local dependencies - needed for -jN in clean tree +.endif diff --git a/usr.sbin/ntp/ntpd/Makefile b/usr.sbin/ntp/ntpd/Makefile new file mode 100644 index 0000000..905ff3c --- /dev/null +++ b/usr.sbin/ntp/ntpd/Makefile @@ -0,0 +1,52 @@ +# $FreeBSD$ + +MAN= + +.include <src.opts.mk> + +.PATH: ${.CURDIR}/../../../contrib/ntp/ntpd \ + ${.OBJDIR} + +PROG= ntpd + +SRCS= cmd_args.c ntp_config.c ntp_control.c ntp_crypto.c ntp_filegen.c \ + ntp_io.c ntp_leapsec.c ntp_loopfilter.c ntp_monitor.c ntp_parser.c \ + ntp_peer.c ntp_proto.c ntp_refclock.c ntp_request.c ntp_restrict.c \ + ntp_scanner.c ntp_signd.c ntp_timer.c ntp_util.c ntpd-opts.c ntpd.c \ + rc_cmdlength.c \ + refclock_acts.c refclock_arbiter.c refclock_arc.c refclock_as2201.c \ + refclock_atom.c refclock_bancomm.c refclock_chronolog.c \ + refclock_chu.c refclock_conf.c refclock_datum.c refclock_dumbclock.c \ + refclock_fg.c refclock_gpsdjson.c refclock_gpsvme.c refclock_heath.c \ + refclock_hopfpci.c refclock_hopfser.c refclock_hpgps.c \ + refclock_irig.c refclock_jjy.c refclock_jupiter.c refclock_leitch.c \ + refclock_local.c refclock_nmea.c refclock_neoclock4x.c \ + refclock_oncore.c refclock_palisade.c \ + refclock_parse.c refclock_pcf.c refclock_pst.c refclock_ripencc.c \ + refclock_shm.c refclock_tpro.c refclock_true.c refclock_tsyncpci.c \ + refclock_tt560.c refclock_ulink.c refclock_wwv.c refclock_wwvb.c \ + refclock_zyfer.c version.c + +CFLAGS+= -I${.CURDIR}/../../../contrib/ntp/ntpd \ + -I${.CURDIR}/../../../contrib/ntp/include \ + -I${.CURDIR}/../../../contrib/ntp/lib/isc/include \ + -I${.CURDIR}/../../../contrib/ntp/lib/isc/pthreads/include \ + -I${.CURDIR}/../../../contrib/ntp/lib/isc/unix/include \ + -I${.CURDIR}/../../../contrib/ntp/sntp/libopts \ + -I${.CURDIR}/../ \ + -I${.CURDIR} + +LIBADD= parse ntp m opts pthread + +.if ${MK_OPENSSL} != "no" +LIBADD+= crypto +.else +LIBADD+= md +.endif + +CLEANFILES+= .version version.c + +version.c: + sh -e ${.CURDIR}/../scripts/mkver ntpd + +.include <bsd.prog.mk> diff --git a/usr.sbin/ntp/ntpd/Makefile.depend b/usr.sbin/ntp/ntpd/Makefile.depend new file mode 100644 index 0000000..0fc69e4 --- /dev/null +++ b/usr.sbin/ntp/ntpd/Makefile.depend @@ -0,0 +1,27 @@ +# $FreeBSD$ +# Autogenerated - do NOT edit! + +DIRDEPS = \ + gnu/lib/csu \ + gnu/lib/libgcc \ + include \ + include/arpa \ + include/xlocale \ + lib/${CSU_DIR} \ + lib/libc \ + lib/libcompiler_rt \ + lib/libthr \ + lib/msun \ + secure/lib/libcrypto \ + usr.sbin/ntp/libntp \ + usr.sbin/ntp/libopts \ + usr.sbin/ntp/libparse \ + + +.include <dirdeps.mk> + +.if ${DEP_RELDIR} == ${_DEP_RELDIR} +# local dependencies - needed for -jN in clean tree +version.o: version.c +version.po: version.c +.endif diff --git a/usr.sbin/ntp/ntpdate/Makefile b/usr.sbin/ntp/ntpdate/Makefile new file mode 100644 index 0000000..10352e8 --- /dev/null +++ b/usr.sbin/ntp/ntpdate/Makefile @@ -0,0 +1,30 @@ +# $FreeBSD$ + +.include <src.opts.mk> + +.PATH: ${.CURDIR}/../../../contrib/ntp/ntpdate + +PROG= ntpdate +MAN= +SRCS= ntpdate.c version.c + +CFLAGS+= -I${.CURDIR}/../../../contrib/ntp/include \ + -I${.CURDIR}/../../../contrib/ntp/lib/isc/include/ \ + -I${.CURDIR}/../../../contrib/ntp/lib/isc/unix/include/ \ + -I${.CURDIR}/../../../contrib/ntp/lib/isc/pthreads/include \ + -I${.CURDIR}/../ + +LIBADD= ntp m pthread + +.if ${MK_OPENSSL} != "no" +LIBADD+= crypto +.else +LIBADD+= md +.endif + +CLEANFILES+= .version version.c + +version.c: + sh -e ${.CURDIR}/../scripts/mkver ntpdate + +.include <bsd.prog.mk> diff --git a/usr.sbin/ntp/ntpdate/Makefile.depend b/usr.sbin/ntp/ntpdate/Makefile.depend new file mode 100644 index 0000000..31c07ab --- /dev/null +++ b/usr.sbin/ntp/ntpdate/Makefile.depend @@ -0,0 +1,25 @@ +# $FreeBSD$ +# Autogenerated - do NOT edit! + +DIRDEPS = \ + gnu/lib/csu \ + gnu/lib/libgcc \ + include \ + include/arpa \ + include/xlocale \ + lib/${CSU_DIR} \ + lib/libc \ + lib/libcompiler_rt \ + lib/libthr \ + lib/msun \ + secure/lib/libcrypto \ + usr.sbin/ntp/libntp \ + + +.include <dirdeps.mk> + +.if ${DEP_RELDIR} == ${_DEP_RELDIR} +# local dependencies - needed for -jN in clean tree +version.o: version.c +version.po: version.c +.endif diff --git a/usr.sbin/ntp/ntpdc/Makefile b/usr.sbin/ntp/ntpdc/Makefile new file mode 100644 index 0000000..d420eb5 --- /dev/null +++ b/usr.sbin/ntp/ntpdc/Makefile @@ -0,0 +1,36 @@ +# $FreeBSD$ + +MAN= + +.include <src.opts.mk> +.include <bsd.own.mk> + +.PATH: ${.CURDIR}/../../../contrib/ntp/ntpdc + +PROG= ntpdc +SRCS= ntpdc.c ntpdc_ops.c ntpdc-opts.c version.c + +CFLAGS+= -I${.CURDIR}/../../../contrib/ntp/include \ + -I${.CURDIR}/../../../contrib/ntp/lib/isc/include \ + -I${.CURDIR}/../../../contrib/ntp/lib/isc/unix/include \ + -I${.CURDIR}/../../../contrib/ntp/lib/isc/pthreads/include \ + -I${.CURDIR}/../../../contrib/ntp/sntp/libopts \ + -I${.CURDIR}/../../../lib/libc/${MACHINE_ARCH} \ + -I${.CURDIR}/../ -I${.CURDIR} + +LIBADD= edit ntp m opts pthread +CFLAGS+= -DHAVE_LIBEDIT -DHAVE_READLINE_READLINE_H \ + -I${DESTDIR}/${INCLUDEDIR}/edit + +.if ${MK_OPENSSL} != "no" +LIBADD+= crypto +.else +LIBADD+= md +.endif + +CLEANFILES+= .version version.c + +version.c: + sh -e ${.CURDIR}/../scripts/mkver ntpdc + +.include <bsd.prog.mk> diff --git a/usr.sbin/ntp/ntpdc/Makefile.depend b/usr.sbin/ntp/ntpdc/Makefile.depend new file mode 100644 index 0000000..7531e73 --- /dev/null +++ b/usr.sbin/ntp/ntpdc/Makefile.depend @@ -0,0 +1,28 @@ +# $FreeBSD$ +# Autogenerated - do NOT edit! + +DIRDEPS = \ + gnu/lib/csu \ + gnu/lib/libgcc \ + include \ + include/arpa \ + include/xlocale \ + lib/${CSU_DIR} \ + lib/libc \ + lib/libcompiler_rt \ + lib/libedit \ + lib/libthr \ + lib/msun \ + lib/ncurses/ncursesw \ + secure/lib/libcrypto \ + usr.sbin/ntp/libntp \ + usr.sbin/ntp/libopts \ + + +.include <dirdeps.mk> + +.if ${DEP_RELDIR} == ${_DEP_RELDIR} +# local dependencies - needed for -jN in clean tree +version.o: version.c +version.po: version.c +.endif diff --git a/usr.sbin/ntp/ntpdc/nl.c b/usr.sbin/ntp/ntpdc/nl.c new file mode 100644 index 0000000..045d000 --- /dev/null +++ b/usr.sbin/ntp/ntpdc/nl.c @@ -0,0 +1,895 @@ +/* $FreeBSD$ */ + printf("sizeof(union req_data_u_tag) = %d\n", + (int) sizeof(union req_data_u_tag)); + printf("offsetof(u32) = %d\n", + (int) offsetof(union req_data_u_tag, u32)); + printf("offsetof(data) = %d\n", + (int) offsetof(union req_data_u_tag, data)); + printf("\n"); + + printf("sizeof(struct req_pkt) = %d\n", + (int) sizeof(struct req_pkt)); + printf("offsetof(rm_vn_mode) = %d\n", + (int) offsetof(struct req_pkt, rm_vn_mode)); + printf("offsetof(auth_seq) = %d\n", + (int) offsetof(struct req_pkt, auth_seq)); + printf("offsetof(implementation) = %d\n", + (int) offsetof(struct req_pkt, implementation)); + printf("offsetof(request) = %d\n", + (int) offsetof(struct req_pkt, request)); + printf("offsetof(err_nitems) = %d\n", + (int) offsetof(struct req_pkt, err_nitems)); + printf("offsetof(mbz_itemsize) = %d\n", + (int) offsetof(struct req_pkt, mbz_itemsize)); + printf("offsetof(u) = %d\n", + (int) offsetof(struct req_pkt, u)); + printf("offsetof(tstamp) = %d\n", + (int) offsetof(struct req_pkt, tstamp)); + printf("offsetof(keyid) = %d\n", + (int) offsetof(struct req_pkt, keyid)); + printf("offsetof(mac) = %d\n", + (int) offsetof(struct req_pkt, mac)); + printf("\n"); + + printf("sizeof(struct req_pkt_tail) = %d\n", + (int) sizeof(struct req_pkt_tail)); + printf("offsetof(tstamp) = %d\n", + (int) offsetof(struct req_pkt_tail, tstamp)); + printf("offsetof(keyid) = %d\n", + (int) offsetof(struct req_pkt_tail, keyid)); + printf("offsetof(mac) = %d\n", + (int) offsetof(struct req_pkt_tail, mac)); + printf("\n"); + + printf("sizeof(union resp_pkt_u_tag) = %d\n", + (int) sizeof(union resp_pkt_u_tag)); + printf("offsetof(data) = %d\n", + (int) offsetof(union resp_pkt_u_tag, data)); + printf("offsetof(u32) = %d\n", + (int) offsetof(union resp_pkt_u_tag, u32)); + printf("\n"); + + printf("sizeof(struct resp_pkt) = %d\n", + (int) sizeof(struct resp_pkt)); + printf("offsetof(rm_vn_mode) = %d\n", + (int) offsetof(struct resp_pkt, rm_vn_mode)); + printf("offsetof(auth_seq) = %d\n", + (int) offsetof(struct resp_pkt, auth_seq)); + printf("offsetof(implementation) = %d\n", + (int) offsetof(struct resp_pkt, implementation)); + printf("offsetof(request) = %d\n", + (int) offsetof(struct resp_pkt, request)); + printf("offsetof(err_nitems) = %d\n", + (int) offsetof(struct resp_pkt, err_nitems)); + printf("offsetof(mbz_itemsize) = %d\n", + (int) offsetof(struct resp_pkt, mbz_itemsize)); + printf("offsetof(u) = %d\n", + (int) offsetof(struct resp_pkt, u)); + printf("\n"); + + printf("sizeof(struct info_peer_list) = %d\n", + (int) sizeof(struct info_peer_list)); + printf("offsetof(addr) = %d\n", + (int) offsetof(struct info_peer_list, addr)); + printf("offsetof(port) = %d\n", + (int) offsetof(struct info_peer_list, port)); + printf("offsetof(hmode) = %d\n", + (int) offsetof(struct info_peer_list, hmode)); + printf("offsetof(flags) = %d\n", + (int) offsetof(struct info_peer_list, flags)); + printf("offsetof(v6_flag) = %d\n", + (int) offsetof(struct info_peer_list, v6_flag)); + printf("offsetof(unused1) = %d\n", + (int) offsetof(struct info_peer_list, unused1)); + printf("offsetof(addr6) = %d\n", + (int) offsetof(struct info_peer_list, addr6)); + printf("\n"); + + printf("sizeof(struct info_peer_summary) = %d\n", + (int) sizeof(struct info_peer_summary)); + printf("offsetof(dstadr) = %d\n", + (int) offsetof(struct info_peer_summary, dstadr)); + printf("offsetof(srcadr) = %d\n", + (int) offsetof(struct info_peer_summary, srcadr)); + printf("offsetof(srcport) = %d\n", + (int) offsetof(struct info_peer_summary, srcport)); + printf("offsetof(stratum) = %d\n", + (int) offsetof(struct info_peer_summary, stratum)); + printf("offsetof(hpoll) = %d\n", + (int) offsetof(struct info_peer_summary, hpoll)); + printf("offsetof(ppoll) = %d\n", + (int) offsetof(struct info_peer_summary, ppoll)); + printf("offsetof(reach) = %d\n", + (int) offsetof(struct info_peer_summary, reach)); + printf("offsetof(flags) = %d\n", + (int) offsetof(struct info_peer_summary, flags)); + printf("offsetof(hmode) = %d\n", + (int) offsetof(struct info_peer_summary, hmode)); + printf("offsetof(delay) = %d\n", + (int) offsetof(struct info_peer_summary, delay)); + printf("offsetof(offset) = %d\n", + (int) offsetof(struct info_peer_summary, offset)); + printf("offsetof(dispersion) = %d\n", + (int) offsetof(struct info_peer_summary, dispersion)); + printf("offsetof(v6_flag) = %d\n", + (int) offsetof(struct info_peer_summary, v6_flag)); + printf("offsetof(unused1) = %d\n", + (int) offsetof(struct info_peer_summary, unused1)); + printf("offsetof(dstadr6) = %d\n", + (int) offsetof(struct info_peer_summary, dstadr6)); + printf("offsetof(srcadr6) = %d\n", + (int) offsetof(struct info_peer_summary, srcadr6)); + printf("\n"); + + printf("sizeof(struct info_peer) = %d\n", + (int) sizeof(struct info_peer)); + printf("offsetof(dstadr) = %d\n", + (int) offsetof(struct info_peer, dstadr)); + printf("offsetof(srcadr) = %d\n", + (int) offsetof(struct info_peer, srcadr)); + printf("offsetof(srcport) = %d\n", + (int) offsetof(struct info_peer, srcport)); + printf("offsetof(flags) = %d\n", + (int) offsetof(struct info_peer, flags)); + printf("offsetof(leap) = %d\n", + (int) offsetof(struct info_peer, leap)); + printf("offsetof(hmode) = %d\n", + (int) offsetof(struct info_peer, hmode)); + printf("offsetof(pmode) = %d\n", + (int) offsetof(struct info_peer, pmode)); + printf("offsetof(stratum) = %d\n", + (int) offsetof(struct info_peer, stratum)); + printf("offsetof(ppoll) = %d\n", + (int) offsetof(struct info_peer, ppoll)); + printf("offsetof(hpoll) = %d\n", + (int) offsetof(struct info_peer, hpoll)); + printf("offsetof(precision) = %d\n", + (int) offsetof(struct info_peer, precision)); + printf("offsetof(version) = %d\n", + (int) offsetof(struct info_peer, version)); + printf("offsetof(unused8) = %d\n", + (int) offsetof(struct info_peer, unused8)); + printf("offsetof(reach) = %d\n", + (int) offsetof(struct info_peer, reach)); + printf("offsetof(unreach) = %d\n", + (int) offsetof(struct info_peer, unreach)); + printf("offsetof(flash) = %d\n", + (int) offsetof(struct info_peer, flash)); + printf("offsetof(ttl) = %d\n", + (int) offsetof(struct info_peer, ttl)); + printf("offsetof(flash2) = %d\n", + (int) offsetof(struct info_peer, flash2)); + printf("offsetof(associd) = %d\n", + (int) offsetof(struct info_peer, associd)); + printf("offsetof(keyid) = %d\n", + (int) offsetof(struct info_peer, keyid)); + printf("offsetof(pkeyid) = %d\n", + (int) offsetof(struct info_peer, pkeyid)); + printf("offsetof(refid) = %d\n", + (int) offsetof(struct info_peer, refid)); + printf("offsetof(timer) = %d\n", + (int) offsetof(struct info_peer, timer)); + printf("offsetof(rootdelay) = %d\n", + (int) offsetof(struct info_peer, rootdelay)); + printf("offsetof(rootdispersion) = %d\n", + (int) offsetof(struct info_peer, rootdispersion)); + printf("offsetof(reftime) = %d\n", + (int) offsetof(struct info_peer, reftime)); + printf("offsetof(org) = %d\n", + (int) offsetof(struct info_peer, org)); + printf("offsetof(rec) = %d\n", + (int) offsetof(struct info_peer, rec)); + printf("offsetof(xmt) = %d\n", + (int) offsetof(struct info_peer, xmt)); + printf("offsetof(filtdelay) = %d\n", + (int) offsetof(struct info_peer, filtdelay)); + printf("offsetof(filtoffset) = %d\n", + (int) offsetof(struct info_peer, filtoffset)); + printf("offsetof(order) = %d\n", + (int) offsetof(struct info_peer, order)); + printf("offsetof(delay) = %d\n", + (int) offsetof(struct info_peer, delay)); + printf("offsetof(dispersion) = %d\n", + (int) offsetof(struct info_peer, dispersion)); + printf("offsetof(offset) = %d\n", + (int) offsetof(struct info_peer, offset)); + printf("offsetof(selectdisp) = %d\n", + (int) offsetof(struct info_peer, selectdisp)); + printf("offsetof(unused1) = %d\n", + (int) offsetof(struct info_peer, unused1)); + printf("offsetof(unused2) = %d\n", + (int) offsetof(struct info_peer, unused2)); + printf("offsetof(unused3) = %d\n", + (int) offsetof(struct info_peer, unused3)); + printf("offsetof(unused4) = %d\n", + (int) offsetof(struct info_peer, unused4)); + printf("offsetof(unused5) = %d\n", + (int) offsetof(struct info_peer, unused5)); + printf("offsetof(unused6) = %d\n", + (int) offsetof(struct info_peer, unused6)); + printf("offsetof(unused7) = %d\n", + (int) offsetof(struct info_peer, unused7)); + printf("offsetof(estbdelay) = %d\n", + (int) offsetof(struct info_peer, estbdelay)); + printf("offsetof(v6_flag) = %d\n", + (int) offsetof(struct info_peer, v6_flag)); + printf("offsetof(unused9) = %d\n", + (int) offsetof(struct info_peer, unused9)); + printf("offsetof(dstadr6) = %d\n", + (int) offsetof(struct info_peer, dstadr6)); + printf("offsetof(srcadr6) = %d\n", + (int) offsetof(struct info_peer, srcadr6)); + printf("\n"); + + printf("sizeof(struct info_peer_stats) = %d\n", + (int) sizeof(struct info_peer_stats)); + printf("offsetof(dstadr) = %d\n", + (int) offsetof(struct info_peer_stats, dstadr)); + printf("offsetof(srcadr) = %d\n", + (int) offsetof(struct info_peer_stats, srcadr)); + printf("offsetof(srcport) = %d\n", + (int) offsetof(struct info_peer_stats, srcport)); + printf("offsetof(flags) = %d\n", + (int) offsetof(struct info_peer_stats, flags)); + printf("offsetof(timereset) = %d\n", + (int) offsetof(struct info_peer_stats, timereset)); + printf("offsetof(timereceived) = %d\n", + (int) offsetof(struct info_peer_stats, timereceived)); + printf("offsetof(timetosend) = %d\n", + (int) offsetof(struct info_peer_stats, timetosend)); + printf("offsetof(timereachable) = %d\n", + (int) offsetof(struct info_peer_stats, timereachable)); + printf("offsetof(sent) = %d\n", + (int) offsetof(struct info_peer_stats, sent)); + printf("offsetof(unused1) = %d\n", + (int) offsetof(struct info_peer_stats, unused1)); + printf("offsetof(processed) = %d\n", + (int) offsetof(struct info_peer_stats, processed)); + printf("offsetof(unused2) = %d\n", + (int) offsetof(struct info_peer_stats, unused2)); + printf("offsetof(badauth) = %d\n", + (int) offsetof(struct info_peer_stats, badauth)); + printf("offsetof(bogusorg) = %d\n", + (int) offsetof(struct info_peer_stats, bogusorg)); + printf("offsetof(oldpkt) = %d\n", + (int) offsetof(struct info_peer_stats, oldpkt)); + printf("offsetof(unused3) = %d\n", + (int) offsetof(struct info_peer_stats, unused3)); + printf("offsetof(unused4) = %d\n", + (int) offsetof(struct info_peer_stats, unused4)); + printf("offsetof(seldisp) = %d\n", + (int) offsetof(struct info_peer_stats, seldisp)); + printf("offsetof(selbroken) = %d\n", + (int) offsetof(struct info_peer_stats, selbroken)); + printf("offsetof(unused5) = %d\n", + (int) offsetof(struct info_peer_stats, unused5)); + printf("offsetof(candidate) = %d\n", + (int) offsetof(struct info_peer_stats, candidate)); + printf("offsetof(unused6) = %d\n", + (int) offsetof(struct info_peer_stats, unused6)); + printf("offsetof(unused7) = %d\n", + (int) offsetof(struct info_peer_stats, unused7)); + printf("offsetof(unused8) = %d\n", + (int) offsetof(struct info_peer_stats, unused8)); + printf("offsetof(v6_flag) = %d\n", + (int) offsetof(struct info_peer_stats, v6_flag)); + printf("offsetof(unused9) = %d\n", + (int) offsetof(struct info_peer_stats, unused9)); + printf("offsetof(dstadr6) = %d\n", + (int) offsetof(struct info_peer_stats, dstadr6)); + printf("offsetof(srcadr6) = %d\n", + (int) offsetof(struct info_peer_stats, srcadr6)); + printf("\n"); + + printf("sizeof(struct info_loop) = %d\n", + (int) sizeof(struct info_loop)); + printf("offsetof(last_offset) = %d\n", + (int) offsetof(struct info_loop, last_offset)); + printf("offsetof(drift_comp) = %d\n", + (int) offsetof(struct info_loop, drift_comp)); + printf("offsetof(compliance) = %d\n", + (int) offsetof(struct info_loop, compliance)); + printf("offsetof(watchdog_timer) = %d\n", + (int) offsetof(struct info_loop, watchdog_timer)); + printf("\n"); + + printf("sizeof(struct info_sys) = %d\n", + (int) sizeof(struct info_sys)); + printf("offsetof(peer) = %d\n", + (int) offsetof(struct info_sys, peer)); + printf("offsetof(peer_mode) = %d\n", + (int) offsetof(struct info_sys, peer_mode)); + printf("offsetof(leap) = %d\n", + (int) offsetof(struct info_sys, leap)); + printf("offsetof(stratum) = %d\n", + (int) offsetof(struct info_sys, stratum)); + printf("offsetof(precision) = %d\n", + (int) offsetof(struct info_sys, precision)); + printf("offsetof(rootdelay) = %d\n", + (int) offsetof(struct info_sys, rootdelay)); + printf("offsetof(rootdispersion) = %d\n", + (int) offsetof(struct info_sys, rootdispersion)); + printf("offsetof(refid) = %d\n", + (int) offsetof(struct info_sys, refid)); + printf("offsetof(reftime) = %d\n", + (int) offsetof(struct info_sys, reftime)); + printf("offsetof(poll) = %d\n", + (int) offsetof(struct info_sys, poll)); + printf("offsetof(flags) = %d\n", + (int) offsetof(struct info_sys, flags)); + printf("offsetof(unused1) = %d\n", + (int) offsetof(struct info_sys, unused1)); + printf("offsetof(unused2) = %d\n", + (int) offsetof(struct info_sys, unused2)); + printf("offsetof(unused3) = %d\n", + (int) offsetof(struct info_sys, unused3)); + printf("offsetof(bdelay) = %d\n", + (int) offsetof(struct info_sys, bdelay)); + printf("offsetof(frequency) = %d\n", + (int) offsetof(struct info_sys, frequency)); + printf("offsetof(authdelay) = %d\n", + (int) offsetof(struct info_sys, authdelay)); + printf("offsetof(stability) = %d\n", + (int) offsetof(struct info_sys, stability)); + printf("offsetof(v6_flag) = %d\n", + (int) offsetof(struct info_sys, v6_flag)); + printf("offsetof(unused4) = %d\n", + (int) offsetof(struct info_sys, unused4)); + printf("offsetof(peer6) = %d\n", + (int) offsetof(struct info_sys, peer6)); + printf("\n"); + + printf("sizeof(struct info_sys_stats) = %d\n", + (int) sizeof(struct info_sys_stats)); + printf("offsetof(timeup) = %d\n", + (int) offsetof(struct info_sys_stats, timeup)); + printf("offsetof(timereset) = %d\n", + (int) offsetof(struct info_sys_stats, timereset)); + printf("offsetof(denied) = %d\n", + (int) offsetof(struct info_sys_stats, denied)); + printf("offsetof(oldversionpkt) = %d\n", + (int) offsetof(struct info_sys_stats, oldversionpkt)); + printf("offsetof(newversionpkt) = %d\n", + (int) offsetof(struct info_sys_stats, newversionpkt)); + printf("offsetof(unknownversion) = %d\n", + (int) offsetof(struct info_sys_stats, unknownversion)); + printf("offsetof(badlength) = %d\n", + (int) offsetof(struct info_sys_stats, badlength)); + printf("offsetof(processed) = %d\n", + (int) offsetof(struct info_sys_stats, processed)); + printf("offsetof(badauth) = %d\n", + (int) offsetof(struct info_sys_stats, badauth)); + printf("offsetof(received) = %d\n", + (int) offsetof(struct info_sys_stats, received)); + printf("offsetof(limitrejected) = %d\n", + (int) offsetof(struct info_sys_stats, limitrejected)); + printf("\n"); + + printf("sizeof(struct old_info_sys_stats) = %d\n", + (int) sizeof(struct old_info_sys_stats)); + printf("offsetof(timeup) = %d\n", + (int) offsetof(struct old_info_sys_stats, timeup)); + printf("offsetof(timereset) = %d\n", + (int) offsetof(struct old_info_sys_stats, timereset)); + printf("offsetof(denied) = %d\n", + (int) offsetof(struct old_info_sys_stats, denied)); + printf("offsetof(oldversionpkt) = %d\n", + (int) offsetof(struct old_info_sys_stats, oldversionpkt)); + printf("offsetof(newversionpkt) = %d\n", + (int) offsetof(struct old_info_sys_stats, newversionpkt)); + printf("offsetof(unknownversion) = %d\n", + (int) offsetof(struct old_info_sys_stats, unknownversion)); + printf("offsetof(badlength) = %d\n", + (int) offsetof(struct old_info_sys_stats, badlength)); + printf("offsetof(processed) = %d\n", + (int) offsetof(struct old_info_sys_stats, processed)); + printf("offsetof(badauth) = %d\n", + (int) offsetof(struct old_info_sys_stats, badauth)); + printf("offsetof(wanderhold) = %d\n", + (int) offsetof(struct old_info_sys_stats, wanderhold)); + printf("\n"); + + printf("sizeof(struct info_mem_stats) = %d\n", + (int) sizeof(struct info_mem_stats)); + printf("offsetof(timereset) = %d\n", + (int) offsetof(struct info_mem_stats, timereset)); + printf("offsetof(totalpeermem) = %d\n", + (int) offsetof(struct info_mem_stats, totalpeermem)); + printf("offsetof(freepeermem) = %d\n", + (int) offsetof(struct info_mem_stats, freepeermem)); + printf("offsetof(findpeer_calls) = %d\n", + (int) offsetof(struct info_mem_stats, findpeer_calls)); + printf("offsetof(allocations) = %d\n", + (int) offsetof(struct info_mem_stats, allocations)); + printf("offsetof(demobilizations) = %d\n", + (int) offsetof(struct info_mem_stats, demobilizations)); + printf("offsetof(hashcount) = %d\n", + (int) offsetof(struct info_mem_stats, hashcount)); + printf("\n"); + + printf("sizeof(struct info_io_stats) = %d\n", + (int) sizeof(struct info_io_stats)); + printf("offsetof(timereset) = %d\n", + (int) offsetof(struct info_io_stats, timereset)); + printf("offsetof(totalrecvbufs) = %d\n", + (int) offsetof(struct info_io_stats, totalrecvbufs)); + printf("offsetof(freerecvbufs) = %d\n", + (int) offsetof(struct info_io_stats, freerecvbufs)); + printf("offsetof(fullrecvbufs) = %d\n", + (int) offsetof(struct info_io_stats, fullrecvbufs)); + printf("offsetof(lowwater) = %d\n", + (int) offsetof(struct info_io_stats, lowwater)); + printf("offsetof(dropped) = %d\n", + (int) offsetof(struct info_io_stats, dropped)); + printf("offsetof(ignored) = %d\n", + (int) offsetof(struct info_io_stats, ignored)); + printf("offsetof(received) = %d\n", + (int) offsetof(struct info_io_stats, received)); + printf("offsetof(sent) = %d\n", + (int) offsetof(struct info_io_stats, sent)); + printf("offsetof(notsent) = %d\n", + (int) offsetof(struct info_io_stats, notsent)); + printf("offsetof(interrupts) = %d\n", + (int) offsetof(struct info_io_stats, interrupts)); + printf("offsetof(int_received) = %d\n", + (int) offsetof(struct info_io_stats, int_received)); + printf("\n"); + + printf("sizeof(struct info_timer_stats) = %d\n", + (int) sizeof(struct info_timer_stats)); + printf("offsetof(timereset) = %d\n", + (int) offsetof(struct info_timer_stats, timereset)); + printf("offsetof(alarms) = %d\n", + (int) offsetof(struct info_timer_stats, alarms)); + printf("offsetof(overflows) = %d\n", + (int) offsetof(struct info_timer_stats, overflows)); + printf("offsetof(xmtcalls) = %d\n", + (int) offsetof(struct info_timer_stats, xmtcalls)); + printf("\n"); + + printf("sizeof(struct old_conf_peer) = %d\n", + (int) sizeof(struct old_conf_peer)); + printf("offsetof(peeraddr) = %d\n", + (int) offsetof(struct old_conf_peer, peeraddr)); + printf("offsetof(hmode) = %d\n", + (int) offsetof(struct old_conf_peer, hmode)); + printf("offsetof(version) = %d\n", + (int) offsetof(struct old_conf_peer, version)); + printf("offsetof(minpoll) = %d\n", + (int) offsetof(struct old_conf_peer, minpoll)); + printf("offsetof(maxpoll) = %d\n", + (int) offsetof(struct old_conf_peer, maxpoll)); + printf("offsetof(flags) = %d\n", + (int) offsetof(struct old_conf_peer, flags)); + printf("offsetof(ttl) = %d\n", + (int) offsetof(struct old_conf_peer, ttl)); + printf("offsetof(unused) = %d\n", + (int) offsetof(struct old_conf_peer, unused)); + printf("offsetof(keyid) = %d\n", + (int) offsetof(struct old_conf_peer, keyid)); + printf("\n"); + + printf("sizeof(struct conf_peer) = %d\n", + (int) sizeof(struct conf_peer)); + printf("offsetof(peeraddr) = %d\n", + (int) offsetof(struct conf_peer, peeraddr)); + printf("offsetof(hmode) = %d\n", + (int) offsetof(struct conf_peer, hmode)); + printf("offsetof(version) = %d\n", + (int) offsetof(struct conf_peer, version)); + printf("offsetof(minpoll) = %d\n", + (int) offsetof(struct conf_peer, minpoll)); + printf("offsetof(maxpoll) = %d\n", + (int) offsetof(struct conf_peer, maxpoll)); + printf("offsetof(flags) = %d\n", + (int) offsetof(struct conf_peer, flags)); + printf("offsetof(ttl) = %d\n", + (int) offsetof(struct conf_peer, ttl)); + printf("offsetof(unused1) = %d\n", + (int) offsetof(struct conf_peer, unused1)); + printf("offsetof(keyid) = %d\n", + (int) offsetof(struct conf_peer, keyid)); + printf("offsetof(keystr) = %d\n", + (int) offsetof(struct conf_peer, keystr)); + printf("offsetof(v6_flag) = %d\n", + (int) offsetof(struct conf_peer, v6_flag)); + printf("offsetof(unused2) = %d\n", + (int) offsetof(struct conf_peer, unused2)); + printf("offsetof(peeraddr6) = %d\n", + (int) offsetof(struct conf_peer, peeraddr6)); + printf("\n"); + + printf("sizeof(struct conf_unpeer) = %d\n", + (int) sizeof(struct conf_unpeer)); + printf("offsetof(peeraddr) = %d\n", + (int) offsetof(struct conf_unpeer, peeraddr)); + printf("offsetof(v6_flag) = %d\n", + (int) offsetof(struct conf_unpeer, v6_flag)); + printf("offsetof(peeraddr6) = %d\n", + (int) offsetof(struct conf_unpeer, peeraddr6)); + printf("\n"); + + printf("sizeof(struct conf_sys_flags) = %d\n", + (int) sizeof(struct conf_sys_flags)); + printf("offsetof(flags) = %d\n", + (int) offsetof(struct conf_sys_flags, flags)); + printf("\n"); + + printf("sizeof(struct info_restrict) = %d\n", + (int) sizeof(struct info_restrict)); + printf("offsetof(addr) = %d\n", + (int) offsetof(struct info_restrict, addr)); + printf("offsetof(mask) = %d\n", + (int) offsetof(struct info_restrict, mask)); + printf("offsetof(count) = %d\n", + (int) offsetof(struct info_restrict, count)); + printf("offsetof(flags) = %d\n", + (int) offsetof(struct info_restrict, flags)); + printf("offsetof(mflags) = %d\n", + (int) offsetof(struct info_restrict, mflags)); + printf("offsetof(v6_flag) = %d\n", + (int) offsetof(struct info_restrict, v6_flag)); + printf("offsetof(unused1) = %d\n", + (int) offsetof(struct info_restrict, unused1)); + printf("offsetof(addr6) = %d\n", + (int) offsetof(struct info_restrict, addr6)); + printf("offsetof(mask6) = %d\n", + (int) offsetof(struct info_restrict, mask6)); + printf("\n"); + + printf("sizeof(struct conf_restrict) = %d\n", + (int) sizeof(struct conf_restrict)); + printf("offsetof(addr) = %d\n", + (int) offsetof(struct conf_restrict, addr)); + printf("offsetof(mask) = %d\n", + (int) offsetof(struct conf_restrict, mask)); + printf("offsetof(flags) = %d\n", + (int) offsetof(struct conf_restrict, flags)); + printf("offsetof(mflags) = %d\n", + (int) offsetof(struct conf_restrict, mflags)); + printf("offsetof(v6_flag) = %d\n", + (int) offsetof(struct conf_restrict, v6_flag)); + printf("offsetof(addr6) = %d\n", + (int) offsetof(struct conf_restrict, addr6)); + printf("offsetof(mask6) = %d\n", + (int) offsetof(struct conf_restrict, mask6)); + printf("\n"); + + printf("sizeof(struct info_monitor_1) = %d\n", + (int) sizeof(struct info_monitor_1)); + printf("offsetof(avg_int) = %d\n", + (int) offsetof(struct info_monitor_1, avg_int)); + printf("offsetof(last_int) = %d\n", + (int) offsetof(struct info_monitor_1, last_int)); + printf("offsetof(restr) = %d\n", + (int) offsetof(struct info_monitor_1, restr)); + printf("offsetof(count) = %d\n", + (int) offsetof(struct info_monitor_1, count)); + printf("offsetof(addr) = %d\n", + (int) offsetof(struct info_monitor_1, addr)); + printf("offsetof(daddr) = %d\n", + (int) offsetof(struct info_monitor_1, daddr)); + printf("offsetof(flags) = %d\n", + (int) offsetof(struct info_monitor_1, flags)); + printf("offsetof(port) = %d\n", + (int) offsetof(struct info_monitor_1, port)); + printf("offsetof(mode) = %d\n", + (int) offsetof(struct info_monitor_1, mode)); + printf("offsetof(version) = %d\n", + (int) offsetof(struct info_monitor_1, version)); + printf("offsetof(v6_flag) = %d\n", + (int) offsetof(struct info_monitor_1, v6_flag)); + printf("offsetof(unused1) = %d\n", + (int) offsetof(struct info_monitor_1, unused1)); + printf("offsetof(addr6) = %d\n", + (int) offsetof(struct info_monitor_1, addr6)); + printf("offsetof(daddr6) = %d\n", + (int) offsetof(struct info_monitor_1, daddr6)); + printf("\n"); + + printf("sizeof(struct info_monitor) = %d\n", + (int) sizeof(struct info_monitor)); + printf("offsetof(avg_int) = %d\n", + (int) offsetof(struct info_monitor, avg_int)); + printf("offsetof(last_int) = %d\n", + (int) offsetof(struct info_monitor, last_int)); + printf("offsetof(restr) = %d\n", + (int) offsetof(struct info_monitor, restr)); + printf("offsetof(count) = %d\n", + (int) offsetof(struct info_monitor, count)); + printf("offsetof(addr) = %d\n", + (int) offsetof(struct info_monitor, addr)); + printf("offsetof(port) = %d\n", + (int) offsetof(struct info_monitor, port)); + printf("offsetof(mode) = %d\n", + (int) offsetof(struct info_monitor, mode)); + printf("offsetof(version) = %d\n", + (int) offsetof(struct info_monitor, version)); + printf("offsetof(v6_flag) = %d\n", + (int) offsetof(struct info_monitor, v6_flag)); + printf("offsetof(unused1) = %d\n", + (int) offsetof(struct info_monitor, unused1)); + printf("offsetof(addr6) = %d\n", + (int) offsetof(struct info_monitor, addr6)); + printf("\n"); + + printf("sizeof(struct old_info_monitor) = %d\n", + (int) sizeof(struct old_info_monitor)); + printf("offsetof(lasttime) = %d\n", + (int) offsetof(struct old_info_monitor, lasttime)); + printf("offsetof(firsttime) = %d\n", + (int) offsetof(struct old_info_monitor, firsttime)); + printf("offsetof(count) = %d\n", + (int) offsetof(struct old_info_monitor, count)); + printf("offsetof(addr) = %d\n", + (int) offsetof(struct old_info_monitor, addr)); + printf("offsetof(port) = %d\n", + (int) offsetof(struct old_info_monitor, port)); + printf("offsetof(mode) = %d\n", + (int) offsetof(struct old_info_monitor, mode)); + printf("offsetof(version) = %d\n", + (int) offsetof(struct old_info_monitor, version)); + printf("offsetof(v6_flag) = %d\n", + (int) offsetof(struct old_info_monitor, v6_flag)); + printf("offsetof(addr6) = %d\n", + (int) offsetof(struct old_info_monitor, addr6)); + printf("\n"); + + printf("sizeof(struct reset_flags) = %d\n", + (int) sizeof(struct reset_flags)); + printf("offsetof(flags) = %d\n", + (int) offsetof(struct reset_flags, flags)); + printf("\n"); + + printf("sizeof(struct info_auth) = %d\n", + (int) sizeof(struct info_auth)); + printf("offsetof(timereset) = %d\n", + (int) offsetof(struct info_auth, timereset)); + printf("offsetof(numkeys) = %d\n", + (int) offsetof(struct info_auth, numkeys)); + printf("offsetof(numfreekeys) = %d\n", + (int) offsetof(struct info_auth, numfreekeys)); + printf("offsetof(keylookups) = %d\n", + (int) offsetof(struct info_auth, keylookups)); + printf("offsetof(keynotfound) = %d\n", + (int) offsetof(struct info_auth, keynotfound)); + printf("offsetof(encryptions) = %d\n", + (int) offsetof(struct info_auth, encryptions)); + printf("offsetof(decryptions) = %d\n", + (int) offsetof(struct info_auth, decryptions)); + printf("offsetof(expired) = %d\n", + (int) offsetof(struct info_auth, expired)); + printf("offsetof(keyuncached) = %d\n", + (int) offsetof(struct info_auth, keyuncached)); + printf("\n"); + + printf("sizeof(struct info_trap) = %d\n", + (int) sizeof(struct info_trap)); + printf("offsetof(local_address) = %d\n", + (int) offsetof(struct info_trap, local_address)); + printf("offsetof(trap_address) = %d\n", + (int) offsetof(struct info_trap, trap_address)); + printf("offsetof(trap_port) = %d\n", + (int) offsetof(struct info_trap, trap_port)); + printf("offsetof(sequence) = %d\n", + (int) offsetof(struct info_trap, sequence)); + printf("offsetof(settime) = %d\n", + (int) offsetof(struct info_trap, settime)); + printf("offsetof(origtime) = %d\n", + (int) offsetof(struct info_trap, origtime)); + printf("offsetof(resets) = %d\n", + (int) offsetof(struct info_trap, resets)); + printf("offsetof(flags) = %d\n", + (int) offsetof(struct info_trap, flags)); + printf("offsetof(v6_flag) = %d\n", + (int) offsetof(struct info_trap, v6_flag)); + printf("offsetof(local_address6) = %d\n", + (int) offsetof(struct info_trap, local_address6)); + printf("offsetof(trap_address6) = %d\n", + (int) offsetof(struct info_trap, trap_address6)); + printf("\n"); + + printf("sizeof(struct conf_trap) = %d\n", + (int) sizeof(struct conf_trap)); + printf("offsetof(local_address) = %d\n", + (int) offsetof(struct conf_trap, local_address)); + printf("offsetof(trap_address) = %d\n", + (int) offsetof(struct conf_trap, trap_address)); + printf("offsetof(trap_port) = %d\n", + (int) offsetof(struct conf_trap, trap_port)); + printf("offsetof(unused) = %d\n", + (int) offsetof(struct conf_trap, unused)); + printf("offsetof(v6_flag) = %d\n", + (int) offsetof(struct conf_trap, v6_flag)); + printf("offsetof(local_address6) = %d\n", + (int) offsetof(struct conf_trap, local_address6)); + printf("offsetof(trap_address6) = %d\n", + (int) offsetof(struct conf_trap, trap_address6)); + printf("\n"); + + printf("sizeof(struct info_control) = %d\n", + (int) sizeof(struct info_control)); + printf("offsetof(ctltimereset) = %d\n", + (int) offsetof(struct info_control, ctltimereset)); + printf("offsetof(numctlreq) = %d\n", + (int) offsetof(struct info_control, numctlreq)); + printf("offsetof(numctlbadpkts) = %d\n", + (int) offsetof(struct info_control, numctlbadpkts)); + printf("offsetof(numctlresponses) = %d\n", + (int) offsetof(struct info_control, numctlresponses)); + printf("offsetof(numctlfrags) = %d\n", + (int) offsetof(struct info_control, numctlfrags)); + printf("offsetof(numctlerrors) = %d\n", + (int) offsetof(struct info_control, numctlerrors)); + printf("offsetof(numctltooshort) = %d\n", + (int) offsetof(struct info_control, numctltooshort)); + printf("offsetof(numctlinputresp) = %d\n", + (int) offsetof(struct info_control, numctlinputresp)); + printf("offsetof(numctlinputfrag) = %d\n", + (int) offsetof(struct info_control, numctlinputfrag)); + printf("offsetof(numctlinputerr) = %d\n", + (int) offsetof(struct info_control, numctlinputerr)); + printf("offsetof(numctlbadoffset) = %d\n", + (int) offsetof(struct info_control, numctlbadoffset)); + printf("offsetof(numctlbadversion) = %d\n", + (int) offsetof(struct info_control, numctlbadversion)); + printf("offsetof(numctldatatooshort) = %d\n", + (int) offsetof(struct info_control, numctldatatooshort)); + printf("offsetof(numctlbadop) = %d\n", + (int) offsetof(struct info_control, numctlbadop)); + printf("offsetof(numasyncmsgs) = %d\n", + (int) offsetof(struct info_control, numasyncmsgs)); + printf("\n"); + + printf("sizeof(struct info_clock) = %d\n", + (int) sizeof(struct info_clock)); + printf("offsetof(clockadr) = %d\n", + (int) offsetof(struct info_clock, clockadr)); + printf("offsetof(type) = %d\n", + (int) offsetof(struct info_clock, type)); + printf("offsetof(flags) = %d\n", + (int) offsetof(struct info_clock, flags)); + printf("offsetof(lastevent) = %d\n", + (int) offsetof(struct info_clock, lastevent)); + printf("offsetof(currentstatus) = %d\n", + (int) offsetof(struct info_clock, currentstatus)); + printf("offsetof(polls) = %d\n", + (int) offsetof(struct info_clock, polls)); + printf("offsetof(noresponse) = %d\n", + (int) offsetof(struct info_clock, noresponse)); + printf("offsetof(badformat) = %d\n", + (int) offsetof(struct info_clock, badformat)); + printf("offsetof(baddata) = %d\n", + (int) offsetof(struct info_clock, baddata)); + printf("offsetof(timestarted) = %d\n", + (int) offsetof(struct info_clock, timestarted)); + printf("offsetof(fudgetime1) = %d\n", + (int) offsetof(struct info_clock, fudgetime1)); + printf("offsetof(fudgetime2) = %d\n", + (int) offsetof(struct info_clock, fudgetime2)); + printf("offsetof(fudgeval1) = %d\n", + (int) offsetof(struct info_clock, fudgeval1)); + printf("offsetof(fudgeval2) = %d\n", + (int) offsetof(struct info_clock, fudgeval2)); + printf("\n"); + + printf("sizeof(struct conf_fudge) = %d\n", + (int) sizeof(struct conf_fudge)); + printf("offsetof(clockadr) = %d\n", + (int) offsetof(struct conf_fudge, clockadr)); + printf("offsetof(which) = %d\n", + (int) offsetof(struct conf_fudge, which)); + printf("offsetof(fudgetime) = %d\n", + (int) offsetof(struct conf_fudge, fudgetime)); + printf("offsetof(fudgeval_flags) = %d\n", + (int) offsetof(struct conf_fudge, fudgeval_flags)); + printf("\n"); + + printf("sizeof(struct info_clkbug) = %d\n", + (int) sizeof(struct info_clkbug)); + printf("offsetof(clockadr) = %d\n", + (int) offsetof(struct info_clkbug, clockadr)); + printf("offsetof(nvalues) = %d\n", + (int) offsetof(struct info_clkbug, nvalues)); + printf("offsetof(ntimes) = %d\n", + (int) offsetof(struct info_clkbug, ntimes)); + printf("offsetof(svalues) = %d\n", + (int) offsetof(struct info_clkbug, svalues)); + printf("offsetof(stimes) = %d\n", + (int) offsetof(struct info_clkbug, stimes)); + printf("offsetof(values) = %d\n", + (int) offsetof(struct info_clkbug, values)); + printf("offsetof(times) = %d\n", + (int) offsetof(struct info_clkbug, times)); + printf("\n"); + + printf("sizeof(struct info_kernel) = %d\n", + (int) sizeof(struct info_kernel)); + printf("offsetof(offset) = %d\n", + (int) offsetof(struct info_kernel, offset)); + printf("offsetof(freq) = %d\n", + (int) offsetof(struct info_kernel, freq)); + printf("offsetof(maxerror) = %d\n", + (int) offsetof(struct info_kernel, maxerror)); + printf("offsetof(esterror) = %d\n", + (int) offsetof(struct info_kernel, esterror)); + printf("offsetof(status) = %d\n", + (int) offsetof(struct info_kernel, status)); + printf("offsetof(shift) = %d\n", + (int) offsetof(struct info_kernel, shift)); + printf("offsetof(constant) = %d\n", + (int) offsetof(struct info_kernel, constant)); + printf("offsetof(precision) = %d\n", + (int) offsetof(struct info_kernel, precision)); + printf("offsetof(tolerance) = %d\n", + (int) offsetof(struct info_kernel, tolerance)); + printf("offsetof(ppsfreq) = %d\n", + (int) offsetof(struct info_kernel, ppsfreq)); + printf("offsetof(jitter) = %d\n", + (int) offsetof(struct info_kernel, jitter)); + printf("offsetof(stabil) = %d\n", + (int) offsetof(struct info_kernel, stabil)); + printf("offsetof(jitcnt) = %d\n", + (int) offsetof(struct info_kernel, jitcnt)); + printf("offsetof(calcnt) = %d\n", + (int) offsetof(struct info_kernel, calcnt)); + printf("offsetof(errcnt) = %d\n", + (int) offsetof(struct info_kernel, errcnt)); + printf("offsetof(stbcnt) = %d\n", + (int) offsetof(struct info_kernel, stbcnt)); + printf("\n"); + + printf("sizeof(struct info_if_stats) = %d\n", + (int) sizeof(struct info_if_stats)); + printf("offsetof(unaddr) = %d\n", + (int) offsetof(struct info_if_stats, unaddr)); + printf("offsetof(unbcast) = %d\n", + (int) offsetof(struct info_if_stats, unbcast)); + printf("offsetof(unmask) = %d\n", + (int) offsetof(struct info_if_stats, unmask)); + printf("offsetof(v6_flag) = %d\n", + (int) offsetof(struct info_if_stats, v6_flag)); + printf("offsetof(name) = %d\n", + (int) offsetof(struct info_if_stats, name)); + printf("offsetof(flags) = %d\n", + (int) offsetof(struct info_if_stats, flags)); + printf("offsetof(last_ttl) = %d\n", + (int) offsetof(struct info_if_stats, last_ttl)); + printf("offsetof(num_mcast) = %d\n", + (int) offsetof(struct info_if_stats, num_mcast)); + printf("offsetof(received) = %d\n", + (int) offsetof(struct info_if_stats, received)); + printf("offsetof(sent) = %d\n", + (int) offsetof(struct info_if_stats, sent)); + printf("offsetof(notsent) = %d\n", + (int) offsetof(struct info_if_stats, notsent)); + printf("offsetof(uptime) = %d\n", + (int) offsetof(struct info_if_stats, uptime)); + printf("offsetof(scopeid) = %d\n", + (int) offsetof(struct info_if_stats, scopeid)); + printf("offsetof(ifindex) = %d\n", + (int) offsetof(struct info_if_stats, ifindex)); + printf("offsetof(ifnum) = %d\n", + (int) offsetof(struct info_if_stats, ifnum)); + printf("offsetof(peercnt) = %d\n", + (int) offsetof(struct info_if_stats, peercnt)); + printf("offsetof(family) = %d\n", + (int) offsetof(struct info_if_stats, family)); + printf("offsetof(ignore_packets) = %d\n", + (int) offsetof(struct info_if_stats, ignore_packets)); + printf("offsetof(action) = %d\n", + (int) offsetof(struct info_if_stats, action)); + printf("offsetof(_filler0) = %d\n", + (int) offsetof(struct info_if_stats, _filler0)); + printf("\n"); + + printf("sizeof(struct info_dns_assoc) = %d\n", + (int) sizeof(struct info_dns_assoc)); + printf("offsetof(peeraddr) = %d\n", + (int) offsetof(struct info_dns_assoc, peeraddr)); + printf("offsetof(associd) = %d\n", + (int) offsetof(struct info_dns_assoc, associd)); + printf("offsetof(hostname) = %d\n", + (int) offsetof(struct info_dns_assoc, hostname)); + printf("\n"); + diff --git a/usr.sbin/ntp/ntpq/Makefile b/usr.sbin/ntp/ntpq/Makefile new file mode 100644 index 0000000..f9901a0 --- /dev/null +++ b/usr.sbin/ntp/ntpq/Makefile @@ -0,0 +1,40 @@ +# $FreeBSD$ + +MAN= + +.include <src.opts.mk> +.include <bsd.own.mk> + +.PATH: ${.CURDIR}/../../../contrib/ntp/ntpq + +BINDIR= /usr/bin + +PROG= ntpq +SRCS= ntpq.c ntpq-opts.c ntpq-subs.c version.c + +CFLAGS+= -I${.CURDIR}/../../../contrib/ntp/include \ + -I${.CURDIR}/../../../contrib/ntp/include \ + -I${.CURDIR}/../../../contrib/ntp/lib/isc/include \ + -I${.CURDIR}/../../../contrib/ntp/lib/isc/unix/include \ + -I${.CURDIR}/../../../contrib/ntp/lib/isc/pthreads/include \ + -I${.CURDIR}/../../../contrib/ntp/lib/isc/${NTP_ATOMIC}/include \ + -I${.CURDIR}/../../../contrib/ntp/sntp/libopts \ + -I${.CURDIR}/../ + +LIBADD+= edit ntp opts m pthread + +.if ${MK_OPENSSL} != "no" +LIBADD+= crypto +.else +LIBADD+= md +.endif + +CFLAGS+= -DHAVE_LIBEDIT -DHAVE_READLINE_READLINE_H \ + -I${DESTDIR}/${INCLUDEDIR}/edit + +CLEANFILES+= .version version.c + +version.c: + sh -e ${.CURDIR}/../scripts/mkver ntpq + +.include <bsd.prog.mk> diff --git a/usr.sbin/ntp/ntpq/Makefile.depend b/usr.sbin/ntp/ntpq/Makefile.depend new file mode 100644 index 0000000..7531e73 --- /dev/null +++ b/usr.sbin/ntp/ntpq/Makefile.depend @@ -0,0 +1,28 @@ +# $FreeBSD$ +# Autogenerated - do NOT edit! + +DIRDEPS = \ + gnu/lib/csu \ + gnu/lib/libgcc \ + include \ + include/arpa \ + include/xlocale \ + lib/${CSU_DIR} \ + lib/libc \ + lib/libcompiler_rt \ + lib/libedit \ + lib/libthr \ + lib/msun \ + lib/ncurses/ncursesw \ + secure/lib/libcrypto \ + usr.sbin/ntp/libntp \ + usr.sbin/ntp/libopts \ + + +.include <dirdeps.mk> + +.if ${DEP_RELDIR} == ${_DEP_RELDIR} +# local dependencies - needed for -jN in clean tree +version.o: version.c +version.po: version.c +.endif diff --git a/usr.sbin/ntp/ntptime/Makefile b/usr.sbin/ntp/ntptime/Makefile new file mode 100644 index 0000000..ef02d0f --- /dev/null +++ b/usr.sbin/ntp/ntptime/Makefile @@ -0,0 +1,16 @@ +# $FreeBSD$ + +.PATH: ${.CURDIR}/../../../contrib/ntp/util + +PROG= ntptime +MAN= + +CFLAGS+= -I${.CURDIR}/../../../contrib/ntp/include \ + -I${.CURDIR}/../../../contrib/ntp/lib/isc/include/ \ + -I${.CURDIR}/../../../contrib/ntp/lib/isc/unix/include/ \ + -I${.CURDIR}/../../../contrib/ntp/lib/isc/pthreads/include \ + -I${.CURDIR}/../ + +LIBADD= ntp pthread + +.include <bsd.prog.mk> diff --git a/usr.sbin/ntp/ntptime/Makefile.depend b/usr.sbin/ntp/ntptime/Makefile.depend new file mode 100644 index 0000000..a231d4a --- /dev/null +++ b/usr.sbin/ntp/ntptime/Makefile.depend @@ -0,0 +1,23 @@ +# $FreeBSD$ +# Autogenerated - do NOT edit! + +DIRDEPS = \ + gnu/lib/csu \ + gnu/lib/libgcc \ + include \ + include/arpa \ + include/xlocale \ + lib/${CSU_DIR} \ + lib/libc \ + lib/libcompiler_rt \ + lib/libthr \ + lib/msun \ + secure/lib/libcrypto \ + usr.sbin/ntp/libntp \ + + +.include <dirdeps.mk> + +.if ${DEP_RELDIR} == ${_DEP_RELDIR} +# local dependencies - needed for -jN in clean tree +.endif diff --git a/usr.sbin/ntp/scripts/mkver b/usr.sbin/ntp/scripts/mkver new file mode 100755 index 0000000..2bc36b5 --- /dev/null +++ b/usr.sbin/ntp/scripts/mkver @@ -0,0 +1,44 @@ +#!/bin/sh +# +# $FreeBSD$ +# +PROG=${1-UNKNOWN} + +ConfStr="$PROG" + +ConfStr="$ConfStr 4.2.8p4" + +case "$CSET" in + '') ;; + *) ConfStr="$ConfStr@$CSET" ;; +esac + +case "" in + '') + case "1" in + '') ;; + *) ConfStr="${ConfStr}-a" ;; + esac + ;; + *) ConfStr="${ConfStr}-r" ;; +esac + +if [ ! -f .version ]; then + echo 0 > .version +fi +RUN="`cat .version`" +RUN="`expr $RUN + 1`" +echo $RUN > .version + +ConfStr="$ConfStr (${RUN})" + +echo "Version <${ConfStr}>"; + +rm -f version.c +cat > version.c << -EoF- +/* + * version file for $PROG + */ +#include <config.h> +const char * Version = "${ConfStr}"; +-EoF- diff --git a/usr.sbin/ntp/scripts/ntptrace b/usr.sbin/ntp/scripts/ntptrace new file mode 100644 index 0000000..8a895c4 --- /dev/null +++ b/usr.sbin/ntp/scripts/ntptrace @@ -0,0 +1,62 @@ +#! /usr/local/bin/perl -w +# +# $FreeBSD$ + +# John Hay -- John.Hay@icomtek.csir.co.za / jhay@FreeBSD.org + +use Socket; +use Getopt::Std; +use vars qw($opt_n); + +$ntpq = "ntpq"; + +getopts('n'); + +$dodns = 1; +$dodns = 0 if (defined($opt_n)); + +$host = shift; +$host ||= "127.0.0.1"; + +for (;;) { + $stratum = 255; + $cmd = "$ntpq -n -c rv $host"; + open(PH, $cmd . "|") || die "failed to start command $cmd: $!"; + while (<PH>) { + $stratum = $1 if (/stratum=(\d+)/); + $peer = $1 if (/peer=(\d+)/); + # Very old servers report phase and not offset. + $offset = $1 if (/(?:offset|phase)=([^\s,]+)/); + $rootdelay = $1 if (/rootdelay=([^\s,]+)/); + $refid = $1 if (/refid=([^\s,]+)/); + } + close(PH) || die "$cmd failed"; + last if ($stratum == 255); + $offset /= 1000; + $rootdelay /= 1000; + $dhost = $host; + # Only do lookups of IPv4 addresses. The standard lookup functions + # of perl only do IPv4 and I don't know if we should require extras. + if ($dodns && $host =~ /^(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$/) { + $iaddr = inet_aton($host); + $name = (gethostbyaddr($iaddr, AF_INET))[0]; + $dhost = $name if (defined($name)); + } + printf("%s: stratum %d, offset %f, root distance %f", + $dhost, $stratum, $offset, $rootdelay); + printf(", refid '%s'", $refid) if ($stratum == 1); + printf("\n"); + last if ($stratum == 0 || $stratum == 1 || $stratum == 16); + last if ($refid =~ /^127\.127\.\d{1,3}\.\d{1,3}$/); + + $cmd = "$ntpq -n -c \"pstat $peer\" $host"; + open(PH, $cmd . "|") || die "failed to start command $cmd: $!"; + $thost = ""; + while (<PH>) { + $thost = $1, last if (/srcadr=(\S+),/); + } + close(PH) || die "$cmd failed"; + last if ($thost eq ""); + $host = $thost; +} + diff --git a/usr.sbin/ntp/scripts/ntpver b/usr.sbin/ntp/scripts/ntpver new file mode 100755 index 0000000..6dbc510 --- /dev/null +++ b/usr.sbin/ntp/scripts/ntpver @@ -0,0 +1,8 @@ +#!/bin/sh +# $FreeBSD$ +# print version string of NTP daemon +# Copyright (c) 1997 by Ulrich Windl +# Modified 970318: Harlan Stenn: rewritten... +# usage: ntpver hostname + +ntpq -c "rv 0 daemon_version" $* | awk '/daemon_version/ { print $2 }' diff --git a/usr.sbin/ntp/sntp/Makefile b/usr.sbin/ntp/sntp/Makefile new file mode 100644 index 0000000..ce5c01d --- /dev/null +++ b/usr.sbin/ntp/sntp/Makefile @@ -0,0 +1,31 @@ +# $FreeBSD$ + +.include <src.opts.mk> + +.PATH: ${.CURDIR}/../../../contrib/ntp/sntp + +PROG= sntp +MK_MAN= no +SRCS= crypto.c kod_management.c log.c main.c networking.c \ + sntp-opts.c sntp.c utilities.c + +CFLAGS+= -I${.CURDIR}/../../../contrib/ntp/include \ + -I${.CURDIR}/../../../contrib/ntp/include \ + -I${.CURDIR}/../../../contrib/ntp/lib/isc/include \ + -I${.CURDIR}/../../../contrib/ntp/lib/isc/unix/include \ + -I${.CURDIR}/../../../contrib/ntp/lib/isc/pthreads/include \ + -I${.CURDIR}/../../../contrib/ntp/sntp \ + -I${.CURDIR}/../../../contrib/ntp/sntp/libopts \ + -I${.CURDIR}/../../../contrib/ntp/sntp/libevent/include \ + -I${.CURDIR}/../libntpevent \ + -I${.CURDIR}/../ + +LIBADD= m opts ntp ntpevent pthread + +.if ${MK_OPENSSL} != "no" +LIBADD+= crypto +.else +LIBADD+= md +.endif + +.include <bsd.prog.mk> diff --git a/usr.sbin/ntp/sntp/Makefile.depend b/usr.sbin/ntp/sntp/Makefile.depend new file mode 100644 index 0000000..9f44d40 --- /dev/null +++ b/usr.sbin/ntp/sntp/Makefile.depend @@ -0,0 +1,25 @@ +# $FreeBSD$ +# Autogenerated - do NOT edit! + +DIRDEPS = \ + gnu/lib/csu \ + gnu/lib/libgcc \ + include \ + include/arpa \ + include/xlocale \ + lib/${CSU_DIR} \ + lib/libc \ + lib/libcompiler_rt \ + lib/libthr \ + lib/msun \ + secure/lib/libcrypto \ + usr.sbin/ntp/libntp \ + usr.sbin/ntp/libntpevent \ + usr.sbin/ntp/libopts \ + + +.include <dirdeps.mk> + +.if ${DEP_RELDIR} == ${_DEP_RELDIR} +# local dependencies - needed for -jN in clean tree +.endif |
