mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2025-01-01 00:18:15 +01:00
734 lines
22 KiB
Groff
734 lines
22 KiB
Groff
''' $Header
|
|
'''
|
|
.de Sh
|
|
.br
|
|
.ne 5
|
|
.PP
|
|
\fB\\$1\fR
|
|
.PP
|
|
..
|
|
.de Sp
|
|
.if t .sp .5v
|
|
.if n .sp
|
|
..
|
|
.de Ip
|
|
.br
|
|
.ie \\n.$>=3 .ne \\$3
|
|
.el .ne 3
|
|
.IP "\\$1" \\$2
|
|
..
|
|
'''
|
|
''' Set up \*(-- to give an unbreakable dash;
|
|
''' string Tr holds user defined translation string.
|
|
''' Greek uppercase omega is used as a dummy character.
|
|
'''
|
|
.tr \(*W-|\(bv\*(Tr
|
|
.ie n \{\
|
|
.ds -- \(*W-
|
|
.if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
|
|
.if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
|
|
.ds L" ""
|
|
.ds R" ""
|
|
.ds L' '
|
|
.ds R' '
|
|
'br\}
|
|
.el\{\
|
|
.ds -- \(em\|
|
|
.tr \*(Tr
|
|
.ds L" ``
|
|
.ds R" ''
|
|
.ds L' `
|
|
.ds R' '
|
|
'br\}
|
|
.TH XNTPDC 8 LOCAL
|
|
.SH NAME
|
|
xntpdc - query/control program for the Network Time Protocol daemon
|
|
.SH SYNOPSIS
|
|
.B xntpdc
|
|
[
|
|
.B -ilnps
|
|
] [
|
|
.B -c
|
|
.I command
|
|
] [
|
|
.I host
|
|
] [
|
|
.I ...
|
|
]
|
|
.SH DESCRIPTION
|
|
.I Xntpdc
|
|
is used to query the
|
|
.IR xntpd (8)
|
|
daemon about its current state and to request changes in that state. The
|
|
program may be run either in interactive mode or controlled using
|
|
command line arguments. Extensive state and statistics information is
|
|
available through the
|
|
.I xntpdc
|
|
interface. In addition, nearly all the configuration options which can
|
|
be specified at start up using
|
|
.IR xntpd 's
|
|
configuration file may also be specified at run time using
|
|
.IR xntpdc .
|
|
.PP
|
|
If one or more request options is included on the command line when
|
|
.I xntpdc
|
|
is executed, each of the requests will be sent to the NTP servers
|
|
running on each of the hosts given as command line arguments, or on
|
|
.I localhost
|
|
by default. If no request options are given,
|
|
.I xntpdc
|
|
will attempt to read commands from the standard input and execute these
|
|
on the NTP server running on the first host given on the command line,
|
|
again defaulting to
|
|
.I localhost
|
|
when no other host is specified.
|
|
.I Xntpdc
|
|
will prompt for commands if the standard input is a terminal device.
|
|
.PP
|
|
.I Xntpdc
|
|
uses NTP mode 7 packets to communicate with the NTP server, and hence
|
|
can be used to query any compatable server on the network which permits
|
|
it. Note that since NTP is a UDP protocol this communication will be
|
|
somewhat unreliable, especially over large distances in terms of network
|
|
topology.
|
|
.I Xntpdc
|
|
makes no attempt to retransmit requests, and will time requests out if
|
|
the remote host is not heard from within a suitable time out time.
|
|
.PP
|
|
Command line options are described following. Specifying a command line
|
|
option other than
|
|
.B -i
|
|
or
|
|
.B -n
|
|
will cause the specified query (queries) to be sent to the indicated
|
|
host(s) immediately. Otherwise,
|
|
.I xntpdc
|
|
will attempt to read interactive format commands from the standard
|
|
input.
|
|
.Ip -c 8
|
|
The following argument is interpreted as an interactive format command
|
|
and is added to the list of commands to be executed on the specified
|
|
host(s). Multiple
|
|
.B -c
|
|
options may be given.
|
|
.Ip -i 8
|
|
Force
|
|
.I xntpdc
|
|
to operate in interactive mode. Prompts will be written to the standard
|
|
output and commands read from the standard input.
|
|
.Ip -l 8
|
|
Obtain a list of peers which are known to the server(s). This switch is
|
|
equivalent to \*(L"-c listpeers\*(R".
|
|
.Ip -n 8
|
|
Output all host addresses in dotted\-quad numeric format rather than
|
|
converting to the canonical host names.
|
|
.Ip -p 8
|
|
Print a list of the peers known to the server as well as a summary of
|
|
their state. This is equivalent to \*(L"-c peers\*(R".
|
|
.Ip -s 8
|
|
Print a list of the peers known to the server as well as a summary of
|
|
their state, but in a slightly different format than the
|
|
.B -p
|
|
switch. This is equivalent to \*(L"-c dmpeers\*(R".
|
|
.SH INTERNAL COMMANDS
|
|
.PP
|
|
Interactive format commands consist of a keyword followed by zero to
|
|
four arguments. Only enough characters of the full keyword to uniquely
|
|
identify the command need be typed. The output of a command is normally
|
|
sent to the standard output, but optionally the output of individual
|
|
commands may be sent to a file by appending a \*(L">\*(R", followed by a
|
|
file name, to the command line.
|
|
.PP
|
|
A number of interactive format commands are executed entirely within the
|
|
.I xntpdc
|
|
program itself and do not result in NTP mode 7 requests being sent to a
|
|
server. These are described following.
|
|
.PP
|
|
.B ?
|
|
[
|
|
.I command_keyword
|
|
}
|
|
.PP
|
|
A \*(L"?\*(R" by itself will print a list of all the command keywords
|
|
known to this incarnation of
|
|
.IR xntpdc .
|
|
A \*(L"?\*(R" followed by a command keyword will print funcation and
|
|
usage information about the command. This command is probably a better
|
|
source of information about
|
|
.I xntpdc
|
|
than this manual page.
|
|
.PP
|
|
.B help
|
|
[
|
|
.I command_keyword
|
|
]
|
|
.PP
|
|
A synonym for the
|
|
.B ?
|
|
command.
|
|
.PP
|
|
.B timeout
|
|
.I millseconds
|
|
.PP
|
|
Specify a time out period for responses to server queries. The default
|
|
is about 8000 milliseconds.
|
|
.PP
|
|
.B delay
|
|
.I milliseconds
|
|
.PP
|
|
Specify a time interval to be added to timestamps included in requests
|
|
which require authentication. This is used to enable (unreliable) server
|
|
reconfiguration over long delay network paths or between machines whose
|
|
clocks are unsynchronized.
|
|
.PP
|
|
.B host
|
|
.I hostname
|
|
.PP
|
|
Set the host to which future queries will be sent.
|
|
.I Hostname
|
|
may be either a host name or a numeric (dotted quad) dmaddress.
|
|
.PP
|
|
.B keyid
|
|
.I #
|
|
.PP
|
|
This command allows the specification of a key number to be used to
|
|
authenticate configuration requests. This must correspond to the key
|
|
number the server has been configured to use for this purpose.
|
|
.PP
|
|
.B passwd
|
|
.PP
|
|
This command prompts you to type in a password (which will not be
|
|
echoed) which will be used to authenticate configuration requests. The
|
|
password must correspond to the key configured for use by the NTP server
|
|
for this purpose if such requests are to be successful.
|
|
.PP
|
|
.B "hostnames yes|no"
|
|
.PP
|
|
If \*(L"yes\*(R" is specified, host names are printed in information
|
|
displays. If \*(L"no\*(R" is given, numeric addresses are printed
|
|
instead. The default is \*(L"yes\*(R" unless modified using the command
|
|
line
|
|
.B -n
|
|
switch.
|
|
.PP
|
|
.B quit
|
|
.PP
|
|
Exit
|
|
.IR xntpdc .
|
|
.SH QUERY COMMANDS
|
|
.PP
|
|
Query commands result in NTP mode 7 packets containing requests for
|
|
information being sent to the server. These are \*(L"read\-only\*(R"
|
|
commands in that they make no modification of the server configuration
|
|
state.
|
|
.PP
|
|
.B listpeers
|
|
.PP
|
|
Obtains and prints a brief list of the peers for which the server is
|
|
maintaining state. These should include all configured peer associations
|
|
as well as those peers whose stratum is such that they are considered by
|
|
the server to be possible future synchonization candidates.
|
|
.PP
|
|
.B peers
|
|
.PP
|
|
Obtains a list of peers for which the server is maintaining state, along
|
|
with a summary of that state. Summary information includes the address
|
|
of the remote peer, the local interface address (0.0.0.0 if a local
|
|
address has yet to be determined), the stratum of the remote peer (a
|
|
stratum of 16 indicates the remote peer is unsynchronized), the polling
|
|
interval, in seconds, the reachability register, in octal, and the
|
|
current estimated delay, offset and dispersion of the peer, all in
|
|
seconds. In addition, the character in the left margin indicates the
|
|
mode this peer entry is operating in. A \*(L"+\*(R" denotes symmetric
|
|
active, a \*(L"-\*(R" indicates symmetric passive, a \*(L"=\*(R" means
|
|
the remote server is being polled in client mode, a \*(L"^\*(R"
|
|
indicates that the server is broadcasting to this address, a \*(L"~\*(R"
|
|
denotes that the remote peer is sending broadcasts and a \*(L"*\*(R"
|
|
marks the peer the server is currently synchonizing to.
|
|
.PP
|
|
The contents of the host field may be one of four forms. It may be a
|
|
host name, an IP address, a reference clock implementation name with its
|
|
parameter or \*(L"REFCLK(<implementation number>, <parameter>)\*(R". On
|
|
\*(L"hostnames no\*(R" only IP\-addresses will be displayed.
|
|
.PP
|
|
.B dmpeers
|
|
.PP
|
|
A slightly different peer summary list. Identical to the output of the
|
|
.B peers
|
|
command except for the character in the leftmost column. Characters only
|
|
appear beside peers which were included in the final stage of the clock
|
|
selection algorithm. A \*(L".\*(R" indicates that this peer was cast off
|
|
in the falseticker detection, while a \*(L"+\*(R" indicates that the
|
|
peer made it through. A \*(L"*\*(R" denotes the peer the server is
|
|
currently synchronizing with.
|
|
.PP
|
|
.B showpeer
|
|
.I peer_address
|
|
[
|
|
.I addr2
|
|
] [
|
|
.I addr3
|
|
] [
|
|
.I addr4
|
|
]
|
|
.PP
|
|
Shows a detailed display of the current peer variables for one or more
|
|
peers. Most of these values are described in the NTP Version 2
|
|
specification.
|
|
.PP
|
|
.B pstats
|
|
.I peer_address
|
|
[
|
|
.I addr2
|
|
] [
|
|
.I addr3
|
|
] [
|
|
.I addr4
|
|
]
|
|
.PP
|
|
Show per\-peer statistic counters associated with the specified peer(s).
|
|
.PP
|
|
.B clockinfo
|
|
.I clock_peer_address
|
|
[
|
|
.I addr2
|
|
] [
|
|
.I addr3
|
|
] [
|
|
.I addr4
|
|
]
|
|
.PP
|
|
Obtain and print information concerning a peer clock. The values
|
|
obtained provide information on the setting of fudge factors and other
|
|
clock performance information.
|
|
.PP
|
|
.B kerninfo
|
|
.PP
|
|
Obtain and print kernel phase-lock loop operating parameters. This
|
|
information is available only if the kernel has been specially modified
|
|
for a precision timekeeping function.
|
|
.PP
|
|
.B loopinfo
|
|
[
|
|
.B oneline|multiline
|
|
]
|
|
.PP
|
|
Print the values of selected loop filter variables. The loop filter is
|
|
the part of NTP which deals with adjusting the local system clock. The
|
|
\*(L"offset\*(R" is the last offset given to the loop filter by the
|
|
packet processing code. The \*(L"frequency\*(R" is the frequency error
|
|
of the local clock in parts-per-million (ppm). The \*(L"time_const\*(R"
|
|
controls the "stiffness" of the phase-lock loop and thus the speed at
|
|
which it can adapt to oscillator drift. The \*(L"watchdog timer\*(R"
|
|
value is the number of seconds which have elapsed since the last sample
|
|
offset was given to the loop filter. The \*(L"oneline\*(R" and
|
|
\*(L"multiline\*(R" options specify the format in which this information
|
|
is to be printed, with \*(L"multiline\*(R" as the default.
|
|
.PP
|
|
.B sysinfo
|
|
.PP
|
|
Print a variety of system state variables, i.e. state related to the
|
|
local server. All except the last four lines are described in the NTP
|
|
Version 3 specification, RFC 1305. The \*(L"system flags\*(R" show
|
|
various system flags, some of which can be set and cleared by the
|
|
\*(L"enable\*(R" and \*(L"disable\*(R" configuration commands,
|
|
respectively. The \*(L"stability\*(R" is the residual frequency error
|
|
remaining after the system frequency correction is applied and is
|
|
intended for maintenance and debugging. In most architectures, this
|
|
value will initially decrease from as high as 500 ppm to a nominal value
|
|
in the range .01 to 0.1 ppm. If it remains high for some time after
|
|
starting the daemon, something may be wrong with the local clock, or the
|
|
value of the kernel variable \*(L"tick\*(R" may be incorrect. The
|
|
\*(L"broadcastdelay\*(R" shows the default broadcast delay, as set by
|
|
the \*(L"broadcastdelay\*(R" configuration command, while the
|
|
\*(L"authdelay\*(R" shows the default authentication delay, as set by
|
|
the \*(L"authdelay\*(R" configuration command.
|
|
.PP
|
|
.B sysstats
|
|
.PP
|
|
Print statistics counters maintained in the protocol module.
|
|
.PP
|
|
.B memstats
|
|
.PP
|
|
Print statistics counters related to memory allocation
|
|
code.
|
|
.PP
|
|
.B iostats
|
|
.PP
|
|
Print statistics counters maintained in the input\-output module.
|
|
.PP
|
|
.B timerstats
|
|
.PP
|
|
Print statistics counters maintained in the timer/event queue support
|
|
code.
|
|
.PP
|
|
.B reslist
|
|
.PP
|
|
Obtain and print the server's restriction list. This list is (usually)
|
|
printed in sorted order and may help to understand how the restrictions
|
|
are applied.
|
|
.PP
|
|
.B monlist
|
|
[
|
|
.I version
|
|
]
|
|
.PP
|
|
Obtain and print traffic counts collected and maintained by the monitor
|
|
facility. The version number should not normally need to be specified.
|
|
.PP
|
|
.B clkbug
|
|
.I clock_peer_address
|
|
[
|
|
.I addr2
|
|
] [
|
|
.I addr3
|
|
] [
|
|
.I addr4
|
|
]
|
|
.PP
|
|
Obtain debugging information for a reference clock driver. This
|
|
information is provided only by some clock drivers and is mostly
|
|
undecodable without a copy of the driver source in hand.
|
|
.SH RUNTIME CONFIGURATION REQUESTS
|
|
.PP
|
|
All requests which cause state changes in the server are authenticated
|
|
by the server using a configured NTP key (the facility can also be
|
|
disabled by the server by not configuring a key). The key number and the
|
|
corresponding key must also be made known to
|
|
.IR xtnpdc .
|
|
This can be done using the
|
|
.B keyid
|
|
and
|
|
.B passwd
|
|
commands, the latter of which will prompt at the terminal for a password
|
|
to use as the encryption key. You will also be prompted automatically
|
|
for both the key number and password the first time a command which
|
|
would result in an authenticated request to the server is given.
|
|
Authentication not only provides verification that the requester has
|
|
permission to make such changes, but also gives an extra degree of
|
|
protection again transmission errors.
|
|
.PP
|
|
Authenticated requests always include a timestamp in the packet data,
|
|
which is included in the computation of the authentication code. This
|
|
timestamp is compared by the server to its receive time stamp. If they
|
|
differ by more than a small amount the request is rejected. This is done
|
|
for two reasons. First, it makes simple replay attacks on the server, by
|
|
someone who might be able to overhear traffic on your LAN, much more
|
|
difficult. Second, it makes it more difficult to request configuration
|
|
changes to your server from topologically remote hosts. While the
|
|
reconfiguration facility will work well with a server on the local host,
|
|
and may work adequately between time\-synchronized hosts on the same
|
|
LAN, it will work very poorly for more distant hosts. As such, if
|
|
reasonable passwords are chosen, care is taken in the distribution and
|
|
protection of keys and appropriate source address restrictions are
|
|
applied, the run time reconfiguration facility should provide an
|
|
adequate level of security.
|
|
.PP
|
|
The following commands all make authenticated requests.
|
|
.PP
|
|
.B addpeer
|
|
.I peer_address
|
|
[
|
|
.I keyid
|
|
] [
|
|
.I version#
|
|
] [
|
|
.B prefer
|
|
]
|
|
.PP
|
|
Add a configured peer association at the given address and operating in
|
|
symmetric active mode. Note that an existing association with the same
|
|
peer may be deleted when this command is executed, or may simply be
|
|
converted to conform to the new configuration, as appropriate. If the
|
|
optional \*(L"keyid\*(R" is a nonzero integer, all outgoing packets to
|
|
the remote server will have an authentication field attached encrypted
|
|
with this key. If the value is 0 (or not given) no authentication will
|
|
be done. The \*(L"version#\*(R" can be 1, 2 or 3 and defaults to 3. The
|
|
\*(L"prefer\*(R" keyword indicates a preferred peer (and thus will be
|
|
used primarily for clock synchronisation if possible). The preferred
|
|
peer also determines the validity of the PPS signal - if the preferred
|
|
peer is suitable for synchronisation so is the PPS signal.
|
|
.PP
|
|
.B addserver
|
|
.I peer_address
|
|
[
|
|
.I keyid
|
|
] [
|
|
.I version#
|
|
] [
|
|
.B prefer
|
|
]
|
|
.PP
|
|
Identical to the
|
|
.B addpeer
|
|
command, except that the operating mode is client.
|
|
.PP
|
|
.B broadcast
|
|
.I peer_address
|
|
[
|
|
.I keyid
|
|
] [
|
|
.I version#
|
|
]
|
|
.PP
|
|
Identical to the
|
|
.B addpeer
|
|
command, except that the operating mode is broadcast. In this case a
|
|
valid key identifier and key are required. The \*(L"peer_address\*(R"
|
|
parameter can be the broadcast address of the local network or a
|
|
multicast group address assigned to NTP. If a multicast address, a
|
|
multicast-capable kernel is required.
|
|
.PP
|
|
.B unconfig
|
|
.I peer_address
|
|
[
|
|
.I addr2
|
|
] [
|
|
.I addr3
|
|
] [
|
|
.I addr4
|
|
]
|
|
.PP
|
|
This command causes the configured bit to be removed from the specified
|
|
peer(s). In many cases this will cause the peer association to be
|
|
deleted. When appropriate, however, the association may persist in an
|
|
unconfigured mode if the remote peer is willing to continue on in this
|
|
fashion.
|
|
.PP
|
|
.B fudge
|
|
.I peer_address
|
|
[
|
|
.I time1
|
|
] [
|
|
.I time2
|
|
] [
|
|
.I stratum
|
|
] [
|
|
.I refid
|
|
]
|
|
.PP
|
|
This command provides a way to set certain data for a reference clock.
|
|
See the source listing for further information.
|
|
.PP
|
|
.B enable auth|bclient|pll|monitor|stats
|
|
[
|
|
.I ...
|
|
]
|
|
.PP
|
|
Provides a way to enable various server options. Flags not mentioned are
|
|
unaffected. The \*(L"auth\*(R" flag causes the server to synchronize
|
|
with unconfigured peers only if the peer has been correctly
|
|
authenticated using a trusted key and key identifier. The default for
|
|
this flag is disable (off). The \*(L"bclient\*(R" flag causes the server
|
|
to listen for a message from a broadcast or multicast server, following
|
|
which an association is automatically instantiated for that server. The
|
|
default for this flag is disable (off). The \*(L"pll\*(R" flag enables
|
|
the server to adjust its local clock, with default enable (on). If not
|
|
set, the local clock free-runs at its intrinsic time and frequency
|
|
offset. This flag is useful in case the local clock is controlled by
|
|
some other device or protocol and NTP is used only to provide
|
|
synchronization to other clients. The \*(L"monitor\*(R" flag enables the
|
|
monitoring facility (see elsewhere), with default disable (off). The
|
|
\*(L"stats\*(R" flag enables statistics facility filegen (see
|
|
description elsewhere.), with default enable (on).
|
|
.PP
|
|
.B disable auth|bclient|pll|monitor|stats
|
|
[
|
|
.I ...
|
|
]
|
|
.PP
|
|
Provides a way to disable various server options. Flags not mentioned
|
|
are unaffected. The flags presently available are described under the
|
|
enable command.
|
|
.PP
|
|
.B restrict
|
|
.I address
|
|
.I mask
|
|
.I flag
|
|
[
|
|
.I flag
|
|
]
|
|
.PP
|
|
Causes flag(s) to be added to an existing restrict list entry, or adds a
|
|
new entry to the list with the specified flag(s). The possible choices
|
|
for the flags arguments are given in the following list:
|
|
.Ip ignore 10
|
|
Ignore all packets from hosts which match this entry. If this flag is
|
|
specified neither queries nor time server polls will be responded to.
|
|
.Ip noquery 10
|
|
Ignore all NTP mode 7 packets (i.e. information queries and
|
|
configuration requests) from the source. Time service is not affected.
|
|
.Ip nomodify 10
|
|
Ignore all NTP mode 7 packets which attempt to modify the state of the
|
|
server (i.e. run time reconfiguration). Queries which return information
|
|
are permitted.
|
|
.Ip notrap 10
|
|
Decline to provide mode 6 control message trap service to matching
|
|
hosts. The trap service is a subsystem of the mode 6 control message
|
|
protocol which is intended for use by remote event logging programs.
|
|
.Ip lowpriotrap 10
|
|
Declare traps set by matching hosts to be low priority. The number of
|
|
traps a server can maintain is limited (the current limit is 3). Traps
|
|
are usually assigned on a first come, first served basis, with later
|
|
trap requestors being denied service. This flag modifies the assignment
|
|
algorithm by allowing low priority traps to be overridden by later
|
|
requests for normal priority traps.
|
|
.Ip noserve 10
|
|
Ignore NTP packets whose mode is other than 7. In effect, time service
|
|
is denied, though queries may still be permitted.
|
|
.Ip nopeer 10
|
|
Provide stateless time service to polling hosts, but do not allocate
|
|
peer memory resources to these hosts even if they otherwise might be
|
|
considered useful as future synchronization partners.
|
|
.Ip notrust 10
|
|
Treat these hosts normally in other respects, but never use them as
|
|
synchronization sources.
|
|
.Ip limited 10
|
|
These hosts are subject to limitation of number of clients from the same
|
|
net. Net in this context refers to the IP notion of net (class A, class
|
|
B, class C, etc.). Only the first \*(L"client_limit\*(R" hosts that have
|
|
shown up at the server and that have been active during the last
|
|
\*(L"client_limit_period\*(R" seconds are accepted. Requests from other
|
|
clients from the same net are rejected. Only time request packets are
|
|
taken into account. \*(L"Private\*(R", \*(L"control\*(R", and
|
|
\*(L"broadcast\*(R" packets are not subject to client limitation and
|
|
therefore are not contributing to client count. History of clients is
|
|
kept using the monitoring capability of
|
|
.IR xntpd.
|
|
Thus, monitoring is active as long as there is a restriction entry with
|
|
the \*(L"limited\*(R" flag. The default value for \*(L"client_limit\*(R"
|
|
is 3. The default value for \*(L"client_limit_period\*(R" is 3600
|
|
seconds. Currently both variables are not runtime configurable.
|
|
.Ip ntpport 10
|
|
This is actually a match algorithm modifier, rather than a restriction
|
|
flag. Its presence causes the restriction entry to be matched only if
|
|
the source port in the packet is the standard NTP UDP port (123). Both
|
|
\*(L"ntpport\*(R" and non\-\*(L"ntpport\*(R" may be specified. The
|
|
\*(L"ntpport\*(R" is considered more specific and is sorted later in the
|
|
list.
|
|
.PP
|
|
.B unrestrict
|
|
.I address
|
|
.I mask
|
|
.I flag
|
|
[
|
|
.I flag
|
|
]
|
|
.PP
|
|
Remove the specified flag(s) from the restrict list entry indicated
|
|
by the
|
|
.I address
|
|
and
|
|
.I mask
|
|
arguments.
|
|
.PP
|
|
.B delrestrict
|
|
.I address
|
|
.I mask
|
|
[
|
|
.B ntpport
|
|
]
|
|
.PP
|
|
Delete the matching entry from the restrict list.
|
|
.PP
|
|
.B "monitor yes|no"
|
|
.PP
|
|
Enable or disable the monitoring facility. Note that a
|
|
.B "monitor no"
|
|
command followed by a
|
|
.B "monitor yes"
|
|
command is a good way of resetting the packet counts.
|
|
.PP
|
|
.B readkeys
|
|
.PP
|
|
Causes the current set of authentication keys to be purged and a new set
|
|
to be obtained by rereading the keys file (which must have been
|
|
specified in the
|
|
.I xntpd
|
|
configuration file). This allows encryption keys to be changed without
|
|
restarting the server.
|
|
.PP
|
|
.B trustkey
|
|
.I keyid
|
|
[
|
|
.I keyid
|
|
] [
|
|
.I keyid
|
|
] [
|
|
.I keyid
|
|
]
|
|
.PP
|
|
Adds one or more keys to the trusted key list. When authentication is
|
|
enabled, peers whose time is to be trusted must be authenticated using a
|
|
trusted key.
|
|
.PP
|
|
.B untrustkey
|
|
.I keyid
|
|
[
|
|
.I keyid
|
|
] [
|
|
.I keyid
|
|
] [
|
|
.I keyid
|
|
]
|
|
.PP
|
|
Removes one or more keys from the trusted key list.
|
|
.PP
|
|
.B authinfo
|
|
.PP
|
|
Returns information concerning the authentication module, including
|
|
known keys and counts of encryptions and decryptions which have been
|
|
done.
|
|
.PP
|
|
.B setprecision
|
|
.I precision_value
|
|
.PP
|
|
Sets the precision which the server advertises to the specified value.
|
|
This should be a negative integer in the range -4 through -20.
|
|
.PP
|
|
.B traps
|
|
.PP
|
|
Display the traps set in the server. See the source listing for further
|
|
information.
|
|
.PP
|
|
.B addtrap
|
|
.I address
|
|
[
|
|
.I port
|
|
] [
|
|
.I interface
|
|
]
|
|
.PP
|
|
Set a trap for asynchronous messages. See the source listing for further
|
|
information.
|
|
.PP
|
|
.B clrtrap
|
|
.I address
|
|
[
|
|
.I port
|
|
] [
|
|
.I interface
|
|
]
|
|
.PP
|
|
Clear a trap for asynchronous messages. See the source listing for
|
|
further information.
|
|
.PP
|
|
.B reset ...
|
|
.PP
|
|
Clear the statistics counters in various modules of the server. See the
|
|
source listing for further information.
|
|
.SH SEE ALSO
|
|
.PP
|
|
.IR xntpd (8)
|
|
.SH HISTORY
|
|
.PP
|
|
Written by Dennis Ferguson at the University of Toronto.
|
|
.SH BUGS
|
|
.PP
|
|
.I Xntpdc
|
|
is a crude hack. Much of the information it shows is deadly boring and
|
|
could only be loved by its implementer. The program was designed so that
|
|
new (and temporary) features were easy to hack in, at great expense to
|
|
the program's ease of use. Despite this, the program is occasionally
|
|
useful.
|