Re: [ntp:questions] ntp-dev conflicts with ntp
On 2014-08-09, Rob wrote: > cd workdir > apt-get build-dep ntp-dev Install the "devscripts" package if you've not already done so. Then: apt-get source ntp-dev cd ntp-dev-4.2.7p447 Now edit ./debian/control and fix the Provides: line (and make any other local customizations you need). In the base of the unpacked source tree (ntp-dev-...): debuild -us -uc cd ../ Then install the local deb with: > dpkg -i ntp-dev_4.2.7p447_amd64.deb -- Steve Kostecke st...@kostecke.net ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] nagios
On 2014-06-12, Rob wrote: > One problem: confusion of the service name. The service is called > ntp-dev instead of ntp, it creates a file /etc/default/ntp-dev during > installation, but that file is never read. Instead, it reads the file > /etc/default/ntp just like the standard install. So the -g option is > not applied. > > As the ntp and ntp-dev packages cannot be installed together > anyway, IMHO it is better to just name the service ntp and the file > /etc/default/ntp. Please contact me off-list. -- Steve Kostecke st...@kostecke.net ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] nagios
On 2014-06-10, Rob wrote: > David Taylor wrote: >> On 10/06/2014 17:03, Rob wrote: >> [] >>> Ok that looks good. >>> >>> What is the impact of "The ntp-dev* packages do not utilize any of the >>> Debian distribution patches"? The Debian distribution patches included in their NTP package are used to remove DFSG violations and to fix issues which are specific to the NTP stable release. The NTP Project ntp-dev Debian package in intended to allow users to easily test ntp-dev as is. So patches which change functionality are counterproductive. >>> Do the precompiled builds include the ATOM PPS clock? >>> (the default Debian builds do not due to incorrect build environment) The NTP Project's ntp-dev Debian package (as I set it up) uses the following configure line (in ./debian/rules): ./configure CFLAGS='$(CFLAGS)' \ --prefix=/usr \ --enable-all-clocks --enable-parse-clocks --enable-SHM \ --enable-debugging --sysconfdir=/var/lib/ntp \ --with-sntp=yes \ --enable-linuxcaps > This was required because Debian forget to install the PPS package > before doing the compilation, and then PPS support is not going to be > in the compiled ntpd. > > So now I need to decide if I can install precompiled binaries of the > development version, or I need to go the route of compilation again. If you _do_ need to recompile NTP on your Debian system to enable additional features you can use the source debs which are (or used to be) available in the NTP Project Debian package repository. Add the following line to your /etc/apt/sources, or in a file in /etc/apt/source.d/, to use the packages in this repository: deb-src http://packages.ntp.org/debian stable main Then run the following commands in a scratch directory: apt-get update apt-get build-dep ntp-dev apt-get install devscripts apt-get source ntp-dev Then edit the configure line in ./debian/rules in the source tree. Then run this in the base of the source tree: debuild -us -uc Then cd ../ and install the resulting deb with dpkg -i > And if I need to weed through the Debian patches to see if those need > to be applied again to the development version (e.g. because they > change default paths) ntp-dev automatically does the right thing WRT to default paths for most major OSes or "distributions". > or not (e.g. because they fix bugs that are already fixed in the > development version). Since there is usually a considerable amount of churn in the code base between stable release and a ntp-dev snapshot the patches may not even be applicable. -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Header-tiquette (was: NTP.log interpretation)
On 2014-04-20, Jochen Bern wrote: > You might want to note from the very first line in my replies that I'm > subscribed to the mailing list in digest mode, and chances are that a > quick inspection of the headers on your end would have shown you not > only In-Reply-To: and References: headers, but also a User-Agent: header > mentioning Thunderbird. The problem is, of course, that Thunderbird will > (correctly) fill in the former ones with the Message-Id: of the digest > it receives and displays, not references to the pre-digestion > mails/postings. You need to set your digest deliver preferences for MIME digests. You may do using the following steps: 1. Visit http://lists.ntp.org/options/questions 2. Log in using your subscribed e-mail address and the password sent to you in the monthly reminder e-mail 3. Scroll down to the "Subscription Options" section of your questions mailing list membership configuration page 4. Change the "Get MIME or Plain Text Digests?" option from Plain Text to MIME 5. Scroll to the bottom of the page and click the "Submit My Changes" button -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] NTP.log interpretation
On 2014-04-19, Jason Rabel wrote: > Then I have three Stratum-2 servers that use the "server" line for > the S1 servers, but in addition they use the "peer" line with each > other S2 server. When you combine that with "orphan" mode if all my S1 > servers went down, the S2's would work with each other to figure out > their best guess at the right time. Orphan Mode is an automatic server discovery scheme. Nothing more. Orphan Mode does not make it possible for the members of a "time island" to determine the correct time in the absence of reference sources. http://doc.ntp.org/4.2.6p5/assoc.html#orphan Symmetric Active/Passive Mode (aka Peer Associations) allows the creation of a bidirectional link between two ntpd instances. http://doc.ntp.org/4.2.6p5/assoc.html#symact In my experience, the ntpds in a peer association will ignore each other when they have the same sys_peer (i.e. when they are "synchronised" to the same source). And the Mitigation Rules do not provide special Peer Classification for Symmetric Active/Passive Mode. http://doc.ntp.org/4.2.6p5/prefer.html#peer or http://doc.ntp.org/dev/prefer.html#peer -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] NTP.log interpretation
On 2014-04-18, William Unruh wrote: > On 2014-04-18, GregL wrote: > >> Now, I'm just planning on making changes to the ntp.conf, like adding >> the "-x" parameter. I'm hoping that that will prevent huge time >> resets backwards in time...should that ever be even possible again. > > ntpd will reset the time if it is off by more than 128 ms. The default step threshold is 128ms. This threshold is user configurable. As for the '-x' option. Using it could lead to having a clock so far off from the correct time that ntpd will never be able to correct the offset via slewing. > Those higly non-linear jumps are one of the "features" of ntpd. If you > do not want them, run for example chrony. It will smoothly change the > time. It will however also at times slew the time much faster than > 500PPM to get the time back on track. 500PPM per day is 43 seconds per day. One could argue that a clock which requires more than 43 seconds per day of correction is fundamentally broken and requires repair rather than calibration. -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Handle ntp conf modification when ntp is already running
On 2014-04-08, Arthur Lambert wrote: > But I can guess with your answer that I cannot handle modification on my > ntp conf without restart it. I will try to patch it to get it work with my > need. ntpd parses the configuration file at start-up. ntpd does not monitor the configuration file for changes. ntpd does not, AFAIK, reparse the configuration file in response to any signals (e.g. SIGHUP). Please contibute a patch with your changes to our BTS at http://bugs.ntp.org > [---=| TOFU protection by t-prot: 31 lines snipped |=---] ... -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Reasons of NTP not to use GPS source
On 2014-04-08, a.everett@gmail.com wrote: > On Monday, 16 September 2013 08:00:09 UTC+1, Igor Pavlov wrote: > > [---=| Quote block shrinked by t-prot: 45 lines snipped |=---] > >> 64.279 > >We find that the problem with many (not all) NMEA GPS receivers is that >often too much data is transmitted between each PPS output. This can >have the effect that the time output (ZDA) sentence can occasionally >shift either side of its corresponding pulse output. According to http://doc.ntp.org/4.2.6p5/drivers/driver20.html the NMEA driver uses the last processed sentence received during each cycle. So the simple solution is to have only one sentence enabled. >This has the effect of a 1 second offset occasionally being added to >time stamps supplied to the NTP daemon. Sometimes, increasing the baud >rate from the standard 4800 bps to 9600 or even 19200 bps can help by >allowing more characters (data) to be transmitted between each 1PPS >output. 4800bps (8N1) transfers 480 bytes (8-bit characters) per second. NMEA 0183 sentences are limited to 79 characters. So a single NMEA sentence is fits easily into the 480cps limit. -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] server and peer lines correct?
On 2014-04-07, Charles Swiger wrote: > On Apr 7, 2014, at 12:12 PM, Harlan Stenn wrote: >> Charles Swiger writes: >>> For a given S2 server, say NTP1, I'd recommend: >>> >>> server S1-1 iburst prefer [snip] >> How do you select which server to prefer? > > Absent any detailed knowledge of the stratum-1 servers, network > topology, etc, I'd simply map them: NTP1 prefers S1-1; NTP2 prefers > S1-2; NTP3 prefers S1-3, and they all peer with each other. > > Each of the stratum-2s will have a different preferred stratum-1 so > they have maximum diversity of upstream sources. Use of the prefer keyword will prevent the S2s from following the best S1 "truechimer" and push that decision down to the client level. BTW the effects of the prefer keyword are dowumented at: http://www.eecis.udel.edu/~mills/ntp/html/prefer.html#prefer -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Three NTP servers, one strange IP-address in 'refid'
On 2014-04-02, Sander Smeenk wrote: > Quoting Miroslav Lichvar (mlich...@redhat.com): > >> > > I guess it could also be a IPv6 ref mangling issue? >> > That could well be. We use IPv6 where we can. >> For IPv6 addresses the refid is defined as first 4 bytes of the MD5 >> sum of the address. With 2001:7b8:3:32:213:136:0:252 (tt52.ripe.net) >> that is 0xac023551, or 172.2.53.81 in the quad-dotted notation. > > Miroslav, you're right. This is it. Thanks. > I've changed everything over to IPv4 by not using hostnames anywhere. > The IP is gone. The refid is a 32-bit value used for loop detection. Only under IPv4 does the refid _happen_ to be an actual IP address. See slrnljo35n.4v1.koste...@stasis.kostecke.net for more detail. > I consider this a bug. Then feel free to add your voice to http://bugs.ntp.org/278 -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Three NTP servers, one strange IP-address in 'refid'
On 2014-04-02, Sander Smeenk wrote:
> Quoting Null@BlackList.Anitech-Systems.invalid:
>
>> > if i check 'ntpq -c lpeers' on one of the three stratum-2 servers i
>> > see an IP-address listed as 'refid' for the 'peer'-entries in my
>>
>> No, its in ntp{1,2,3}.bit.nl's .conf, or via DHCP or
>> ntp{1,2,3}.bit.nl ntp servers got it via a pool command. Why are you
>> using ntp{1,2,3}.bit.nl / dns{1,2,3}.dns.dmz.bit.nl servers? Why do
>> you care what ntp{1,2,3}.bit.nl / dns{1,2,3}.dns.dmz.bit.nl respond
>> with for their refclock?
>
> I am root@ntp{1,2,3}. I am the sysadmin of ntp{1,2,3} and
> tt52.ripe.net. I have 15 years of experience with Linux, networks,
> routing, the works. I care what these servers report as refid
> because i administer them and my users notified me about this weird
> IP-address.
Its a 32 bit value used for loop detection.
As stated by Dr. Mills (at
http://lists.ntp.org/pipermail/ntpwg/2005-June/87.html):
| Stratum Reference ID
| 0 (undefined) a 4-octet, zero padded string (kiss code)
| 1 (primary) reference clock designator (e.g., WWVB)
| 2-255 (secondary) IPv4: IPv4 address
| IPv6: first 32 bits of the MD5 hash of the IPv6 address
According to RFC5905 (http://www.ietf.org/rfc/rfc5905.txt) page 21
| Reference ID (refid): 32-bit code identifying the particular server
| or reference clock. The interpretation depends on the value in the
| stratum field. For packet stratum 0 (unspecified or invalid), this
| is a four-character ASCII [RFC1345] string, called the "kiss code",
| used for debugging and monitoring purposes. For stratum 1 (reference
| clock), this is a four-octet, left-justified, zero-padded ASCII string
| assigned to the reference clock. The authoritative list of Reference
| Identifiers is maintained by IANA; however, any string beginning with
| the ASCII character "X" is reserved for unregistered experimentation
| and development. The identifiers in Figure 12 have been used as ASCII
| identifiers:
[snip --> Figure 12: Reference Identifiers]
| Above stratum 1 (secondary servers and clients): this is the reference
| identifier of the server and can be used to detect timing loops. If
| using the IPv4 address family, the identifier is the four-octet IPv4
| address. If using the IPv6 address family, it is the first four octets
| of the MD5 hash of the IPv6 address. Note that, when using the IPv6
| address family on an NTPv4 server with a NTPv3 client, the Reference
| Identifier field appears to be a random value and a timing loop might
| not be detected.
Unfortunately a bad precedent was set with IPv4 by displaying the
refid as an IP address rather than as a GUUID. And users have become
accustomed to this misrepresentation.
The ntpq display formatting routine treats all 32-bit refids identically
and renders them as IPv4 addresses (see http://bugs.ntp.org/278#c7 for
a possible rationale).
References:
http://bugs.ntp.org/278 (reported 2004-02-03)
http://bugs.ntp.org/505
http://lists.ntp.org/pipermail/questions/2005-December/008271.html
http://lists.ntp.org/pipermail/ntpwg/2005-June/86.html
http://www.ietf.org/rfc/rfc5905.txt
http://support.ntp.org/bin/view/Dev/UpdatingTheRefidFormat
http://doc.ntp.org/4.2.6p5/debug.html
--
Steve Kostecke
NTP Public Services Project - http://support.ntp.org/
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Indirect GPS time source options
On 2014-03-13, William Unruh wrote: > Ie, you can try out the gps option with spare change. If that does not > work, then you can go to the more expensive CDMA option. I have no idea > how long Bell and Telus will continue their cdma offering. Rogers never > used it, and all the newer players do not use G2 type offerings. If you had thoroughly read all of the material at the links I previously posted you would know that CDMA is predicted to be available through 2020+ to support M2M (machine to machine) communications. > [---=| TOFU protection by t-prot: 138 lines snipped |=---] ... -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Indirect GPS time source options
On 2014-03-13, William Unruh wrote: > On 2014-03-13, Olivier Drouin wrote: > >> Also, from what I understand and please correct me if I'm wrong but >> cellular networks are indeed designed to be accurately timed because >> it's needed for the normal operations of the cell network. > > Yes, but they are not designed to deliver accurate time to the rest of > the world AFAIK. http://www.cdg.org/technology/cdma_technology/a_ross/systemtime.asp CDMA requires accurate time synchronization among all base stations and mobile stations. The accuracy must be within a few microseconds among base stations because the pilot code phase is used to distinguish them. When a mobile station is communicating with a base station they must be synchronized to within a fraction of a chip (814 ns). And the "clocks" (the PN generators) that must be synchronized have a period of 37 centuries. http://www.endruntechnologies.com/gps-cdma3.htm GPS Absolute timing accuracy of unit is under 30 nanoseconds. CDMA Absolute timing accuracy of unit is typically under 10 microseconds. Network timing accuracy 1/2 - 2 milliseconds, typical for both GPS and CDMA NTP products. Also see: http://www.endruntechnologies.com/cdma.htm -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Help with cross-compiling NTP for the Raspberry Pi requested
On 2014-03-08, Mike George wrote: > On my ubuntu machine that I built NTP on I installed > libcap2 > libcap-dev > Not sure if I needed the -dev but I didn't try without it. libcap-dev provides the development files associated with libcap2. So you need both to compile software which uses libcap2. Using my amd64 system as an example ... libcap2 contains: /lib/x86_64-linux-gnu/libcap.so.2.22 /usr/share/doc/libcap2/changelog.Debian.gz /usr/share/doc/libcap2/copyright /usr/share/doc/libcap2/changelog.gz /lib/x86_64-linux-gnu/libcap.so.2 And libcap-dev contains: /lib/x86_64-linux-gnu/libcap.a /usr/share/man/man3/cap_from_text.3.gz /usr/share/man/man3/cap_get_file.3.gz /usr/share/man/man3/libcap.3.gz /usr/share/man/man3/cap_copy_ext.3.gz /usr/share/man/man3/cap_get_proc.3.gz /usr/share/man/man3/cap_init.3.gz /usr/share/man/man3/cap_clear.3.gz /usr/share/doc/libcap-dev/changelog.Debian.gz /usr/share/doc/libcap-dev/copyright /usr/share/doc/libcap-dev/changelog.gz /usr/include/sys/capability.h /lib/x86_64-linux-gnu/libcap.so /usr/share/man/man3/cap_drop_bound.3.gz /usr/share/man/man3/cap_set_proc.3.gz /usr/share/man/man3/cap_compare.3.gz /usr/share/man/man3/cap_get_pid.3.gz /usr/share/man/man3/cap_get_flag.3.gz /usr/share/man/man3/capsetp.3.gz /usr/share/man/man3/cap_to_name.3.gz /usr/share/man/man3/cap_copy_int.3.gz /usr/share/man/man3/cap_to_text.3.gz /usr/share/man/man3/cap_free.3.gz /usr/share/man/man3/cap_from_name.3.gz /usr/share/man/man3/cap_get_bound.3.gz /usr/share/man/man3/cap_set_file.3.gz /usr/share/man/man3/cap_set_flag.3.gz /usr/share/man/man3/cap_dup.3.gz /usr/share/man/man3/cap_clear_flag.3.gz /usr/share/man/man3/capgetp.3.gz /usr/share/man/man3/cap_set_fd.3.gz /usr/share/man/man3/cap_get_fd.3.gz /usr/share/man/man3/cap_size.3.gz -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Help with cross-compiling NTP for the Raspberry Pi requested
On 2014-03-07, David Taylor wrote: > No, still getting an ntpd which is 2.87 MB in size, whereas on the > Raspberry Pi native build it's 2.0 MB. The Intel Debian version is 2.74 MB. Use file(1) to see useful build details about each ntpd. e.g. me@home:~$ file /usr/sbin/ntpd /usr/sbin/ntpd: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.26, BuildID[sha1]=0x9213f4f18406f5130455f8a8412feac1dedd344e, stripped -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Win7 NTP-dev NMEA User Mode PPS, Freq_Mode Not Working
On 2014-03-04, Martin Burnicki wrote: > Signed 32 and 64 bit versions of the serialpps driver are available in > this ZIP file: > http://support.ntp.org/people/burnicki/windows/serialpps-20120321-signed.zip or http://people.ntp.org/burnicki/windows/serialpps-20120321-signed.zip http://support.ntp.org/people is deprecated and now redirects to http://people.ntp.org -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Meinberg Configuration Help
On 2014-03-01, boostinbad...@gmail.com wrote: > My NTP server is part of the pool project and appears to be running > fine. Comcast contacted me about a month ago to let me know that my > NTP server was infected with a bot. I checked and everything seems to > be ok. I re-enabled my server about a week ago and I received another > phone call last week concerning security on my network. > > I contacted Ask and he said that it was not a bot but an issue with > my server allowing management requests. The problem is most likely: http://support.ntp.org/security#DRDoS_Amplification_Attack_using > I asked Ask how to properly configure my Meinberg client to not allow > management requests because I understand that they can be problematic. > I know the config for ntpd but I am not sure of the proper syntax for > Meinberg. Can someone provide me with that info? (from http://www.meinbergglobal.com/english/sw/ntp.htm) "The [Meinberg] NTP package contains a GUI installer for Windows which installs executable programs which have been compiled from the original NTP sources available at the NTP download page at ntp.org. The GUI installer also contains the corresponding HTML based NTP documentation, plus a current OpenSSL DLL required by NTP to support authentication. Unattended installation is also supported. Please see the NTP Installer Readme for help on how to use the installer. If you have any questions or feedback regarding the Meinberg Windows Installer for NTP, please send your mail to ntp-supp...@meinberg.de." The NTP Distribution HTML documentation is archived at http://doc.ntp.org/. -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] error message on startup
On 2014-02-28, Dwayne Hottinger wrote: > Ive just finished upgrading ntp to version Ver. 4.2.7p421 in order to > keep from becoming a ddos member. I changed the init.d script to point > to /usr/local/bin/ntp if I run the script I get the following error > message ntpd error: 'ntp' is not a recognizable number. I can start > manually using: /usr/local/bin/ntpd -u ntp -p /var/run/ntpd.pid and it > seems to run. We don't ship an init script with the NTP distribution. So we don't know what you're using. > However, Im not able to sync with my internal network. I added the > following to my ntp.conf file: > > ###Added 02/28/2014 for security and ddos should prohibit outside access > restrict default ignore > restrict 127.0.0.1 > ##For internal 10. network and public ips allows ourservers to still work > restrict 10.40.0.0 mask 255.255.0.0 nomodify notrap You're not allowing your ntpd to talk to any remote time servers. Please refer to http://support.ntp.org/Support/AccessRestrictions and follow the decision tree in that topic. -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntp symmetric keys - controlkey test is needed
On 2014-02-21, ardi wrote: > I have defined symmetric keys on 2 ntp servers. > How can I test whether controlkey is working? > Is it used for ntpq? http://doc.ntp.org/4.2.6p5/authopt.html explains Symmetric Key Cryptography; and the controlkey, requestkey and trustedkey commands. -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Remote access to http based service
On 2014-02-15, jtric...@gmail.com wrote: > I am looking for some way to poll a synced stratum 2 NTP server over > an http connection every hour or so to obtain the current time in > milliseconds OmniSync (see http://support.ntp.org/bin/view/Main/ExternalTimeRelatedLinks#C) can use any http/https server as a time source for NTP. OmniSync is able to poll a variety of time sources ncluding the daytime service (port 13 tcp/udp), time (port 37 tcp/udp), SNTS, ICMP, SNMP, precision time protocol (PTP - IEEE 1588), (S)NTP via a socks5 proxy server, http and https (both also via proxy server). The HTTP Time Protocol (see http://www.vervest.org/fiki/bin/view/HTP/WebHome) is an HTTP equivalent of ntpdate. -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] status information after ntpd -q
On 2014-02-08, William Unruh wrote: > On 2014-02-08, Steve Kostecke wrote: > >> On 2014-02-08, Harlan Stenn wrote: >> >>>> What OS? >> >> See my analysis in slrnlfaa3b.nh4.koste...@stasis.kostecke.net > > Surely the OP should be telling us this, not you trying, who knows how > successfully, to guess it. Anyone reading my analysis would have learned that the particular ntp package installed by the OP is only available in one location on-line: the angstrom-distribution repository. That's fairly conclusive evidence of the OS being used. -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] status information after ntpd -q
On 2014-02-08, Harlan Stenn wrote: >> What OS? See my analysis in slrnlfaa3b.nh4.koste...@stasis.kostecke.net > ... and are you cross-compiling? See the OP's build command-line in ca8a8da9-9082-436a-ad61-8ce62e147...@googlegroups.com -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] status information after ntpd -q
On 2014-02-07, William Unruh wrote: > Some developement package missing from your computer? You tell us > nothing about the operating system, the computer architecture or > anything else. The OP has provided some clues in previous articles. e.g. in 2c03f8a3-ebc9-4f45-a7de-75b843554...@googlegroups.com he mentions installing ntp-dev_4.2.6p3-r1.6_armv5te.ipk. This file can only be found on-line at: http://feeds.angstrom-distribution.org/feeds/unstable/ipk/glibc/armv5te/base/ This is from the Angstrom distribution (http://www.angstrom-distribution.org/) According to Wikipedia: "The Angstrom distribution is a Linux distribution for a variety of embedded devices. The distribution is the result of a unification of developers from the OpenZaurus, OpenEmbedded, and OpenSIMpad projects. Amongst other options the user interface in one of the reference builds achieveable with BitBake is the GPE Palmtop Environment. Angstrom uses opkg for package management." (More at https://en.wikipedia.org/wiki/%C3%85ngstr%C3%B6m_distribution) The feed URL referenced above suggests that the OP's architecture is ARM. And ca8a8da9-9082-436a-ad61-8ce62e147...@googlegroups.com shows the OP's cross-compile command-line with --target=arm. -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntpdc and collectd queries timeout
On 2014-01-24, David Lord wrote: > On NetBSD-6 i386 ntp-dev-4.2.7p410 > $ ntpdc -c kern > localhost: timed out, nothing received > ***Request timed out > > Perhaps that is intended behavior for 2014 given recent > DDOS attacks? According to http://archive.ntp.org/ntp4/ChangeLog-dev mode 7 requests were disabled more than 2 years ago: (4.2.7p230) 2011/11/01 Released by Harlan Stenn * Disable mode 7 (ntpdc) query processing in ntpd by default. ntpq is believed to provide all functionality ntpdc did, and uses a less- fragile protocol that's safer and easier to maintain. If you do find some management via ntpdc is needed, you can use "enable mode7" in the ntpd configuration. -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] generate GQ keys on ntp-server in addition to IFF keys
On 2014-01-23, ardi wrote: > is it possible to generate GQ keys on a ntp-server, that already has > IFF keys. Won't they be rewritten by chance? Try testing your idea in a scratch directory. > I would like to try to generate GQ keys for another ntp-client and try > whether works. I'm not sure why you continually differentiate between "ntp-server" and "ntp-client" because ntpd is both. The only difference in operation between the two is that in one case the ntpd is answering polls from other ntpds (or ntpdate, or sntp). -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] simple nt.conf cases for ntp-client
On 2014-01-23, ardi wrote: > On Thursday, January 23, 2014 12:21:15 PM UTC+1, Marco Marongiu wrote: > > [---=| Quote block shrinked by t-prot: 87 lines snipped |=---] Please quote just enough so that your reply makes sense in context. Unless you have a very good reason to quote more, a good guideline is that the amount of quoted matter should be less than the amount of new matter. If the previous author was long-winded and any direct quote is too long, write a one- or two-line summary in lieu of a quote. "Play Nice on Usenet" http://oakroadsystems.com/genl/unice.htm "How do I quote correctly in Usenet?" http://www.netmeister.org/news/learn2quote.html "Quoting style in newsgroup postings" http://www.anta.net/misc/nnq/nquote.shtml "Bottom vs. top posting and quotation style on Usenet" http://www.cs.tut.fi/~jkorpela/usenet/brox.html "The advantages of Usenet's quoting conventions" http://www.mccaughan.org.uk/g/remarks/uquote.html >> I am not saying that you should use only one server: I am saying that >> using two is bad, and that you should use four. [snip] > Reading: http://www.ntp.org/ntpfaq/NTP-s-algo-real.htm#Q-NTP-ALGO > > Two time sources cannot be split into two parties where one has a majority. > What does this majority means? A majority is a subset of a set consisting of more than half of the set's elements. In the case of a set consisting of two members each of the two possible subsets consists of one member; exactly half the set. Neither of these subsets are a majority. Majority subsets may be extracted from sets consisting of three, or more, members. The thread starting at http://lists.ntp.org/pipermail/questions/2011-January/028289.html contains some good discussion which may be pertinent to understanding how NTP finds this majority. -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] using IFF, GQ, MV keys for authentication at the same time
On 2014-01-22, ardi wrote: > Is it possible to generate and use all types of authentication keys > (IFF,GQ,MV) at the same time on ntp server and client ? Will usage of > all these keys give more secure protection than usage of only one type > of them? tl,dr: no. Autokey is an NTP authentication system which allows an ntpd to verify the identify of the ntpd answering its polls. To put it another way, Autokey authenticates the server to the client. >From http://www.eecis.udel.edu/~mills/autokey.html "The Autokey security model is based on multiple overlapping security compartments or groups. Each group is assigned a group key by a trusted authority and is then deployed to all group members by secure means. Autokey uses conventional IPSEC certificate trails to provide secure host authentication, but this does not provide protection against masquerade, unless the host identity is verified by other means. Autokey includes a suite of identity verification schemes based in part on zero-knowledge proofs. There are five schemes now implemented to prove identity: (1) private certificates (PC), (2) trusted certificates (TC), (3) a modified Schnorr algorithm (IFF aka Identify Friendly or Foe), (4) a modified Guillou-Quisquater algorithm (GQ), and (5) a modified Mu-Varadharajan algorithm (MV). These are described on the Identity Schemes page." >From http://www.eecis.udel.edu/~mills/ident.html "Each of the five schemes is intended for specific use." "The PC scheme is intended for one-way broadcast configurations where clients cannot run a duplex protocol." "The IFF scheme is intended for servers operated by national laboratories." "The GQ scheme is intended for exceptionally hostile scenarios where it is necessary to change the client key at relatively frequent intervals." "The MV scheme is intended for the most challenging scenarios where it is neccesary to protect against both server and client masquerade." More at the above URLs and: http://www.eecis.udel.edu/~mills/database/reports/stime/stime.pdf -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] better rate limiting against amplification attacks?
On 2014-01-16, Miroslav Lichvar wrote: > IIRC the pool command in 4.2.6 uses quite a lot of servers, which > probably is not an acceptable use of pool.ntp.org. I think it was > improved later in 4.2.7. The page about recommended configuration > doesn't mention it yet. > > http://www.pool.ntp.org/en/use.html > > Vendors should be careful with the pool command. I use the ntp-dev pool command here and see 8 remote time servers in my peers billboard. If this is considered to be too many then we should fix ntpd rather than depreccating a useful configration option. -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] better rate limiting against amplification attacks?
On 2014-01-16, David Lord wrote: > Steve Kostecke wrote: > > [---=| Quote block shrinked by t-prot: 25 lines snipped |=---] >> [snip: sample defaults] > I have "restrict -4 limited kod nomodify notrap nopeer noquery" > > I've not checked most recent docs but thought "limited" was > needed for "kod". > > There were also some posts indicating that "kod" could be > counter productive leading to self inflicted DOS. This is case of not being able to see the forest for the trees. The key issue here is having useful defaults which deliver the majority use case. i.e.: 1. A path/name to store the drift.file 2. A time source (e.g. 'pool pool.ntp.org') 3. Default permissions allowing only rate limited time service 4. Localhost permissions allowing debugging -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] better rate limiting against amplification attacks?
On 2014-01-16, Greg Troxel wrote: > Harlan Stenn writes: > >> William Unruh writes: >>> I do not mean the default in the config file, I mean the default if >>> there is no config file or if nothing is set in the config file. >> >> Then ntpd won't connect to anything and there will be no data to report. > > This is a ridiculous strawman. The ntp project is abdicating its > responsibility to provide sane default behavior by claiming that no > default behavior can make everyone happy and therefore it's not their > fault. The notion that OS packagers somehow have a better idea of usage > is also specious. > > Really, ntpd should, when run with a config file of only > > server 0.pool.ntp.org > server 1.pool.ntp.org > server 2.pool.ntp.org > > behave relatively sanely, including declining to respond to packets that > could be amplification attacks, The majority use case for ntpd is to synchronize your clock to UTC (i.e. a leaf-node client). So an ntpd ought to have the following defaults: driftfile /path/to/ntp.drift pool pool.ntp.org iburst restrict -4 default kod notrap nomodify nopeer noquery restrict -6 default kod notrap nomodify nopeer noquery restrict 127.0.0.1 restrict ::1 This would enable the majority use case without the need for a configuration file. > while being usable as a s2/s3 to other nearby nodes. Operation as a LAN time server is probably a secondary use case. But the defaults listed above would also enable that usage. > This notion of good behavior under minimal config seems > really obvious to me, yet there is a huge resistance to it, with the > notion that every end user should invest the time to be an expert. This. -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] better rate limiting against amplification attacks?
On 2014-01-15, Rob wrote: > Steve Kostecke wrote: > >> The same could be said about the NTP Reference Implementation >> Developers; they're busy, too. > > The difference is that while there is only one developers team, there > are many distributors that each have to do the same job. So overall > it is more efficient to distribute an example config. And it improves > quality as well. Unfortunately you trimmed off the part where I invited interested parties to help out. -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] better rate limiting against amplification attacks?
On 2014-01-15, Rob wrote: > William Unruh wrote: >> >> I do not mean the default in the config file, I mean the default if >> there is no config file or if nothing is set in the config file. > > That only becomes meaningful when ntpd starts to actually work without > config file. Of course that would be possible, but I don't think it > is reality today. Or is it, in the latest versions? Both the current Production (i.e. stable) and the Development versions of ntpd require a configuration file. Some may view this as a bug. Others may view this as a feature. >> I agree that distros could well put in something to undo that and that >> they often do really stupid things (mainly because they do not >> understand things). > > This problem would probably not exist when a good default config file > was shipped by the maintainers. Distro people don't have time on their > hands ... The same could be said about the NTP Reference Implementation Developers; they're busy, too. Anyone interested in reviewing the ./conf directory in the distribution and contributing appropriate sample configuration files for various ntpd use cases (e.g. server, leaf-node pool client, etc.) is encouraged to do so. -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] better rate limiting against amplification attacks?
On 2014-01-15, Harlan Stenn wrote: > Rob writes: > >> The default config shipped with ntpd, usually mostly provided by the >> distributor, is often terrible. (remember the LOCAL clock?) > > Yes, because there is no default configuration in the distribution. > > That is left to the "vendor" to provide, as they know more about their > client base than "we" do. Some vendors do a better job than others at > providing their ntp.conf file. The latter would not be an issue if suitable sample configuration files were provided so that the vendors/aggregators/distributors had a sane starting point for the customization efforts. -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] better rate limiting against amplification attacks?
On 2014-01-15, Rob wrote: > William Unruh wrote: > >> On 2014-01-15, Steve Kostecke wrote: >> >>> On 2014-01-15, David Woolley wrote: >>> >>>> CERT have just issued an alert about the monlist attack: >>>><https://www.us-cert.gov/ncas/alerts/TA14-013A> (TA14-013A: NTP >>>>Amplification Attacks Using CVE-2013-5211). The advice is upgrade or >>>>use restrict. >>> >>> Upgrade _or_ use noquery _or_ disable monitor >>> >>> Information at http://support.ntp.org/security >> >> Why does nptd not disable external monitoring or command by default. >> That way if someone wants to allow it, they have to actively do so, >> presumably knowing what they are doing. > > The default config shipped with ntpd, usually mostly provided by the > distributor, is often terrible. (remember the LOCAL clock?) The root problem is the fact that certain functionality is globally enabled by default in the daemon. Prudence dictates that features which may be deemed as unsuitable for uncontrolled, or global, use ought to be disabled by default. -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] better rate limiting against amplification attacks?
On 2014-01-15, David Woolley wrote: > On 27/12/13 10:24, Rob wrote: > >> There are more and more amplification attacks against ntp servers, >> similar to those against open DNS resolvers. A small packet sent with >> a spoofed source address (allowed by a lame ISP) results in a large >> reply from ntpd, sent to the victim of the attack. > > CERT have just issued an alert about the monlist attack: ><https://www.us-cert.gov/ncas/alerts/TA14-013A> (TA14-013A: NTP >Amplification Attacks Using CVE-2013-5211). The advice is upgrade or >use restrict. Upgrade _or_ use noquery _or_ disable monitor Information at http://support.ntp.org/security -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] better rate limiting against DDoS amplification attacks?
On 2014-01-10, Brian Inglis wrote: > On 2014-01-08 21:24, Harlan Stenn wrote: > > [---=| Quote block shrinked by t-prot: 22 lines snipped |=---] > >> I'm not seeing any new information here. [snip] > Could you perhaps have someone state the simple solution for earlier > versions on the NTP support site where it can be easily found, and > link to it here? Future discussions could then be truncated by > providing that link. I've attempted to intiate some discussion about this in another forum and am still waiting for replies. -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] enable pps not working from ntp.conf
On 2014-01-09, Dennis Golden wrote: > I give up. I see some of you able to post nicely formatted information. Using a fixed width font makes a big difference. > What news reader are you using. I'm using pan2. Take a look at the article headers to see what a particular author is using. I use slrn, a text mode news-reader: http://www.slrn.org In this thread I found: User-Agent: Pan/0.139 (Sexual Chocolate; GIT bf56508 git://git.gnome.org/pan2) User-Agent: slrn/0.9.9p1 (Linux) X-Mailer: MH-E 7.4.2; nmh 1.5; XEmacs 21.4 (patch 22) -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] PPS signal from Garmin GPS 18x LVC
On 2014-01-03, David Taylor wrote: > On 03/01/2014 10:36, Ralph Aichinger wrote: >> Steve Kostecke wrote: >>> In my experience the NMEA driver displays the '*' talley-code even when >>> PPS is in use. >> >> Mine does not: >> >> remote refid st t when poll reach delay offset jitter >> = >> oGPS_NMEA(0) .NMEA. 0 l 13 16 377 0.000 0.000 0.002 >> +bevtime1.me .ATOM. 1 u- 64 337 18.300 1.845 0.649 >> *ts2.univie. .PPS.1 u 48 64 377 12.073 1.952 0.577 >> +ntp.liwest. 131.188. 2 u 26 64 377 8.482 0.554 1.875 >> >> (ntpd 4.2.6p5) > > Yes, it seems to have been an error in some recent development versions, > but fixed in 4.2.7p408 > >http://bugs.ntp.org/show_bug.cgi?id=2529 For many years I ran a Soekris NET-4801 with a Garmin GPS-18LVC (all of that hardware is currently in storage). It ran FreeBSD 5.3 and an older version of NTP. It _never_ displayed a 'o' for PPS. The only way that you could tell if PPS was being used was to watch the offset/jitter. So this is not just an issue with recent development versions. -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] PPS signal from Garmin GPS 18x LVC
On 2013-12-29, Adrian P wrote: > On 30 December 2013 00:13, Steve Kostecke wrote: > >> In my experience the NMEA driver displays the '*' talley-code even >> when PPS is in use. > > Are you sure of that? The was the case with the rather old version I ran on my soekris NET-4801. It's possible that this issue was fixed in the interim. > I am looking to David Taylor's output and I see the "o" tally code, > ... Hmm. I see that now. -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] PPS signal from Garmin GPS 18x LVC
On 2013-12-29, Adrian P wrote: > So "o" means PPS is used... In my case, I only have "*" in front of > the driver IP... In my experience the NMEA driver displays the '*' talley-code even when PPS is in use. > So I suppose NTP is not using the PPS signal... hmm, > wondering why. This is my output: > > server 127.127.20.0 mode 1 minpoll 4 maxpoll 4 prefer > fudge 127.127.20.0 flag1 1 flag2 0 flag3 1 refid PPS Setting the RefID to PPS is purely cosmetic and propagates a falsehood when the NMEA driver is not using PPS. > root@debian:~# ntpq ... -pn [snip] > remote refid st t when poll reach delay offset jitter >= > *127.127.20.0 .PPS. 0 l 15 16 377 0.000 14.437 23.063 > root@debian:~# The offset and jitter shown above suggest to me that the NMEA driver is not using the PPS signal. -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] better rate limiting against amplification attacks?
On 2013-12-28, Terje Mathisen wrote: > Harlan Stenn wrote: > >> The other ones I'd really like help with. I definitely want to see >> the network-related bugs fixed and 2367. I'd like to see some study >> done on 2016. I'm game to let the other ones slide. > > I've just gone through 2367 and I have to join Brian's side: > > I.e. if somebody adds NOSERVE to a client it would be perfectly fine > to let that override PEER or anything else: NOSERVE should only > be used on a pure end-node client, with no sideways or downstream > communication. This is a case of not being able to see the forest for the trees. -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] better rate limiting against amplification attacks?
On 2013-12-28, Greg Troxel wrote:
> Steve Kostecke writes:
>
>> On 2013-12-27, detha wrote:
>>
>>> A first step would be to have a default configuration where any
>>> functionality that can be used for reflection attacks with more than a say
>>> 2:1 ratio needs to be explicitly enabled, with warnings about this in the
>>> sample config file(s).
>>
>> The NTP Reference Implementation has no default use case. So there is no
>> "baked-in" sensible default configuration. Some view this as a feature.
>
> I think that's a bug. There are in my view two default cases:
There can only be one, unless ntpd can be started with a command line
switch to chose the case.
> setting up the local machine to synchronize from organization/local s3
> or so servers.
>
> setting up a few machines to be the above s3ish servers
The default use case (i.e. the baked-in configuration) ought to support
the lowest common denominator: a pool client. Something like this would
suffice:
restrict default ignore
restrict localhost
pool pool.ntp.org
restrict source
These configuration directives should be selectively overridden by
ntp.conf.
In the case of an ntpd operating as an NTP client polling one or more
arbitrary time servers (as in your second case) it should be sufficient
to merely specify a server line, or lines, which would override the
baked-in pool directive.
In the case of an ntpd operating as an NTP server (as in your first
case) there could be a command line switch and/or ntp.conf directives to
clearly define authorized clients. e.g.
switch:
-client localnet
-client aaa.bbb.ccc.ddd/mm
-server or -client {all|global|*} to globally enable time service
conf file:
client localnet
client aaa.bbb.ccc.ddd/mm
client hostname.or.ip.address
> In both cases, there is no need to allow monlist-or-equivalent from
> other than localhost, and no real harm in answering time queries.
There are some who object to allowing there ntpd to respond to external
time polls. We see this periodically in the news-group and on irc.
If we start from the position that ntpd is by default only a client then
configuration becomes a simple matter of enabling desired functionality.
> The other significant use case is running a s1, but a) those people are
> expected to be more clueful and b) the above rules don't hurt that case
> either.
s/s1/public time server/
This usage ought to require some configuration but could still
benefit from sensible defaults.
--
Steve Kostecke
NTP Public Services Project - http://support.ntp.org/
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] better rate limiting against amplification attacks?
On 2013-12-27, detha wrote: > A first step would be to have a default configuration where any > functionality that can be used for reflection attacks with more than a say > 2:1 ratio needs to be explicitly enabled, with warnings about this in the > sample config file(s). The NTP Reference Implementation has no default use case. So there is no "baked-in" sensible default configuration. Some view this as a feature. -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Public ntp-server and reflection-attacks
On 2013-12-23, Jure Sah wrote: > On 23. 12. 2013 15:13, Rob wrote: > > For noquery I understand, but for "nopeer"? The manual page states: > >> Deny packets that might mobilize an association unless authenticated. >> This includes broadcast, symmetric-active and manycast server >> packets when a configured association does not exist. Note that this >> flag does not apply to packets that do not attempt to mobilize an >> association. > > Doesn't this always happen when a new ntp server somewhere on the > internet chooses to use your NTP server as a peer? The word "peer" has multiple meanings in NTP. We colloquially refer to a remote ntpd which is used as a time source as a "peer". Witness the 'ntpq -p' peer billboard. The "peer" configuration directive can be used in ntp.conf to establish a bidirectional association between two ntpds (i.e. an assocation where both nodes poll the other node for the time). 'nopeer' blocks these associations. By way of comparision ... The "server" configuration directive is used to establish a unidirectional association between two ntpds (i.e. only one node polls the other node). These associations are not blocked by 'nopeer'. -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Bounce attack via pool server
On 2013-12-23, Jure Sah wrote: > I am an administrator of a public NTP server joined to "pool.ntp.org". > Our server has recently been an unwilling party to a NTP UDP based > bounce attack and have received the report attached below. [snip] > I am using ntpd version 4.2.6p3. I have searched trough the > www.pool.ntp.org website on the subject and could not find any general > recommendation for a secure setup, however I might not have been > looking in the right places. If you must continue to use NTP <= 4.2.7 add 'noquery' to your default restrictions. The current NTP development release includes some anti spoofing technology and does not require the use of 'noquery'. BTW: NTP Community Supported Documentation is located at http://support.ntp.org/support -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Silly question.
On 2013-12-16, DaveB wrote: > I'm currently stuck, trying to get the system sources, so I can enable > PPS support in the kernel. The old "sysinstall" seems broken, in as > much as it cant seem to download anything from anywhere. http://forums.freebsd.org/viewtopic.php?t=29172 discusses installing FreeBSD 9 source. -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] NTP to multiple networks via one interface.
On 2013-12-16, unruh wrote: > On 2013-12-16, David Taylor wrote: > >> On 16/12/2013 00:52, unruh wrote: >> >>> Please stop using google news. [snip: rationale] >> Scott's posts are perfectly readable here, although the quoted >> material is double-spaced as you say. Perhaps Scott doesn't have >> access to a > > No, it is not double spaced, it is triple spaced. (Ie, three blank > lines between each line of quote-- perhaps because the original was > double spaced). > > I use slrn as my news reader. The raw (i.e. original) version of the message in question (0416fa11-d631-42c3-82e1-8ddfb016d...@googlegroups.com) may be viewed at https://groups.google.com/forum/#!original/comp.protocols.time.ntp/iJcX9XlnuTQ/40OP-fgpAQIJ It clearly shows three blank lines between each single line paragraph/sentence. -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Silly question.
On 2013-12-16, David Lord wrote: > I have /etc/profile used to set profile for newly created users > and have changed PATH so /usr/local/(s)bin is found before > /usr/pkg/(s)bin before /(s)bin. I also updated .profile and > .bash_profile for existing users. > > Note this is a security risk if users can drop programs in > /usr/local/(s)bin Those directories should not be writable by non-priviledged users. e.g. freebsd:/usr/local$ ls -al | grep bin drwxr-xr-x4 root wheel 23552 Nov 7 03:04 bin drwxr-xr-x3 root wheel 2560 Apr 12 2013 sbin If you don't wish to add those directories to your search path then use a shell alias so that 'ntpq' is /usr/local/bin/ntpq. Set it in the same places where you updated the PATH. -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Silly question.
On 2013-12-16, DaveB wrote: > I've added override variables in /etc/rc.conf to point to both ntpd and > ntpdate that are located in /usr/local/bin. > > I also see there is a companion ntpq in there too, but in > /etc/default/rc.conf There is no "default" path set to that program. > > For now, I've a commented out line in /etc/rc.conf > # ntpq_program="/usr/local/bin/ntpq" > > Commented out as I don't know if that will work. (I'm still re- > educating myself with the neuances of BSD, it's been a while.) Your shell searches for executables in the directories specified by your PATH. /usr/local/bin needs to appear in your PATH before /usr/bin if you want the "ports" versions of commands to override the "system" commands. Or set up a shell alias. http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/shells.html -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] NTP not syncing
On 2013-11-25, Antonio Marcheselli wrote: >> 'restrict 192.168.1.10' sets a null restriction set for that address. >> IOW it removes all restrictions. > > I had a look at the 'restrict' parameters; the line I have is > > restrict 130.1.1.1 mask 255.255.255.0 nomodify > > which I understand prevents 130.1.1.1 from modifying the NTP > configuration, is that correct? 'nomodify' blocks the use of ntpq / ntpdc remote configuration commands. 'nomodify' does not prevent someone sending the time to your ntpd. 'restrict 130.1.1.1 nomodify' replaces the default restriction with 'nomodify' for 130.1.1.1 FWIW ... NTP remote configuration is not possible unless one of the following conditions are met: 1. ntpd is started with the command-line option which disabled authentication or 2. ntp.conf contains the configuration directive to disable authenticate or 3. the non-trivial symmetric key configuration is correctly completed _and_ the remote user possesses the correct authentication credentials -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] NTP not syncing
On 2013-11-23, Antonio Marcheselli wrote: > Another quick question: does the "restrict" parameter prevent any other > server from using the server's NTP as a source? > > If I use "restrict 192.168.1.10" does that mean that only 192.168.1.10 > can use that NTP as a source? 'restrict 192.168.1.10' sets a null restriction set for that address. IOW it removes all restrictions. 'restrict some.address ignore' tells ntpd to ignore all packets from that address. 'restrict some.address noquery' tells ntpd to ignore ntpq/ntpc queries from that address. 'restrict some.address noserve' tells ntpd to ignore time polls from that address. 'restrict some.address notrust' tells ntpd to ignore all unauthenticated packets from that address. Restriction lines for specific hosts / subnets make sense when they're used with a default restriction. 'restrict default ...' applies to all addresses/netblocks which don't have an explicit restrict line. -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Public ntp-server and reflection-attacks
On 2013-11-21, Michael Sinatra wrote: > There are several ways, but having a basic 'restrict' statement in > your config like this will help mitigate [reflection attacks]: > > restrict default noquery nomodify notrap nopeer > restrict -6 default noquery nomodify notrap nopeer > > I believe the key command is 'noquery' which means that the server > can't be queried for information (it does NOT affect the server's > ability to respond to time requests). The access control directives mentioned above are documented at http://doc.ntp.org/4.2.6p5/accopt.html (stable release) and at http://www.eecis.udel.edu/~mills/ntp/html/accopt.html (development release). [snip] > (I am also interested in how others are locking down public NTP > servers.) You want to take a look at the Support.AccessRestrictions topic in our community supported documentation. It is at http://support.ntp.org/Support/AccessRestrictions -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
[ntp:questions] False sender addresses
On 2013-11-21, Greg Troxel wrote: > From: E-Mail Sent to this address will be added to the BlackLists > > > I might have sent this by private mail, but the sender is both stating > they will ignore replies and being anonymous. > > Two comments: > > 1) I think it's impolite to threaten people with blacklisting by > replying to a message in the conventional way. it's not reasonable to > push work onto strangers, even if one is being helpful rather than > asking for help. One approach to handling these messages is to just ignore them. > 2) Most mailng lists require mail to come from a subscriber for spam > filtering. So this sort of stance seems irregular. Were I running the > mailinglist, I wouldn't approve mail with a non-functional sender > address. This individual is not a mailing-list subscriber. He is posting to the comp.protocols.time.ntp Usenet newsgroup via the Eternal September news provider. You're seeing his articles on the mailing list via our gateway. A sample article from this poster may be viewed at https://groups.google.com/forum/#!original/comp.protocols.time.ntp/mBdwuMjcxFw/jEGu7KKml84J All of this poster's articles contains tracking information headers which may be used to file a complaint with his news provider. e.g. (from the article linked above) Injection-Date: Wed, 20 Nov 2013 06:00:44 + (UTC) Injection-Info: mx05.eternal-september.org; posting-host="97d561cb9e1eed1630fcfd3dd65418a6"; logging-data="7864"; mail-complaints-to="ab...@eternal-september.org"; posting-account="U2FsdGVkX1/DgdtzFyqjVgYuudyBjPMPKQgj+ns4L68=" Anyone who wishes to contact this poster might find the information at http://www.anitech-systems.com/ or the output of 'whois anitech-systems' to be helpful. -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Unexpected executable locations from "sudo make install" on RPi Linux
On 2013-11-15, David Taylor wrote: > I have compiled and installed NTP on a number of Raspberry Pi Linux > systems, variants of Debian Wheezy, but on one I see that when I run: > >$ sudo make install > > I get the executables files in two different directories: Here's where Debian installs the various NTP executables: me@home:~$ dpkg -L ntp-dev | grep bin /usr/bin /usr/bin/ntpq /usr/bin/ntpdc /usr/bin/ntptrace /usr/bin/ntpsweep /usr/bin/sntp /usr/sbin /usr/sbin/ntp-keygen /usr/sbin/ntp-wait /usr/sbin/tickadj /usr/sbin/ntpd /usr/sbin/ntptime >ntpdc ntpq & ntptrace => /usr/local/sbin You probably meant /usr/local/bin >ntpd ntpdate ntp-keygen ntptime & ntp-wait => /usr/local/sbin That looks right. > I was expecting all the executables to be in /usr/local/bin/. Why might > this be? Linux is not well known to me. First of all you have to know the difference between /usr and /usr/local as defined in the (Linux) FHS: /usr -- Secondary hierarchy for read-only user data; contains the majority of (multi-)user utilities and applications. /usr/local -- Tertiary hierarchy for local data, specific to this host. Typically has further subdirectories, e.g., bin/, lib/, share/. By convention used for data/software which is not a part of the OS. Then you have to know the differnce between ./bin and ./sbin /usr/bin -- Non-essential command binaries (not needed in single user mode); for all users. /usr/sbin -- Non-essential system binaries, e.g., daemons for various network-services. These binaries are primarily intended for use by root or other privileged users. /usr/local/bin and /usr/local/sbin are the local equivalent of /usr and /usr/sbin. They're typically used for software which is installed outside of the OS package management system. You may find the articles at http://www.osnews.com/story/25556/Understanding_the_bin_sbin_usr_bin_usr_sbin_Split and https://news.ycombinator.com/item?id=3519952 illuminating. All of the is, BTW, trivial to dig up with your favorite search engine ... -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Strange refid
On 2013-11-11, A C wrote: > Anyone care to explain what this refid means? This is from the > billboard on one of my machines. This came from the round-robin DNS > pool but I couldn't tell you which round-robin provided it other than > one of the North America or US pools. > > 204.109.63.243 .M-F.\.. 16 u 86 512 376 58.947 -201.11 138.426 The NTP Pool information page for this server is: http://www.pool.ntp.org/scores/204.109.63.243 -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] questions] WinNT Port Performance Counter Stability and Drift
On 2013-11-09, David J Taylor wrote: >Charles Elliott wrote: > >> The result of reading the timestamp counter can vary wildly due to >> EIST (speed step technology), turbo modes, and owner overclocking, in >> addition to differences in CPUs, as noted. There is quite a bit about >> this on the Internet. As I recall, most writers recommend not using >> it, but if one must, using it only for short interval timing and >> after repeatedly measuring the frequency of the counter. The latter >> can take quite a bit of time, as it should be done several times, and >> for different interval lengths, and taking the average or median of >> the results. [snip] > Charles, and mail list admins - just to let you know that your message did > not appear to reach the newsgroup: > > comp.protocols.time.ntp > > at least on my feed from Eternal-September. An article from Charles made it to the Google Groups mirror of c.p.t.n: https://groups.google.com/forum/#!original/comp.protocols.time.ntp/VLNotnd_nms/vBCbcxQkp3MJ Looks like a problem with your free news server. -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] NTP not syncing
On 2013-11-08, Antonio Marcheselli wrote: > Question related to this topic. I am told that I can enable the HPET on > the motherboard and I can tell linux to use it. > > The file I am trying to amend is > /sys/devices/system/clocksource/clocksource0/available_clocksource > > I have a I/O error when I try to save. The folder and the file have RW > permissions, any idea on why I can't amend it? Sysfs (/sys/*) is a virtual file system provided by Linux. Sysfs exports information about devices and drivers from the kernel device model to user space, and is also used for configuration. It is similar to the sysctl mechanism found in BSD systems, but implemented as a file system instead of a separate mechanism. Sysfs documentation is available at https://www.kernel.org/doc/Documentation/filesystems/sysfs.txt /sys/devices/system/clocksource/clocksource0/available_clocksource is the Sysfs interface for listing the available clock sources. /sys/devices/system/clocksource/clocksource0/current_clocksource is the Sysfs interface for listing _or_ setting the current clock source. e.g. # cd /sys/devices/system/clocksource/clocksource0/ # ls -l total 0 -r--r--r-- 1 root root 4096 Jul 18 07:48 available_clocksource -rw-r--r-- 1 root root 4096 Nov 9 14:28 current_clocksource # cat available_clocksource tsc hpet acpi_pm # cat current_clocksource tsc # echo hpet > current_clocksource # cat current_clocksource hpet -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] NTP not syncing
On 2013-11-04, Antonio Marcheselli wrote: > That is being considered. The server runs a maintenance procedure every > 24hours when all the services are stopped momentarily. It could be the > right time for an ntpdate to run. ntpd continuously disciplines the system clock (i.e. attempts to steer it towards the aparent correct time). ntpdate (or sntp) merely adjusts the system clock once each time the utility is run. The system clock will then drift until the next correction. When faced with a system clock which is drifting monotonically at > 400 to 500PPM the best course of action is to bite the bullet and determine a sane tick value. In virtually all cases this will allow ntpd to control your clock. -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] NTP not syncing
On 2013-11-03, Antonio Marcheselli wrote: > On 03/11/2013 05:55, David Taylor wrote: >> On 02/11/2013 20:41, unruh wrote: >>> On 2013-11-02, antonio.marchese...@gmail.com >>> wrote: >> [] >>>> How can I verify if the stepping has been disabled or not? >>>> ntp.drift at the moment is -500.000 >>> >>> Which is way out of spec and cannot be corrected by ntpd. >> >> Yes, it can be corrected. There are ways of offsetting NTP to allow for >> clocks which are more than 500 ppm off nominal. Likely it's >> OS-dependant, but for Windows I documented the method here: >> >>http://www.satsignal.eu/ntp/setup.html#broken-clock There is information about fixing this issue in the NTP Community Supported Documentation at https://support.ntp.org/bin/view/Support/KnownHardwareIssues#Section_9.1.6. -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] NTP clients
On 2013-10-30, David Lord wrote: > Steve Kostecke wrote: > >> ntpq prior to 4.2.7p22 does not support "mrulist" ... > > so 4.2.7p377 I've used since August is broken? > > or do I need to add some options to enable that command? I'm not aware of anything you need to enable. In my experience "mrulist" only works when your ntpq and ntpq are both at least v4.2.7p22. Article slrnl70dnm.gep.koste...@stasis.kostecke.net showed that a 4.2.6p5 ntpq can not make an mrulist request from a 4.2.7p293 ntpd. Here are the results of querying ntpd with its matching ntpq. Testing the current stable release. mrulist does not work: # apt-get install ntp [snip] # ntpq -v 2>&1 | grep Ver ntpq - standard NTP query program - Ver. 4.2.6p5 # ntpq -v 2>&1 | grep Ver ntpq - standard NTP query program - Ver. 4.2.6p5 # ntpq -n -cmrulist ***Command `mrulist' unknown Testing the current ntp-dev snapshot. mrulist works: # apt-get install ntp-dev [snip] # ntpd -v 2>&1 | grep Ver ntpd - NTP daemon program - Ver. 4.2.7p391 # ntpq -v 2>&1 | grep Ver ntpq - standard NTP query program - Ver. 4.2.7p391 # ntpq -n -cmrulist Ctrl-C will stop MRU retrieval and display partial results. Retrieved 2 unique MRU entries and 0 updates. lstint avgint rstr r m v count rport remote address == 27 20 . 4 4 7 123 64.62.190.177 27 20 . 4 4 7 123 169.229.70.183 # -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] NTP clients
On 2013-10-29, David Lord wrote:
> My systems are running netbsd-6 i386. Stock ntpd is ntp-4.2.6p5,
> pkgsrc version of ntpd is 4.2.4.
>
> My pc with gps/pps has ntp-4.2.7p377 and from that I get
> "***Command 'mrulist' unknown"
"mrulist" was added in 4.2.7p22; see http://archive.ntp.org/ntp4/ChangeLog-dev
or search the ntp-dev source code repository at bk.ntp.org
ntpq prior to 4.2.7p22 does not support "mrulist" ...
Here's ntpq from the current stable release:
me@home:/tmp$ ./ntpq -n -cmrulist
***Command `mrulist' unknown
me@home:/tmp$ ./ntpq -v
./ntpq: illegal option -- v
ntpq - standard NTP query program - Ver. 4.2.6p5
USAGE: ntpq [ - [] | --[{=| }] ]... [ host ...]
Here's ntpq from the current ntp-dev snapshot:
me@home:/tmp$ which ntpq
/usr/bin/ntpq
me@home:/tmp$ ntpq -n -cmrulist
Ctrl-C will stop MRU retrieval and display partial results.
Retrieved 9 unique MRU entries and 0 updates.
lstint avgint rstr r m v count rport remote address
==
142 10430 . 4 4 1095 123 69.64.58.101
158 10070 . 4 4 1134 123 38.229.71.1
745 10330 . 4 4 1105 123 199.102.46.73
840 10390 . 4 4 1098 123 66.225.61.66
873 10400 . 4 4 1097 123 192.155.88.169
887 10030 . 4 4 1138 123 166.70.136.35
947 10050 . 4 4 1136 123 108.61.73.243
964 10180 . 4 4 1121 123 67.212.118.60
1023 10260 . 4 4 1112 123 74.120.8.2
You have new mail in /var/mail/me
me@home:/tmp$ ntpq -v
/usr/bin/ntpq: illegal option -- v
ntpq - standard NTP query program - Ver. 4.2.7p393
Usage: ntpq [ - [] | --[{=| }] ]... [ host ...]
Try 'ntpq --help' for more information.
exit 1
me@home:/tmp$
--
Steve Kostecke
NTP Public Services Project - http://support.ntp.org/
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] NTP clients
On 2013-10-26, Harlan Stenn wrote: > Please see http://www.eecis.udel.edu/~mills/ntp/html/miscopt.html#enable > for the "monitor" directive, and perhaps also > > http://www.eecis.udel.edu/~mills/ntp/html/miscopt.html#mru The documenation at http://www.eecis.udel.edu/~mills/ntp/html/ is updated for the current development release series and may include documentation about features not present in older production releases. A snapshot of the Miscellaneous Options documentation as shipped with the current stable release is archived at http://doc.ntp.org/4.2.6p5/miscopt.html -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] change ntp source port
On 2013-10-21, Riccardo Castellani wrote: > My Linux NTP client queries 'time' by source port '123', can I change this > number into unprivileged one ? Which Linux OS are you using? And why do you need to be able to use an unprivileged source port? If your "NTP client" is ntpdate you may be able to add a command-line option to the appropriate init script. See the ntpdate man page for the option to use in unprivileged port. As an aside, ntpdate merely sets your clock at boot time. Then your clock will drift unless there is a cron job, or some other method, to run ntpdate periodically. If you want your clock to be continuously disciplined (i.e. adjusted towards the correct time) then you need to run ntpd. -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Raspberry Pi stratum-1 NTP server without soldering....
On 2013-10-21, David Taylor wrote: >http://www.satsignal.eu/ntp/Raspberry-Pi-NTP.html#no-soldering This information ought to be added to the NTP Community Supported Documentation at http://support.ntp.org/support -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntp.conf on FreeBSD
On 2013-10-12, unruh wrote: > That is good to hear, but does not solve the problem that ntp.conf is > there for the admin to make changes to in order to solve problems > peculiar to his system. I may not want the freebsd pool servers-- > because they are bad or because they are too far away. I may want to set > up 5 (not 2) additional servers, some of which are refclock servers. To > have to edit an init.d file, whose purpose is to start ntpd, not to > configure it, is just supid. Somebody on the freebsd distro has no idea > what he is doing. This is an issue with FreeNAS, not with FreeBSD. FreeNAS is an appliance, not a general purpose OS. These sorts of appliances often utilize a GUI to handle configuration tasks and store the resulting data in a custom data store. Configuration files, such as /etc/ntp.conf, are generated at the appropriate times from this data store. A real world example of the risks of relying on a GUI. -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntp.conf on FreeBSD
On 2013-10-12, unruh wrote: > So you are saying that their ntp.conf is not quite as stupid as some. > That is good to hear, but does not solve the problem that ntp.conf is > there for the admin to make changes to in order to solve problems > peculiar to his system. I may not want the freebsd pool servers-- > because they are bad or because they are too far away. I may want to set > up 5 (not 2) additional servers, some of which are refclock servers. To > have to edit an init.d file, whose purpose is to start ntpd, not to > configure it, is just supid. Somebody on the freebsd distro has no idea > what he is doing. This is not a FreeBSD issue. FreeNAS provide a GUI for handling the appliance configuration. The underlying configuration files are automatically (re-)generated after an edit and at boot time. -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntp.conf on FreeBSD
On 2013-10-12, Charles Elliott wrote: >I built a NAS using FreeNAS, which is in turn based on FreeBSD, which >has ntpd installed. I need to find ntp.conf so I can configure it for >broadcast mode and maybe the GPS, but I cannot find it. It is not in >/etc. http://doc.freenas.org/index.php/NTP_Servers discusses NTP configuration for FreeNAS. >Does anyone know where I should expect to find ntp.conf on FreeBSD? According to an article in the discussion thread at http://forums.freenas.org/threads/how-do-i-modify-an-etc-conf.10723/ "If you want to add additional settings to /etc/ntp.conf, you'll need to hack /etc/rc.d/ix-ntpd (applying the changes to /conf/base/etc/rc.d/ix-ntpd to make them permanent) as it is ix-ntpd that writes out /etc/ntp.conf from scratch each the ntpd service is started... You can also create the additional file from within ix-ntpd. I'm really not sure why there is an ntp.conf at all in /conf/base/etc, as it's ignored." -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] which servers should be peers?
On 2013-09-19, Maria Iano wrote: > Thank you all for your responses, this has been very helpful. I have > an additional question now, which is once I have this all set up with > the S1 and S2 servers, should I then point the clients to only the S2 > servers? Currently they point to our four S1s. The S3 systems (your "clients") should poll only your S2 servers. Each S2 server should poll your S1 appliances. Consider polling other carefully chosen remote time servers if allowed by your corporate policy. Peer groups and Orphan Mode groups should consist of servers which nominally operate at the same stratum (i.e. all your S2s or all your S1s). These groups should not cross strata. -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] which servers should be peers?
On 2013-09-18, David Taylor wrote: > On 18/09/2013 15:24, Steve Kostecke wrote: >> On 2013-09-18, David Taylor wrote: >> >>> On 18/09/2013 14:27, Steve Kostecke wrote: >>> >>>> On 2013-09-18, Charles Elliott wrote: >>> >>> [] >>> >>> Charles's post hasn't (yet) appeared on USENET. Perhaps the gateway is >>> broken, or very, very slow? >> >> https://groups.google.com/forum/#!original/comp.protocols.time.ntp/QP7TR3Kc1aM/Ar19zqDf09MJ > > Thanks. I wonder whether the gateway is the problem, or if it's > something else? Read the message headers rather than casting aspersions. -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] which servers should be peers?
On 2013-09-18, David Taylor wrote: > On 18/09/2013 14:27, Steve Kostecke wrote: > >> On 2013-09-18, Charles Elliott wrote: > > [] > > Charles's post hasn't (yet) appeared on USENET. Perhaps the gateway is > broken, or very, very slow? https://groups.google.com/forum/#!original/comp.protocols.time.ntp/QP7TR3Kc1aM/Ar19zqDf09MJ -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] which servers should be peers?
On 2013-09-18, Charles Elliott wrote: > IMHO, you don't want 15 servers; you want 9. You could start out with 15 > and ntpd will mark the ones it finds lacking with a #. After a few days > you could then whittle the list down to 9 based on the ones most > frequently marked with a #. I am fairly sure ntpd only uses 9 servers > in its final filtering and smoothing algorithms. Why not let ntpd pick the survivors rather than attempting to manually cherry pick? > I would and do use stratum 2 servers. At least in the U.S., the > stratum 1 servers are so heavily overloaded that at the end of the > day you will have more accurate time with stratum 2. The OP is deploying their own stratum 1 and stratum 2 time servers. > This is highly controversial, and many on this list will say its > abusive, but I use the iburst keyword 'iburst' is _not_ considered abusive because it only multiplies the initial poll when a time server becomes reachable. 'burst' _is_ considered abusive because it multiplies (i.e. causes a burst at) each poll. > and minpoll 4 (16 secs) maxpoll 5 (32 secs). -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] GPS/PPS and "enable calibrate"
On 2013-09-07, Charles Elliott wrote: > Unruh wrote: > >> Why? Why not just do it the average offset? > > Many inexpensive GPS devices exhibit a saw tooth pattern of their > offsets relative to a known good time source, where the period is > less than constant, and the amplitude often is plus or minus 60 ms > relative to 0 offset. According to Dave Hart, this saw tooth pattern > is inherent in the GPS device itself (the time between fix and time > output "wanders") and not caused by NTPD processing. There is a nice overview of GPS available at http://web.njit.edu/~rlopes/6.2.0%20-%20GPS-overview.pdf The discussion of GPS receivers begins on slide #23. GPS uses the concept of time of arrival (TOA) of signals to determine user position (slide #42). Signal travel time measurement is discussed in slides #44 and #45. Clock synchronization is discussed in slides #44 through #50. The receiver's quartz clock is continually reset to be in sync with the satellites' atomic clocks. There is a discussion of how the USNO monitors the timing of the GPS satellites at http://tycho.usno.navy.mil/gpstt.html > Regardless of its cause, until one understands this saw tooth pattern > it appears like no time2 adjustment works for any length of time, > hence the attempt to sneak up on it. I'm not sure where you're going with this attempt to calculate the perfect time2 value. -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] NTPD silently not tracking
On 2013-09-01, Rob wrote: > Maarten Wiltink wrote: > >> "unruh" wrote: >> >>> On 2013-08-31, BlackLists wrote: >>> >>>> perhaps it has already been fixed in a more recent version. [snip] >>> Sorry, but I have always found this to be a complete copout. [snip] >> As a developer (not NTP) myself, I don't react well to people >> complaining about bugs I've already solved, just not in the version >> they have. [snip] > Like "unruh", I hate developers and companies with this attitude. > When there is no reason to believe that a particular problem is solved > in a later release, it is just annoying when the suggestion from > support departments is to first install the latest version and see > if that fixes it. It is just a way to wave off the initial complaint > and to keep others busy. Not at all. The NTP Project, in conjunction with the NTP Public Services Project, supports (i.e. provides bug fixes for) the current NTP Reference Implementation Stable (i.e. production) and Development release series. Limited free support for EOLed versions of NTP may be available through the comp.protocols.time.ntp Usenet news-group and gatewayed questions@lists.ntp.org mailing list (operated by The NTP Public Services Project), the #ntp IRC channel at freenode, the Community Supported NTP Documentation at http://support.ntp.org, and other venues. Support contracts for EOLed versions of the NTP Reference Implementation (from www.ntp.org) are available from The Network Time Foundation (http://www.networktimefoundation.org/). Unfortunately the NTP Reference Implementation release numbering scheme violates the principle of least surprise and obscures the true magnitude of the differences between releases. Here's an example: The final release in the "old-stable" series was NTP-4.2.4p8 and the current release in the stable series is NTP-4.2.6p5. Most people will compare the release as v4.2.4p8 vs v4.2.6p5; looks like only a small change in the inremental release version along with a couple of patches. Doesn't look like much, does it? However the real comparision should be v2.4.8 vs v2.6.5. The difference between release versions looks much greater in this case. Plus there was a series of 250 development releases (v2.5.*) between v2.4 and v2.6; a review of the ChangeLogs will reveal the magnitude of the changes between versions. > What is even worse: when people report an issue and it goes on a bug > registration system (e.g. bugzilla), and after some time has elapsed a > person marks all open bugs with remarks like "we have not heard about > you for a while, please install latest version maybe it was fixed". > As if that many bugs are fixed by accident. Sometimes it even happens > with feature requests. ntpd bugs submitted to the NTP BTS are never closed due to inactivity. Try this query and you'll see open bugs dating back to 2003: http://bugs.ntp.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&columnlist=bug_severity%2Cpriority%2Cbug_status%2Cresolution%2Cshort_desc%2Copendate%2Cchangeddate&field0-0-0=version&product=ntp&query_format=advanced&type0-0-0=lessthan&value0-0-0=4.2.6&order=bug_id&query_based_on=Stale%20NTP%20Bugs > Also remember that it is not always straightforward to upgrade > a program. People often install ntpd as part of an OS (Linux) > distribution, and it is integrated into the system by their > distributor. The NTP Reference Implementation is free software. The copyright holder (The University of Delaware) makes no representations about the suitability this software for any purpose. It is provided "as is" without express or implied warranty. Please visit http://www.ntp.org/copyright for the complete copyright notice and license statement. Each OS vendor / distributor / aggregator is responsible for supporting code which they have customized or which has been EOLed by the uptream author / vendor. Support contracts for EOLed versions of the NTP Reference Implementation (from www.ntp.org) are available from The Network Time Foundation (http://www.networktimefoundation.org/). > Getting a newer version compiled from scratch and replacing the > integrated version can be a major and risky operation, especially for > someone not proficient in such tasks. We live in an age where information is ubibiquitous. A motivated person should have no difficulty locating documentation describing the process of compiling software as "raw" source code or through their Operating System software/package management infrastructure. Further, there all manner of free support venues where one may obtain assistance with this task. -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] NTPD silently not tracking
On 2013-08-30, Magnus Danielson wrote: > On 08/30/2013 04:17 AM, > BlackLists wrote: > >> Have you tried a newer version of NTP ? >> <http://www.ntp.org/downloads.html> [snip] > No, I listed the affected version as packaged by Debian. We have an autobuilder which packages the current ntp-dev snapshot: http://packages.ntp.org/debian/ -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] PPS versus serial offset
On 2013-08-28, detha wrote: > Done the 'let it run for 24 hours, take average offset between PPS and > serial reading, and use that as time1 for the gpsd line in ntp.conf.' Where did you find that bad advice? A timing GPS provides two pieces of information: 1. The PPS signal which marks the seconds 2. NMEA sentences which label the seconds The PPS signal is emitted at the beginning of each second and is non-preemptable. The NMEA sentences are emitted when the GPS receiver is not busy with other tasks and can occur at any time during the relevant second. -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] PPS versus serial offset
On 2013-08-28, David Taylor wrote: > detha wrote: > >> http://detha.co.za/ntp/ntpmon.20130828.jpg > > I would be more worried about the 11 ms step in the PPS at about -155 > hours... The PPS signal is plotted in green and does not diverge visibly from 0. The blue line, which displays the 11ms jump, is labled "stratum 1". It is very likely the system offset. -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] refid question
On 2013-08-23, Michael Dolan wrote: > I've exhausted my search for refid .FLY. and its meaning. > > Our stratum 2 client reported Stratum 1 172.17.172.74 appliance > (Symmetricon S200) initialized with .GPS. but after ~ 24 hours the > refid switched to .FLY. and the offset has been steadily increasing. > > Any guidance to what this means appreciated. It may be worth contracting the appliance manufacturer. -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] selection between ntp server and reference clock
On 2013-08-19, Nikolai Orekhov wrote: > So, reference clock could have any dispersion less then 16000 to be > selected. For example, imagine that GPS receiver just appeared from > nowhere, has only one element in filter and dispersion of about 7900. Time sources are not considered until 4 data samples are collected. -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Order of servers in ntp.conf
On 2013-08-15, unruh wrote:
> On 2013-08-15, Steve Kostecke wrote:
> [---=| Quote block shrinked by t-prot: 42 lines snipped |=---]
>
>> The mitigation algorithm proceeds in three steps in turn.
>>
>> 1. If there are no survivors, the modem driver becomes the only
>> survivor if there is one. If not, the local driver becomes the only
>> survivor if there is one. If not, the orphan parent becomes the only
>> survivor if there is one. If the number of survivors at this point
>> is less than the minsane option of the tos command, the algorithm
>> is terminated and the system variables remain unchanged. Note that
>> minsane is by default 1, but can be set at any value including 0.
>
> ] This is ambiguous.
Seems pretty straightforward to me ...
if (survivors == NULL) {
if exists(modem) {
survivors = "modem"
} elseif exists(undisciplined_local_clock) {
survivors = "undisciplined_local_clock"
} elseif exists(orphan_parent) {
survivors = "orphan_parent"
}
}
abort if (count(survivors) < minsane)
> If no survivors-> local/orphan. If suvivors (which is almost always true if no survivors)-> unchanged.
> If I set minsane to 100 and have only 5 peers, what happens? Is
> local/orphan used or is nothing changed.
You can break almost anything if you grossly misconfigure it.
--
Steve Kostecke
NTP Public Services Project - http://support.ntp.org/
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Order of servers in ntp.conf
On 2013-08-15, unruh wrote: > On 2013-08-14, Steve Kostecke wrote: > >> The time server specified in each of those lines is the one which is >> currently selected as the "sys_peer". > > But as I understand it, it is simply one of the systems which is > not a false ticker, and has not real significance other than that. > Ie, its time is not treated any differently than any of the other > systems regarded as true chimers by the selection algorithm. Or do I > misunderstand something? The sys_peer is chosen after the select[ion] alrorithm scans the associations for selectable candiates _and_ after the cluster (combine?) algorithm casts out the outliers. In the last paragraph at http://www.eecis.udel.edu/~mills/ntp/html/warp.html we see: "The algorithms described on the Mitigation Rules and the prefer Keyword page combine the survivor offsets, designate one of them as the system peer and produces the final offset used by the algorithm described on the Clock Discipline Algorithm page to adjust the system clock time and frequency." Section 6 of the Mitigation Rules page (http://www.eecis.udel.edu/~mills/ntp/html/prefer.html) clarifies how the process works: "As previously noted, the cluster algorithm casts out outliers, leaving the survivor list for later processing. The survivor list is then sorted by increasing root distance and the first entry temporarily designated the system peer. At this point the following contributors to the system clock discipline may be available: * (potential) system peer, if there are survivors; * orphan parent, if present; * local driver, if present; * modem driver, if present; * prefer peer, if present; * PPS driver, if present. The mitigation algorithm proceeds in three steps in turn. 1. If there are no survivors, the modem driver becomes the only survivor if there is one. If not, the local driver becomes the only survivor if there is one. If not, the orphan parent becomes the only survivor if there is one. If the number of survivors at this point is less than the minsane option of the tos command, the algorithm is terminated and the system variables remain unchanged. Note that minsane is by default 1, but can be set at any value including 0. 2. If the prefer peer is among the survivors, it becomes the system peer and its offset and jitter are inherited by the corresponding system variables. Otherwise, the combine algorithm computes these variables from the survivor population. 3. If there is a PPS driver and the system clock offset at this point is less than 0.4 s, and if there is a prefer peer among the survivors or if the PPS peer is designated as a prefer peer, the PPS driver becomes the system peer and its offset and jitter are inherited by the system variables, thus overriding any variables already computed. Note that a PPS driver is present only if PPS signals are actually being received and enabled by the associated driver. If none of the above is the case, the data are disregarded and the system variables remain as they are." -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Order of servers in ntp.conf
On 2013-08-14, unruh wrote: > On 2013-08-14, Nils Brubaker wrote: > >> Aug 8 15:01:00 yellowstone ntpd[3254]: synchronized to 50.116.55.161, >> stratum 2 >> Aug 8 16:09:20 yellowstone ntpd[3254]: synchronized to 38.101.77.21, >> stratum 2 >> >> These log messages suggest that ntpd is synchronizing with one and only >> one NTP server. Is that the correct interpretation? Is this single >> server selected for synchronization only after performing all the >> calculations described below? > > As I understand it, once it has done all of the calculations, it picks > one of the servers in the accepted bunch of servers and uses it as a > proxy for all of them. Ie, the above is shorthand for > synchronized to a pool of servers which includes 38.101.77.21 The time server specified in each of those lines is the one which is currently selected as the "sys_peer". -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] DNS resolution on ntpd
On 2013-08-05, Marco Marongiu wrote: > Assuming I remember well, in which version was this change introduced? The ChangeLog for production releases may be viewed on-line at http://archive.ntp.org/ntp4/ChangeLog-stable The documentation for production releases is archived at http://doc.ntp.org HTH, -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Clock selection in Orphan Mode
On 2013-07-26, unruh wrote: > On 2013-07-26, wrote: > >> Mathieu Deltorre wrote: >> >>> All is fine: When started ntp daemon on each PCs, after a while, PC2 >>> and PC3 are synchronized to PC1 (LOOP refid). I've seen in html NTP >>> documentation and in NTP code, that clock selection is based on the >>> lowest adress IP (adress IP of PC1 in my case). >>> >>> First question : Is my undestanding is correct ? >> >> Really, references? I doubt it, ... >> breaker, everything else being equal (which is fairly unlikely). > > No, I beleive ... Reading the documentation might help: http://doc.ntp.org/4.2.6p5/assoc.html#orphan (6th paragraph) While ordinary NTP clients use a selection metric based on delay and dispersion, orphan children use a metric computed from the IP address of each core server. Each orphan child chooses the orphan parent as the root server with the smallest metric. -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] how to use restrict to refuse the clients which have no shared-keys
On 2013-07-25, Jun Hu wrote: > after each host run ntpd , I found the client B still can normally > sync time with ntp server ,same with client A. why ? > > my ntp version is 4.2.4 , how to use restrict to refuse the clients > which have no shared-keys ? what I will do ? Take another look at http://doc.ntp.org/4.2.4/accopt.html and look for a restrict flag which applies to authenticated packets. -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] What should the poll be for the shared memory driver (type 28)?
On 2013-06-17, David Taylor wrote: > On 17/06/2013 17:36, Steve Kostecke wrote: [] > >> grepping the source tree is very informative... [snip: relevant quotes from the NTP Reference Implementation source] > Thanks, Steve. My knowledge of the source tree is even more limited > than my knowledge of "C"! I have no intimate familiarity with the source tree and had to search for the items I quoted. > In refclock_shm.c, it does say that the > "peek" routine is called every second, so if the type 28 driver has an > internal poll of one second, does it matter what min/max poll is set > in the ntp.conf file? Does it even need to be set at all? > Sorry if I'm asking very basic questions, but if I'm going to write a > small Web page about this I would rather the contents be accurate and, > if possible, best practice. Contributing (i.e. embedding and not merely linking) this article/topic/page to the Community Supported Documentation at http://support.ntp.org/support is the best way to make this information useful to the NTP Community. -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] What should the poll be for the shared memory driver (type 28)?
On 2013-06-17, David Taylor wrote: > another document I've seen suggests setting: > >server 127.127.28.1 minpoll 1 prefer > > and yet in the ntpq -p billboard the poll is shown as 8 seconds. > Loopstats are reported at 8 second intervals, and the poll interval is > shown as 3 (i.e. 8 seconds). grepping the source tree is very informative... According to ./ntpd/ntp_peer.c: /* * It is an error to set minpoll less than NTP_MINPOLL or to * set maxpoll greater than NTP_MAXPOLL. However, minpoll is * clamped not greater than NTP_MAXPOLL and maxpoll is clamped * not less than NTP_MINPOLL without complaint. Finally, * minpoll is clamped not greater than maxpoll. */ And in ./include/ntp.h we find: :#define NTP_MINPOLL 3 /* log2 min poll interval (8 s) */ -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] two machines syncing to the same master - hardware issues?
On 2013-05-31, matthew.gar...@gmail.com wrote: > On Thursday, May 30, 2013 5:41:46 PM UTC-5, unruh wrote: > >> You can expect offsets of the order of 10-20microseconds IF the ntp >> servers get their time from gps. If not, the servers themselves can >> be woggling all over the place. That's misleading. > Is there any way to determine if the ntp servers are using GPS or not? Query them with ntpq. http://doc.ntp.org/4.2.4/ntpq.html But keep in mind that there other factors besides the time source at play here. -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] two machines syncing to the same master - hardware issues?
On 2013-05-31, David Lord wrote: > matthew.gar...@gmail.com wrote: > >> On Thursday, May 30, 2013 5:41:46 PM UTC-5, unruh wrote: >> >>> ATTRIBUTION MISSING wrote: >>> >>>> My two machines are somewhat different: "oldbox" is running NTP >>>> 4.2.2 as ships with RedHat 5.7; "newbox" is running NTP 4.2.4 as >>>> ships with RedHat 6.3. [snip] >> Where can I access this information? I assume from the peerstats >> file? Or is there another mechanism for querying this pre-existing >> data? > > There is a mass of documentation with most of ntpd releases. Try > The HTML documentation for NTP-4.2.4 is archived at http://doc.ntp.org/4.2.4 Your OS should provide the official NTP HTML documenation (either as a part of their NTP package or as a seperate NTP docs package). -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Offset is always increasing
On 2013-05-22, Riccardo Castellani wrote: >> ATTRIBUTION MISSING said: >> >>> Do this. Disable NTP on FORCLIENTS, then run ntpdate every minute >>> (cron would be good here) with "-q" and "-s". You will probably see >>> an increasing offset. > > With this command, I will save 'offset' value but without adjusting > the local clock, it's right ? In cases where your clock is drifting faster than NTP can correct it you may need to "adjust your tick". This procedure has been documented in our Wiki since 2005: https://support.ntp.org/bin/view/Support/KnownHardwareIssues#Section_9.1.6. -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Tighter regulation?
On 2013-05-21, Mischanko, Edward T wrote: > My concern is that too much data is being thrown away when polling > above 256 seconds and that allows excessive wandering of my clock. The clock filter algorithm processes the offset and delay samples produced by the on-wire protocol for each peer process separately. It uses a sliding window of eight samples and picks out the sample with the least expected error. http://www.eecis.udel.edu/~mills/ntp/html/filter.html describes the algorithm design principles along with an example of typical performance. > Yes, I can cap the interval to 256, but is that the only answer? > I would rather increase the interval of adjustments not the polling > interval. A general overview of the clock discpline algorithm; along with discussions of phase-lock loop operations, loop dynamics, and clock initialization and management; are presented at http://www.eecis.udel.edu/~mills/ntp/html/discipline.html -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Meinberg NTP client continuously resync to server
On 2013-05-18, David Woolley wrote: > These options are set using the tinker command, which is in the HTML > documentation that I hope that Meinberg included in their install package. The HTML documentation for the OP's version of NTP is also available on-line at http://doc.ntp.org/4.2.4/ -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] ntp & system without a rtc
On 2013-05-10, folkert wrote: > Hi, > > I have a raspberry pi system. This is a computer without a real time > clock. So everytime I power it on, it uses starts where it left off > which might be days earlier. It is connected only very occasionally to > the internet so syncing to that won't work. It does have, however, a gps > connected. But as it is switched mostly for less than an hour, ntpd > won't have the time to adjust the time to what the gps returns to it. Why not use somthing like this: http://www.adafruit.com/products/255 ChronoDot - Ultra-precise Real Time Clock - v2.1 The ChronoDot RTC is an extremely accurate real time clock module, based on the DS3231 temperature compensated RTC (TCXO). It includes a CR2016 battery (not shown, but included in the product) which should last at least 8 years if the I2C interface is only used while the device has 5V power available. No external crystal or tuning capacitors are required. -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] NTP with GPS and RTC
On 2013-04-26, Biebaut Sven wrote: >ATTRIBUTION MISSING said: > >>Biebaut Sven wrote: > >>> If I drop the idea of the RTC as a reference clock, am I correct in >>+ stating that, when there is no external synchronisation: >>> - my local clock and my RTC will drift away from each other, but at >>+ least my RTC will be closer to the mark (the DS3231 is chosen for its >>+ precision) > >>Probably not. ntpd will continue to apply first order frequency >>correction to the local clock. > > Ah, I did not realise that. So a system with ntpd but without an external > reference clock would still be more accurate than a system without ntpd > at all ? Only if ntpd has had access to a real local reference clock, or to remote time servers, for a long enough period of time to calculate the frequency correction. And the ambient conditions and system load match that which existed when the correction was determined. -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] help
On 2013-03-04, 1900116857 <1900116...@qq.com> wrote: > My OS is Ubuntu12.04amd64 NTP 4.2.6p3 is packaged for Ubuntu "precise": http://packages.ubuntu.com/precise/ntp It is available for installation from the Ubuntu package repositories. You should be able to see the whether or not the ntp package is installed using the following command: $ dpkg -l ntp You may want to check and see if your system already has the ntp package provided by your OS installed. > I dowloaded the NTP4.2.6p5 package and installed it with following commands: > "configure > make > make install" > Installation seems successful. No error is reported. But there still > some other question. > > First : > when I typed in "services ntpd start",OS shows "unrecognized service" The NTP Reference Implementation source code releases, which are linked from www.ntp.org/downloads.html and support.ntp.org/download, do not install any initialization scripts as these are OS specific. In general you are better off installing, and using, ntp from your OS package management system. >,but udp port 123 is active.Before this,I tried to run"sudo ntpd",and >succeeded. 'sudo ntpd' starts the NTP daemon (assuming that it in your search path). The netstat output you included in your original article shows that ntpd was running. -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] PPS only configuration
On 2013-01-19, unruh wrote: > Mischanko posts a long post with a single line, saying he wants help > in finding a news poster which will break lines for him. He has one. > Himself. It is entirely possible to put in line breaks manually, which > I, sarcastically I admit, pointed out to him. Not putting in line > breaks is NOT primarily a news posting problem. It is a user problem. According to the headers in your article(s) you are using the slrn newsreader. So all you have to do to make long lines of text readable is touch the 'w' key while you're reading the offending article. -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Does this look sane, is PPS working?
On 2013-02-12, james machado wrote: > On Tue, Feb 12, 2013 at 6:04 AM, Ralph Aichinger > wrote: > >> Does this look sane to you for a Raspberry Pi with a Sure Electronics >> board and PPS enabled? It looks fine to me, I just want to confirm >> that people more experienced than me see it the same way. >> >> remote refid st t when poll reach delay offset jitter >> = [snip] >> oGPS_NMEA(0) .GPS. 0 l3 16 3770.000 -0.005 0.001 > > I would expect to see a PPS line if you have PPS up and working > correctly, The 'o' tally code at the beginning of the GPS_NMEA line is telling you that your GPS is the PPS peer. Plus the offset and jitter are appropriate for a PPS ref-clock. The tally codes are listed at http://doc.ntp.org/4.2.6p5/decode.html#peer -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Updating the leapseconds file -- how to signal ntpd
On 2013-01-27, Garrett Wollman wrote: > And when it ceases to be "in development" and the FreeBSD net/ntp port > becomes 4.2.7 instead of 4.2.6, then I will run it. The next FreeBSD net/ntp "port" will be 4.2.8 http://support.ntp.org/Main/ReleaseNumberingScheme explains why. Stable releases have an even Minor Release number Development releases have an odd Minor Release number The curent release numbering scheme syntax is Protocol_Version.Major_Version.Minor_Version[Release_Tags] -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] p351 fails to build on MSVC++2008EE
On 2013-01-25, Mischanko, Edward T wrote: > Who updates autogen and when is it expected? The AutoGen "home-page" is: http://www.gnu.org/software/autogen/ -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Loopstats jitter field mostly zero?
On 2013-01-11, james machado wrote: >> http://www.jhauser.us/arithmetic/TestFloat.html >> http://www.netlib.org/fp/ (see UCBTEST) > > i've spent the last two days trying to get the UCBTEST to compile on > the RPi with no luck. there are some defines the ieee.c file wants > that I just don't grok. As far as TestFloat it requires SoftFloat > which has fallen off the interwebs. If you have another test you > would like me to try let me know. Did you try http://www.jhauser.us/arithmetic/SoftFloat.html ? -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Loopstats jitter field mostly zero?
On 2013-01-11, james machado wrote: > i've spent the last two days trying to get the UCBTEST to compile on > the RPi with no luck. there are some defines the ieee.c file wants > that I just don't grok. As far as TestFloat it requires SoftFloat > which has fallen off the interwebs. If you have another test you > would like me to try let me know. Also you might want to take a look at https://github.com/mczerski/orpsoc-de0_nano/tree/master/sw/apps/testfloat According to that README "the software included here also includes the SoftFloat library, which is is required to test the hardware FPU." -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
